diff options
258 files changed, 23224 insertions, 3731 deletions
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 000000000..627fa13eb --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,21 @@ +[provide a description of the issue] + +##### Version +[if you're operating from a git clone provide the output of `git describe`] +[if you're running from playbooks installed via RPM or atomic-openshift-utils `rpm -q atomic-openshift-utils openshift-ansible`] +[Your version of ansible, `ansible --version`] + + +##### Steps To Reproduce +1. [step 1] +2. [step 2] + +##### Current Result + +##### Expected Result + +##### Additional Information +[The exact command you ran] +[Your operating system and version, ie: RHEL 7.2, Fedora 23] +[Your inventory file] +[visit https://docs.openshift.org/latest/welcome/index.html] diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index eb0dfc1cd..eb4b07935 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.3.7-1 ./ +3.4.2-1 ./ @@ -5,9 +5,9 @@ For more information on tito, please see the [Tito home page](https://github.com ## Build openshift-ansible-bin -- Change into openshift-ansible/bin +- Change into openshift-ansible ``` -cd openshift-ansible/bin +cd openshift-ansible ``` - Build a test package (no tagging needed) ``` @@ -1,4 +1,5 @@ -Apache License + + Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ @@ -175,17 +176,6 @@ Apache License END OF TERMS AND CONDITIONS - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - Copyright 2014 Red Hat, Inc. Licensed under the Apache License, Version 2.0 (the "License"); @@ -7,6 +7,19 @@ that it installs currently require a package that provides `docker`. Currently the RPMs provided from dockerproject.org do not provide this requirement, though they may in the future. +##Branches and tags + +The master branch tracks our current work and should be compatible with both +Origin master branch and the most recent Origin stable release. Currently that's +v1.4 and v1.3.x. In addition to the master branch we maintain stable branches +corresponding to upstream Origin releases, ie: release-1.2. The most recent of +branch will often receive minor feature backports and fixes. Older branches will +receive only critical fixes. + +Releases are tagged periodically from active branches and are versioned 3.x +corresponding to Origin releases 1.x. We unfortunately started with 3.0 and it's +not practical to start over at 1.0. + ##Setup - Install base dependencies: - Fedora: @@ -19,27 +32,27 @@ they may in the future. brew install ansible python ``` - Setup for a specific cloud: - - [AWS](README_AWS.md) - - [GCE](README_GCE.md) - - [local VMs](README_libvirt.md) + - [AWS](http://github.com/openshift/openshift-ansible/blob/master/README_AWS.md) + - [GCE](http://github.com/openshift/openshift-ansible/blob/master/README_GCE.md) + - [local VMs](http://github.com/openshift/openshift-ansible/blob/master/README_libvirt.md) - Bring your own host deployments: - [OpenShift Enterprise](https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html) - [OpenShift Origin](https://docs.openshift.org/latest/install_config/install/advanced_install.html) - - [Atomic Enterprise](README_AEP.md) + - [Atomic Enterprise](http://github.com/openshift/openshift-ansible/blob/master/README_AEP.md) - Build - [How to build the openshift-ansible rpms](BUILD.md) - Directory Structure: - - [bin/cluster](bin/cluster) - python script to easily create clusters - - [docs](docs) - Documentation for the project - - [filter_plugins/](filter_plugins) - custom filters used to manipulate data in Ansible - - [inventory/](inventory) - houses Ansible dynamic inventory scripts - - [playbooks/](playbooks) - houses host-type Ansible playbooks (launch, config, destroy, vars) - - [roles/](roles) - shareable Ansible tasks + - [bin/cluster](https://github.com/openshift/openshift-ansible/tree/master/bin/cluster) - python script to easily create clusters + - [docs](https://github.com/openshift/openshift-ansible/tree/master/docs) - Documentation for the project + - [filter_plugins/](https://github.com/openshift/openshift-ansible/tree/master/filter_plugins) - custom filters used to manipulate data in Ansible + - [inventory/](https://github.com/openshift/openshift-ansible/tree/master/inventory) - houses Ansible dynamic inventory scripts + - [playbooks/](https://github.com/openshift/openshift-ansible/tree/master/playbooks) - houses host-type Ansible playbooks (launch, config, destroy, vars) + - [roles/](https://github.com/openshift/openshift-ansible/tree/master/roles) - shareable Ansible tasks ##Contributing -- [Best Practices Guide](docs/best_practices_guide.adoc) -- [Core Concepts](docs/core_concepts_guide.adoc) -- [Style Guide](docs/style_guide.adoc) +- [Best Practices Guide](https://github.com/openshift/openshift-ansible/blob/master/docs/best_practices_guide.adoc) +- [Core Concepts](https://github.com/openshift/openshift-ansible/blob/master/docs/core_concepts_guide.adoc) +- [Style Guide](https://github.com/openshift/openshift-ansible/blob/master/docs/style_guide.adoc) diff --git a/README_AWS.md b/README_AWS.md index f3f98fed5..cccb122f6 100644 --- a/README_AWS.md +++ b/README_AWS.md @@ -135,7 +135,12 @@ Install Dependencies -------------------- 1. Ansible requires python-boto for aws operations: -RHEL/CentOS/Fedora +Fedora +``` + dnf install -y ansible python-boto pyOpenSSL +``` + +RHEL/CentOS ``` yum install -y ansible python-boto pyOpenSSL ``` diff --git a/README_openstack.md b/README_openstack.md index e3cc7cc93..1998a5878 100644 --- a/README_openstack.md +++ b/README_openstack.md @@ -17,7 +17,12 @@ Install Dependencies * `python-neutronclient` * `python-heatclient` -On RHEL / CentOS / Fedora: +On Fedora: +``` + dnf install -y ansible python-novaclient python-neutronclient python-heatclient +``` + +On RHEL / CentOS: ``` yum install -y ansible python-novaclient python-neutronclient python-heatclient ``` @@ -43,6 +48,7 @@ The following options are used only by `heat_stack.yaml`. They are so used only * `external_net` (default to `external`): Name of the external network to connect to * `floating_ip_pool` (default to `external`): comma separated list of floating IP pools * `ssh_from` (default to `0.0.0.0/0`): IPs authorized to connect to the VMs via ssh +* `node_port_from` (default to `0.0.0.0/0`): IPs authorized to connect to the services exposed via nodePort Creating a cluster diff --git a/callback_plugins/default.py b/callback_plugins/default.py index 31e3d7d4c..bc0b207bb 100644 --- a/callback_plugins/default.py +++ b/callback_plugins/default.py @@ -27,6 +27,12 @@ DEFAULT_MODULE = imp.load_source( DEFAULT_PATH ) +try: + from ansible.plugins.callback import CallbackBase + BASECLASS = CallbackBase +except ImportError: # < ansible 2.1 + BASECLASS = DEFAULT_MODULE.CallbackModule + class CallbackModule(DEFAULT_MODULE.CallbackModule): # pylint: disable=too-few-public-methods,no-init ''' @@ -48,7 +54,7 @@ class CallbackModule(DEFAULT_MODULE.CallbackModule): # pylint: disable=too-few- if key in result: save[key] = result.pop(key) - output = DEFAULT_MODULE.CallbackModule._dump_results(self, result) + output = BASECLASS._dump_results(self, result) # pylint: disable=protected-access for key in ['stdout', 'stderr', 'msg']: if key in save and save[key]: diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 557a684dc..1c12f2e07 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -16,7 +16,9 @@ import pkg_resources import re import json import yaml +from ansible.parsing.yaml.dumper import AnsibleDumper from ansible.utils.unicode import to_unicode +from urlparse import urlparse # Disabling too-many-public-methods, since filter methods are necessarily # public @@ -39,7 +41,6 @@ class FilterModule(object): the value. If the key isn't present, None is returned. - Ex: data = {'a': {'b': {'c': 5}}} attribute = "a.b.c" returns 5 @@ -57,6 +58,7 @@ class FilterModule(object): return ptr + @staticmethod def oo_flatten(data): """ This filter plugin will flatten a list of lists @@ -146,6 +148,7 @@ class FilterModule(object): retval = [FilterModule.get_attr(d, attribute) for d in data] retval = [val for val in retval if val != None] + return retval @staticmethod @@ -526,9 +529,9 @@ class FilterModule(object): raise errors.AnsibleFilterError(("|failed to parse certificate '%s', " % certificate['certfile'] + "please specify certificate names in host inventory")) + certificate['names'] = list(set(certificate['names'])) if 'cafile' not in certificate: certificate['names'] = [name for name in certificate['names'] if name not in internal_hostnames] - certificate['names'] = list(set(certificate['names'])) if not certificate['names']: raise errors.AnsibleFilterError(("|failed to parse certificate '%s' or " % certificate['certfile'] + "detected a collision with internal hostname, please specify " + @@ -543,7 +546,7 @@ class FilterModule(object): return certificates @staticmethod - def oo_pretty_print_cluster(data): + def oo_pretty_print_cluster(data, prefix='tag_'): """ Read a subset of hostvars and build a summary of the cluster in the following layout: @@ -570,8 +573,8 @@ class FilterModule(object): returns 'value2' """ for tag in tags: - if tag[:len(key)+4] == 'tag_' + key: - return tag[len(key)+5:] + if tag[:len(prefix)+len(key)] == prefix + key: + return tag[len(prefix)+len(key)+1:] raise KeyError(key) def _add_host(clusters, @@ -619,11 +622,13 @@ class FilterModule(object): return "" try: - transformed = yaml.safe_dump(data, indent=indent, allow_unicode=True, default_flow_style=False, **kw) + transformed = yaml.dump(data, indent=indent, allow_unicode=True, + default_flow_style=False, + Dumper=AnsibleDumper, **kw) padded = "\n".join([" " * level * indent + line for line in transformed.splitlines()]) return to_unicode("\n{0}".format(padded)) except Exception as my_e: - raise errors.AnsibleFilterError('Failed to convert: %s', my_e) + raise errors.AnsibleFilterError('Failed to convert: %s' % my_e) @staticmethod def oo_openshift_env(hostvars): @@ -708,7 +713,7 @@ class FilterModule(object): fsType=filesystem, volumeID=volume_id))) persistent_volumes.append(persistent_volume) - elif kind != 'object': + elif not (kind == 'object' or kind == 'dynamic'): msg = "|failed invalid storage kind '{0}' for component '{1}'".format( kind, component) @@ -730,12 +735,14 @@ class FilterModule(object): if 'hosted' in hostvars['openshift']: for component in hostvars['openshift']['hosted']: if 'storage' in hostvars['openshift']['hosted'][component]: - kind = hostvars['openshift']['hosted'][component]['storage']['kind'] - create_pv = hostvars['openshift']['hosted'][component]['storage']['create_pv'] - if kind != None and create_pv: - volume = hostvars['openshift']['hosted'][component]['storage']['volume']['name'] - size = hostvars['openshift']['hosted'][component]['storage']['volume']['size'] - access_modes = hostvars['openshift']['hosted'][component]['storage']['access_modes'] + params = hostvars['openshift']['hosted'][component]['storage'] + kind = params['kind'] + create_pv = params['create_pv'] + create_pvc = params['create_pvc'] + if kind not in [None, 'object'] and create_pv and create_pvc: + volume = params['volume']['name'] + size = params['volume']['size'] + access_modes = params['access_modes'] persistent_volume_claim = dict( name="{0}-claim".format(volume), capacity=size, @@ -828,6 +835,22 @@ class FilterModule(object): return version + @staticmethod + def oo_hostname_from_url(url): + """ Returns the hostname contained in a URL + + Ex: https://ose3-master.example.com/v1/api -> ose3-master.example.com + """ + if not isinstance(url, basestring): + raise errors.AnsibleFilterError("|failed expects a string or unicode") + parse_result = urlparse(url) + if parse_result.netloc != '': + return parse_result.netloc + else: + # netloc wasn't parsed, assume url was missing scheme and path + return parse_result.path + + def filters(self): """ returns a mapping of filters to methods """ return { @@ -858,5 +881,6 @@ class FilterModule(object): "oo_get_hosts_from_hostvars": self.oo_get_hosts_from_hostvars, "oo_image_tag_to_rpm_version": self.oo_image_tag_to_rpm_version, "oo_merge_dicts": self.oo_merge_dicts, + "oo_hostname_from_url": self.oo_hostname_from_url, "oo_merge_hostvars": self.oo_merge_hostvars, } diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index b3f284a8e..ee6a62ba5 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -237,7 +237,11 @@ class RequestHeaderIdentityProvider(IdentityProviderBase): self._required += [['headers']] self._optional += [['challengeURL', 'challenge_url'], ['loginURL', 'login_url'], - ['clientCA', 'client_ca']] + ['clientCA', 'client_ca'], + ['clientCommonNames', 'client_common_names'], + ['emailHeaders', 'email_headers'], + ['nameHeaders', 'name_headers'], + ['preferredUsernameHeaders', 'preferred_username_headers']] def validate(self): ''' validate this idp instance ''' @@ -521,7 +525,7 @@ class FilterModule(object): return valid @staticmethod - def certificates_to_synchronize(hostvars): + def certificates_to_synchronize(hostvars, include_keys=True): ''' Return certificates to synchronize based on facts. ''' if not issubclass(type(hostvars), dict): raise errors.AnsibleFilterError("|failed expects hostvars is a dict") @@ -535,9 +539,10 @@ class FilterModule(object): 'openshift-registry.kubeconfig', 'openshift-router.crt', 'openshift-router.key', - 'openshift-router.kubeconfig', - 'serviceaccounts.private.key', - 'serviceaccounts.public.key'] + 'openshift-router.kubeconfig'] + if bool(include_keys): + certs += ['serviceaccounts.private.key', + 'serviceaccounts.public.key'] if bool(hostvars['openshift']['common']['version_gte_3_1_or_1_1']): certs += ['master.proxy-client.crt', 'master.proxy-client.key'] @@ -545,6 +550,9 @@ class FilterModule(object): certs += ['openshift-master.crt', 'openshift-master.key', 'openshift-master.kubeconfig'] + if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']): + certs += ['service-signer.crt', + 'service-signer.key'] return certs @staticmethod diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example deleted file mode 100644 index 36e1e8825..000000000 --- a/inventory/byo/hosts.aep.example +++ /dev/null @@ -1,471 +0,0 @@ -# This is an example of a bring your own (byo) host inventory - -# Create an OSEv3 group that contains the masters and nodes groups -[OSEv3:children] -masters -nodes -etcd -lb - -# Set variables common for all OSEv3 hosts -[OSEv3:vars] -# SSH user, this user should allow ssh based auth without requiring a -# password. If using ssh key based auth, then the key should be managed by an -# ssh agent. -ansible_ssh_user=root - -# If ansible_ssh_user is not root, ansible_become must be set to true and the -# user must be configured for passwordless sudo -#ansible_become=yes - -# Debug level for all Atomic Enterprise components (Defaults to 2) -debug_level=2 - -# deployment type valid values are origin, online, atomic-enterprise, and openshift-enterprise -deployment_type=atomic-enterprise - -# Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we -# rely on the version running on the first master. Works best for containerized installs where we can usually -# use this to lookup the latest exact version of the container images, which is the tag actually used to configure -# the cluster. For RPM installations we just verify the version detected in your configured repos matches this -# release. -openshift_release=v3.2 - -# Specify an exact container image tag to install or configure. -# WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed. -# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_image_tag=v3.2.0.46 - -# Specify an exact rpm version to install or configure. -# WARNING: This value will be used for all hosts in RPM based environments, even those that have another version installed. -# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_pkg_version=-3.2.0.46 - -# Install the openshift examples -#openshift_install_examples=true - -# Configure logoutURL in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url -#openshift_master_logout_url=http://example.com - -# Configure extensionScripts in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets -#openshift_master_extension_scripts=['/path/to/script1.js','/path/to/script2.js'] - -# Configure extensionStylesheets in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets -#openshift_master_extension_stylesheets=['/path/to/stylesheet1.css','/path/to/stylesheet2.css'] - -# Configure extensions in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files -#openshift_master_extensions=[{'name': 'images', 'sourceDirectory': '/path/to/my_images'}] - -# Configure extensions in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files -#openshift_master_oauth_template=/path/to/login-template.html - -# Configure metricsPublicURL in the master config for cluster metrics -# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html -#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics - -# Configure loggingPublicURL in the master config for aggregate logging -# See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html -#openshift_master_logging_public_url=https://kibana.example.com - -# Configure imagePolicyConfig in the master config -# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig -#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} - -# Docker Configuration -# Add additional, insecure, and blocked registries to global docker configuration -# For enterprise deployment types we ensure that registry.access.redhat.com is -# included if you do not include it -#openshift_docker_additional_registries=registry.example.com -#openshift_docker_insecure_registries=registry.example.com -#openshift_docker_blocked_registries=registry.hacker.com -# Disable pushing to dockerhub -#openshift_docker_disable_push_dockerhub=True -# Items added, as is, to end of /etc/sysconfig/docker OPTIONS -# Default value: "--log-driver=json-file --log-opt max-size=50m" -#openshift_docker_options="-l warn --ipv6=false" - -# Specify exact version of Docker to configure or upgrade to. -# Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. -# docker_version="1.10.3" - -# Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone. -# docker_upgrade=False - -# Alternate image format string. If you're not modifying the format string and -# only need to inject your own registry you may want to consider -# openshift_docker_additional_registries instead -#oreg_url=example.com/aep3/aep-${component}:${version} -# If oreg_url points to a registry other than registry.access.redhat.com we can -# modify image streams to point at that registry by setting the following to true -#openshift_examples_modify_imagestreams=True - -# Additional yum repos to install -#openshift_additional_repos=[{'id': 'aep-devel', 'name': 'aep-devel', 'baseurl': 'http://example.com/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}] - -# htpasswd auth -openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] -# Defining htpasswd users -#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>' -# or -#openshift_master_htpasswd_file=<path to local pre-generated htpasswd file> - -# Allow all auth -#openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] - -# LDAP auth -#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': '', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] -# Configuring the ldap ca certificate -#openshift_master_ldap_ca=<ca text> -# or -#openshift_master_ldap_ca_file=<path to local ca file to use> - -# Available variables for configuring certificates for other identity providers: -#openshift_master_openid_ca -#openshift_master_openid_ca_file -#openshift_master_request_header_ca -#openshift_master_request_header_ca_file - -# Cloud Provider Configuration -# -# Note: You may make use of environment variables rather than store -# sensitive configuration within the ansible inventory. -# For example: -#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}" -#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}" -# -# AWS -#openshift_cloudprovider_kind=aws -# Note: IAM profiles may be used instead of storing API credentials on disk. -#openshift_cloudprovider_aws_access_key=aws_access_key_id -#openshift_cloudprovider_aws_secret_key=aws_secret_access_key -# -# Openstack -#openshift_cloudprovider_kind=openstack -#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/ -#openshift_cloudprovider_openstack_username=username -#openshift_cloudprovider_openstack_password=password -#openshift_cloudprovider_openstack_tenant_id=tenant_id -#openshift_cloudprovider_openstack_tenant_name=tenant_name -#openshift_cloudprovider_openstack_region=region -#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id - -# Project Configuration -#osm_project_request_message='' -#osm_project_request_template='' -#osm_mcs_allocator_range='s0:/2' -#osm_mcs_labels_per_project=5 -#osm_uid_allocator_range='1000000000-1999999999/10000' - -# Configure additional projects -#openshift_additional_projects={'my-project': {'default_node_selector': 'label=value'}} - -# Enable cockpit -#osm_use_cockpit=true -# -# Set cockpit plugins -#osm_cockpit_plugins=['cockpit-kubernetes'] - -# Native high availability cluster method with optional load balancer. -# If no lb group is defined, the installer assumes that a load balancer has -# been preconfigured. For installation the value of -# openshift_master_cluster_hostname must resolve to the load balancer -# or to one or all of the masters defined in the inventory if no load -# balancer is present. -#openshift_master_cluster_method=native -#openshift_master_cluster_hostname=openshift-ansible.test.example.com -#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com - -# Pacemaker high availability cluster method. -# Pacemaker HA environment must be able to self provision the -# configured VIP. For installation openshift_master_cluster_hostname -# must resolve to the configured VIP. -#openshift_master_cluster_method=pacemaker -#openshift_master_cluster_password=openshift_cluster -#openshift_master_cluster_vip=192.168.133.25 -#openshift_master_cluster_public_vip=192.168.133.25 -#openshift_master_cluster_hostname=openshift-ansible.test.example.com -#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com - -# Override the default controller lease ttl -#osm_controller_lease_ttl=30 - -# Configure controller arguments -#osm_controller_args={'resource-quota-sync-period': ['10s']} - -# Configure api server arguments -#osm_api_server_args={'max-requests-inflight': ['400']} - -# default subdomain to use for exposed routes -#openshift_master_default_subdomain=apps.test.example.com - -# additional cors origins -#osm_custom_cors_origins=['foo.example.com', 'bar.example.com'] - -# default project node selector -#osm_default_node_selector='region=primary' - -# Override the default pod eviction timeout -#openshift_master_pod_eviction_timeout=5m - -# Override the default oauth tokenConfig settings: -# openshift_master_access_token_max_seconds=86400 -# openshift_master_auth_token_max_seconds=500 - -# Override master servingInfo.maxRequestsInFlight -#openshift_master_max_requests_inflight=500 - -# default storage plugin dependencies to install, by default the ceph and -# glusterfs plugin dependencies will be installed, if available. -#osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] - -# OpenShift Router Options -# -# An OpenShift router will be created during install if there are -# nodes present with labels matching the default router selector, -# "region=infra". Set openshift_node_labels per node as needed in -# order to label nodes. -# -# Example: -# [nodes] -# node.example.com openshift_node_labels="{'region': 'infra'}" -# -# Router selector (optional) -# Router will only be created if nodes matching this label are present. -# Default value: 'region=infra' -#openshift_hosted_router_selector='region=infra' -# -# Router replicas (optional) -# Unless specified, openshift-ansible will calculate the replica count -# based on the number of nodes matching the openshift router selector. -#openshift_hosted_router_replicas=2 -# -# Router force subdomain (optional) -# A router path format to force on all routes used by this router -# (will ignore the route host value) -#openshift_hosted_router_force_subdomain='${name}-${namespace}.apps.example.com' -# -# Router certificate (optional) -# Provide local certificate paths which will be configured as the -# router's default certificate. -#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} - -# Openshift Registry Options -# -# An OpenShift registry will be created during install if there are -# nodes present with labels matching the default registry selector, -# "region=infra". Set openshift_node_labels per node as needed in -# order to label nodes. -# -# Example: -# [nodes] -# node.example.com openshift_node_labels="{'region': 'infra'}" -# -# Registry selector (optional) -# Registry will only be created if nodes matching this label are present. -# Default value: 'region=infra' -#openshift_hosted_registry_selector='region=infra' -# -# Registry replicas (optional) -# Unless specified, openshift-ansible will calculate the replica count -# based on the number of nodes matching the openshift registry selector. -#openshift_hosted_registry_replicas=2 - -# Registry Storage Options -# -# NFS Host Group -# An NFS volume will be created with path "nfs_directory/volume_name" -# on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/registry" -#openshift_hosted_registry_storage_kind=nfs -#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] -#openshift_hosted_registry_storage_nfs_directory=/exports -#openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)' -#openshift_hosted_registry_storage_volume_name=registry -#openshift_hosted_registry_storage_volume_size=10Gi -# -# External NFS Host -# NFS volume must already exist with path "nfs_directory/_volume_name" on -# the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/registry" -#openshift_hosted_registry_storage_kind=nfs -#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] -#openshift_hosted_registry_storage_host=nfs.example.com -#openshift_hosted_registry_storage_nfs_directory=/exports -#openshift_hosted_registry_storage_volume_name=registry -#openshift_hosted_registry_storage_volume_size=10Gi -# -# Openstack -# Volume must already exist. -#openshift_hosted_registry_storage_kind=openstack -#openshift_hosted_registry_storage_access_modes=['ReadWriteOnce'] -#openshift_hosted_registry_storage_openstack_filesystem=ext4 -#openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 -#openshift_hosted_registry_storage_volume_size=10Gi -# -# AWS S3 -# S3 bucket must already exist. -#openshift_hosted_registry_storage_kind=object -#openshift_hosted_registry_storage_provider=s3 -#openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id -#openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key -#openshift_hosted_registry_storage_s3_bucket=bucket_name -#openshift_hosted_registry_storage_s3_region=bucket_region -#openshift_hosted_registry_storage_s3_chunksize=26214400 - -# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') -# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' - -# Disable the OpenShift SDN plugin -# openshift_use_openshift_sdn=False - -# Configure SDN cluster network and kubernetes service CIDR blocks. These -# network blocks should be private and should not conflict with network blocks -# in your infrastructure that pods may require access to. Can not be changed -# after deployment. -#osm_cluster_network_cidr=10.1.0.0/16 -#openshift_portal_net=172.30.0.0/16 - -# Configure number of bits to allocate to each host’s subnet e.g. 8 -# would mean a /24 network on the host. -#osm_host_subnet_length=8 - -# Configure master API and console ports. -#openshift_master_api_port=8443 -#openshift_master_console_port=8443 - -# set RPM version for debugging purposes -#openshift_pkg_version=-3.1.0.0 - -# Configure custom named certificates -# NOTE: openshift_master_named_certificates is cached on masters and is an -# additive fact, meaning that each run with a different set of certificates -# will add the newly provided certificates to the cached set of certificates. -# -# An optional CA may be specified for each named certificate. CAs will -# be added to the OpenShift CA bundle which allows for the named -# certificate to be served for internal cluster communication. -# -# If you would like openshift_master_named_certificates to be overwritten with -# the provided value, specify openshift_master_overwrite_named_certificates. -#openshift_master_overwrite_named_certificates=true -# -# Provide local certificate paths which will be deployed to masters -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "cafile": "/path/to/custom-ca1.crt"}] -# -# Detected names may be overridden by specifying the "names" key -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"], "cafile": "/path/to/custom-ca1.crt"}] - -# Session options -#openshift_master_session_name=ssn -#openshift_master_session_max_seconds=3600 - -# An authentication and encryption secret will be generated if secrets -# are not provided. If provided, openshift_master_session_auth_secrets -# and openshift_master_encryption_secrets must be equal length. -# -# Signing secrets, used to authenticate sessions using -# HMAC. Recommended to use secrets with 32 or 64 bytes. -#openshift_master_session_auth_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO'] -# -# Encrypting secrets, used to encrypt sessions. Must be 16, 24, or 32 -# characters long, to select AES-128, AES-192, or AES-256. -#openshift_master_session_encryption_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO'] - -# configure how often node iptables rules are refreshed -#openshift_node_iptables_sync_period=5s - -# Configure nodeIP in the node config -# This is needed in cases where node traffic is desired to go over an -# interface other than the default network interface. -#openshift_node_set_node_ip=True - -# Force setting of system hostname when configuring OpenShift -# This works around issues related to installations that do not have valid dns -# entries for the interfaces attached to the host. -#openshift_set_hostname=True - -# Configure dnsIP in the node config -#openshift_dns_ip=172.30.0.1 - -# Configure node kubelet arguments -#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} - -# Configure logrotate scripts -# See: https://github.com/nickhammond/ansible-logrotate -#logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] - -# openshift-ansible will wait indefinitely for your input when it detects that the -# value of openshift_hostname resolves to an IP address not bound to any local -# interfaces. This mis-configuration is problematic for any pod leveraging host -# networking and liveness or readiness probes. -# Setting this variable to true will override that check. -#openshift_override_hostname_check=true - -# Configure dnsmasq for cluster dns, switch the host's local resolver to use dnsmasq -# and configure node's dnsIP to point at the node's local dnsmasq instance. Defaults -# to True for Origin 1.2 and OSE 3.2. False for 1.1 / 3.1 installs, this cannot -# be used with 1.0 and 3.0. -# openshift_use_dnsmasq=False - -# Global Proxy Configuration -# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment -# variables for docker and master services. -#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT -#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT -#openshift_no_proxy='.hosts.example.com,some-host.com' -# -# Most environments don't require a proxy between openshift masters, nodes, and -# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and -# specify that domain above. -#openshift_generate_no_proxy_hosts=True -# -# These options configure the BuildDefaults admission controller which injects -# environment variables into Builds. These values will default to the global proxy -# config values. You only need to set these if they differ from the global settings -# above. See BuildDefaults -# documentation at https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html -#openshift_builddefaults_http_proxy=http://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_https_proxy=https://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_no_proxy=build_defaults -#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT -# Or you may optionally define your own serialized as json -#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","kind":"BuildDefaultsConfig"}}}' - -# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default -#openshift_master_dynamic_provisioning_enabled=False - -# Configure usage of openshift_clock role. -#openshift_clock_enabled=true - -# OpenShift Per-Service Environment Variables -# Environment variables are added to /etc/sysconfig files for -# each OpenShift service: node, master (api and controllers). -# API and controllers environment variables are merged in single -# master environments. -#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} -#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} -#openshift_node_env_vars={"ENABLE_HTTP2": "true"} - -# host group for masters -[masters] -aep3-master[1:3]-ansible.test.example.com - -[etcd] -aep3-etcd[1:3]-ansible.test.example.com - -[lb] -aep3-lb-ansible.test.example.com - -# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes -# However, in order to ensure that your masters are not burdened with running pods you should -# make them unschedulable by adding openshift_schedulable=False any node that's also a master. -[nodes] -aep3-master[1:3]-ansible.test.example.com -aep3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}" diff --git a/inventory/byo/hosts.aep_quickstart b/inventory/byo/hosts.aep_quickstart deleted file mode 100644 index 46ea3a03f..000000000 --- a/inventory/byo/hosts.aep_quickstart +++ /dev/null @@ -1,20 +0,0 @@ -[OSEv3:children] -masters -nodes -etcd -lb - -[OSEv3:vars] -ansible_ssh_user=root -deployment_type=atomic-enterprise -osm_use_cockpit=true - -[masters] -ose3-master.example.com - -[nodes] -ose3-master.example.com openshift_scheduleable=True - -[etcd] - -[lb] diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 023e1a3a6..8b3a6e403 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -65,10 +65,6 @@ openshift_release=v1.2 # See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files #openshift_master_oauth_template=/path/to/login-template.html -# Configure metricsPublicURL in the master config for cluster metrics -# See: https://docs.openshift.org/latest/install_config/cluster_metrics.html -#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics - # Configure loggingPublicURL in the master config for aggregate logging # See: https://docs.openshift.org/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com @@ -97,26 +93,20 @@ openshift_release=v1.2 # Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone. # docker_upgrade=False -# Alternate image format string. If you're not modifying the format string and -# only need to inject your own registry you may want to consider -# openshift_docker_additional_registries instead +# Alternate image format string, useful if you've got your own registry mirror #oreg_url=example.com/openshift3/ose-${component}:${version} # If oreg_url points to a registry other than registry.access.redhat.com we can # modify image streams to point at that registry by setting the following to true -#openshift_examples_modify_imagestreams=True +#openshift_examples_modify_imagestreams=true # Origin copr repo #openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] -# Origin Fedora copr repo -# Use this if you are installing on Fedora -#openshift_additional_repos=[{'id': 'fedora-openshift-origin-copr', 'name': 'OpenShift Origin COPR for Fedora', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg'}] - # htpasswd auth openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] # Defining htpasswd users -#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>' +#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'} # or #openshift_master_htpasswd_file=<path to local pre-generated htpasswd file> @@ -159,6 +149,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_cloudprovider_openstack_tenant_name=tenant_name #openshift_cloudprovider_openstack_region=region #openshift_cloudprovider_openstack_lb_subnet_id=subnet_id +# +# GCE +#openshift_cloudprovider_kind=gce # Project Configuration #osm_project_request_message='' @@ -328,7 +321,55 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_storage_s3_bucket=bucket_name #openshift_hosted_registry_storage_s3_region=bucket_region #openshift_hosted_registry_storage_s3_chunksize=26214400 +#openshift_hosted_registry_storage_s3_rootdirectory=/registry #openshift_hosted_registry_pullthrough=true +#openshift_hosted_registry_acceptschema2=true +#openshift_hosted_registry_enforcequota=true + +# Metrics deployment +# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html +# +# By default metrics are not automatically deployed, set this to enable them +# openshift_hosted_metrics_deploy=true +# +# Storage Options +# If openshift_hosted_metrics_storage_kind is unset then metrics will be stored +# in an EmptyDir volume and will be deleted when the cassandra pod terminates. +# Storage options A & B currently support only one cassandra pod which is +# generally enough for up to 1000 pods. Additional volumes can be created +# manually after the fact and metrics scaled per the docs. +# +# Option A - NFS Host Group +# An NFS volume will be created with path "nfs_directory/volume_name" +# on the host within the [nfs] host group. For example, the volume +# path using these options would be "/exports/metrics" +#openshift_hosted_metrics_storage_kind=nfs +#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_metrics_storage_nfs_directory=/exports +#openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)' +#openshift_hosted_metrics_storage_volume_name=metrics +#openshift_hosted_metrics_storage_volume_size=10Gi +# +# Option B - External NFS Host +# NFS volume must already exist with path "nfs_directory/_volume_name" on +# the storage_host. For example, the remote volume path using these +# options would be "nfs.example.com:/exports/metrics" +#openshift_hosted_metrics_storage_kind=nfs +#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_metrics_storage_host=nfs.example.com +#openshift_hosted_metrics_storage_nfs_directory=/exports +#openshift_hosted_metrics_storage_volume_name=metrics +#openshift_hosted_metrics_storage_volume_size=10Gi +# +# Option C - Dynamic -- If openshift supports dynamic volume provisioning for +# your cloud platform use this. +#openshift_hosted_metrics_storage_kind=dynamic +# +# Override metricsPublicURL in the master config for cluster metrics +# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics +# Currently, you may only alter the hostname portion of the url, alterting the +# `/hawkular/metrics` path will break installation of metrics. +#openshift_hosted_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' @@ -344,6 +385,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_portal_net=172.30.0.0/16 +# ExternalIPNetworkCIDRs controls what values are acceptable for the +# service external IP field. If empty, no externalIP may be set. It +# may contain a list of CIDRs which are checked for access. If a CIDR +# is prefixed with !, IPs in that CIDR will be rejected. Rejections +# will be applied first, then the IP checked against one of the +# allowed CIDRs. You should ensure this range does not overlap with +# your nodes, pods, or service CIDRs for security reasons. +#openshift_master_external_ip_network_cidrs=['0.0.0.0/0'] + # Configure number of bits to allocate to each host’s subnet e.g. 8 # would mean a /24 network on the host. #osm_host_subnet_length=8 @@ -355,7 +405,21 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # set RPM version for debugging purposes #openshift_pkg_version=-1.1 -# Configure custom named certificates +# Configure custom ca certificate +#openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'} +# +# NOTE: CA certificate will not be replaced with existing clusters. +# This option may only be specified when creating a new cluster or +# when redeploying cluster certificates with the redeploy-certificates +# playbook. If replacing the CA certificate in an existing cluster +# with a custom ca certificate, the following variable must also be +# set. +#openshift_certificates_redeploy_ca=true + +# Configure custom named certificates (SNI certificates) +# +# https://docs.openshift.org/latest/install_config/certificate_customization.html +# # NOTE: openshift_master_named_certificates is cached on masters and is an # additive fact, meaning that each run with a different set of certificates # will add the newly provided certificates to the cached set of certificates. @@ -407,7 +471,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_dns_ip=172.30.0.1 # Configure node kubelet arguments -#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} # Configure logrotate scripts # See: https://github.com/nickhammond/ansible-logrotate diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 8e1a9c139..af653f850 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -6,6 +6,7 @@ masters nodes etcd lb +nfs # Set variables common for all OSEv3 hosts [OSEv3:vars] @@ -64,10 +65,6 @@ openshift_release=v3.2 # See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files #openshift_master_oauth_template=/path/to/login-template.html -# Configure metricsPublicURL in the master config for cluster metrics -# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html -#openshift_master_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics - # Configure loggingPublicURL in the master config for aggregate logging # See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com @@ -96,13 +93,11 @@ openshift_release=v3.2 # Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone. # docker_upgrade=False -# Alternate image format string. If you're not modifying the format string and -# only need to inject your own registry you may want to consider -# openshift_docker_additional_registries instead +# Alternate image format string, useful if you've got your own registry mirror #oreg_url=example.com/openshift3/ose-${component}:${version} # If oreg_url points to a registry other than registry.access.redhat.com we can # modify image streams to point at that registry by setting the following to true -#openshift_examples_modify_imagestreams=True +#openshift_examples_modify_imagestreams=true # Additional yum repos to install #openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://example.com/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}] @@ -110,7 +105,7 @@ openshift_release=v3.2 # htpasswd auth openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] # Defining htpasswd users -#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>' +#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'} # or #openshift_master_htpasswd_file=<path to local pre-generated htpasswd file> @@ -153,6 +148,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_cloudprovider_openstack_tenant_name=tenant_name #openshift_cloudprovider_openstack_region=region #openshift_cloudprovider_openstack_lb_subnet_id=subnet_id +# +# GCE +#openshift_cloudprovider_kind=gce # Project Configuration #osm_project_request_message='' @@ -322,7 +320,56 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_storage_s3_bucket=bucket_name #openshift_hosted_registry_storage_s3_region=bucket_region #openshift_hosted_registry_storage_s3_chunksize=26214400 +#openshift_hosted_registry_storage_s3_rootdirectory=/registry #openshift_hosted_registry_pullthrough=true +#openshift_hosted_registry_acceptschema2=true +#openshift_hosted_registry_enforcequota=true + +# Metrics deployment +# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html +# +# By default metrics are not automatically deployed, set this to enable them +# openshift_hosted_metrics_deploy=true +# +# Storage Options +# If openshift_hosted_metrics_storage_kind is unset then metrics will be stored +# in an EmptyDir volume and will be deleted when the cassandra pod terminates. +# Storage options A & B currently support only one cassandra pod which is +# generally enough for up to 1000 pods. Additional volumes can be created +# manually after the fact and metrics scaled per the docs. +# +# Option A - NFS Host Group +# An NFS volume will be created with path "nfs_directory/volume_name" +# on the host within the [nfs] host group. For example, the volume +# path using these options would be "/exports/metrics" +#openshift_hosted_metrics_storage_kind=nfs +#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_metrics_storage_nfs_directory=/exports +#openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)' +#openshift_hosted_metrics_storage_volume_name=metrics +#openshift_hosted_metrics_storage_volume_size=10Gi +# +# Option B - External NFS Host +# NFS volume must already exist with path "nfs_directory/_volume_name" on +# the storage_host. For example, the remote volume path using these +# options would be "nfs.example.com:/exports/metrics" +#openshift_hosted_metrics_storage_kind=nfs +#openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce'] +#openshift_hosted_metrics_storage_host=nfs.example.com +#openshift_hosted_metrics_storage_nfs_directory=/exports +#openshift_hosted_metrics_storage_volume_name=metrics +#openshift_hosted_metrics_storage_volume_size=10Gi +# +# Option C - Dynamic -- If openshift supports dynamic volume provisioning for +# your cloud platform use this. +#openshift_hosted_metrics_storage_kind=dynamic +# +# Override metricsPublicURL in the master config for cluster metrics +# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics +# Currently, you may only alter the hostname portion of the url, alterting the +# `/hawkular/metrics` path will break installation of metrics. +#openshift_hosted_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics + # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' @@ -338,6 +385,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_portal_net=172.30.0.0/16 +# ExternalIPNetworkCIDRs controls what values are acceptable for the +# service external IP field. If empty, no externalIP may be set. It +# may contain a list of CIDRs which are checked for access. If a CIDR +# is prefixed with !, IPs in that CIDR will be rejected. Rejections +# will be applied first, then the IP checked against one of the +# allowed CIDRs. You should ensure this range does not overlap with +# your nodes, pods, or service CIDRs for security reasons. +#openshift_master_external_ip_network_cidrs=['0.0.0.0/0'] + # Configure number of bits to allocate to each host’s subnet e.g. 8 # would mean a /24 network on the host. #osm_host_subnet_length=8 @@ -349,7 +405,21 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # set RPM version for debugging purposes #openshift_pkg_version=-3.1.0.0 -# Configure custom named certificates +# Configure custom ca certificate +#openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'} +# +# NOTE: CA certificate will not be replaced with existing clusters. +# This option may only be specified when creating a new cluster or +# when redeploying cluster certificates with the redeploy-certificates +# playbook. If replacing the CA certificate in an existing cluster +# with a custom ca certificate, the following variable must also be +# set. +#openshift_certificates_redeploy_ca=true + +# Configure custom named certificates (SNI certificates) +# +# https://docs.openshift.com/enterprise/latest/install_config/certificate_customization.html +# # NOTE: openshift_master_named_certificates is cached on masters and is an # additive fact, meaning that each run with a different set of certificates # will add the newly provided certificates to the cached set of certificates. @@ -401,7 +471,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_dns_ip=172.30.0.1 # Configure node kubelet arguments -#openshift_node_kubelet_args={'max-pods': ['110'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} # Configure logrotate scripts # See: https://github.com/nickhammond/ansible-logrotate diff --git a/inventory/openstack/hosts/nova.ini b/inventory/openstack/hosts/nova.ini deleted file mode 100644 index 4900c4965..000000000 --- a/inventory/openstack/hosts/nova.ini +++ /dev/null @@ -1,45 +0,0 @@ -# Ansible OpenStack external inventory script - -[openstack] - -#------------------------------------------------------------------------- -# Required settings -#------------------------------------------------------------------------- - -# API version -version = 2 - -# OpenStack nova username -username = - -# OpenStack nova api_key or password -api_key = - -# OpenStack nova auth_url -auth_url = - -# OpenStack nova project_id or tenant name -project_id = - -#------------------------------------------------------------------------- -# Optional settings -#------------------------------------------------------------------------- - -# Authentication system -# auth_system = keystone - -# Serverarm region name to use -# region_name = - -# Specify a preference for public or private IPs (public is default) -# prefer_private = False - -# What service type (required for newer nova client) -# service_type = compute - - -# TODO: Some other options -# insecure = -# endpoint_type = -# extensions = -# service_name = diff --git a/inventory/openstack/hosts/nova.py b/inventory/openstack/hosts/nova.py deleted file mode 100755 index 3197a57bc..000000000 --- a/inventory/openstack/hosts/nova.py +++ /dev/null @@ -1,224 +0,0 @@ -#!/usr/bin/env python2 - -# pylint: skip-file - -# (c) 2012, Marco Vito Moscaritolo <marco@agavee.com> -# -# This file is part of Ansible, -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see <http://www.gnu.org/licenses/>. - -import sys -import re -import os -import ConfigParser -from novaclient import client as nova_client - -try: - import json -except ImportError: - import simplejson as json - -################################################### -# executed with no parameters, return the list of -# all groups and hosts - -NOVA_CONFIG_FILES = [os.path.join(os.path.dirname(os.path.realpath(__file__)), "nova.ini"), - os.path.expanduser(os.environ.get('ANSIBLE_CONFIG', "~/nova.ini")), - "/etc/ansible/nova.ini"] - -NOVA_DEFAULTS = { - 'auth_system': None, - 'region_name': None, - 'service_type': 'compute', -} - - -def nova_load_config_file(): - p = ConfigParser.SafeConfigParser(NOVA_DEFAULTS) - - for path in NOVA_CONFIG_FILES: - if os.path.exists(path): - p.read(path) - return p - - return None - - -def get_fallback(config, value, section="openstack"): - """ - Get value from config object and return the value - or false - """ - try: - return config.get(section, value) - except ConfigParser.NoOptionError: - return False - - -def push(data, key, element): - """ - Assist in items to a dictionary of lists - """ - if (not element) or (not key): - return - - if key in data: - data[key].append(element) - else: - data[key] = [element] - - -def to_safe(word): - ''' - Converts 'bad' characters in a string to underscores so they can - be used as Ansible groups - ''' - return re.sub(r"[^A-Za-z0-9\-]", "_", word) - - -def get_ips(server, access_ip=True): - """ - Returns a list of the server's IPs, or the preferred - access IP - """ - private = [] - public = [] - address_list = [] - # Iterate through each servers network(s), get addresses and get type - addresses = getattr(server, 'addresses', {}) - if len(addresses) > 0: - for network in addresses.itervalues(): - for address in network: - if address.get('OS-EXT-IPS:type', False) == 'fixed': - private.append(address['addr']) - elif address.get('OS-EXT-IPS:type', False) == 'floating': - public.append(address['addr']) - - if not access_ip: - address_list.append(server.accessIPv4) - address_list.extend(private) - address_list.extend(public) - return address_list - - access_ip = None - # Append group to list - if server.accessIPv4: - access_ip = server.accessIPv4 - if (not access_ip) and public and not (private and prefer_private): - access_ip = public[0] - if private and not access_ip: - access_ip = private[0] - - return access_ip - - -def get_metadata(server): - """Returns dictionary of all host metadata""" - get_ips(server, False) - results = {} - for key in vars(server): - # Extract value - value = getattr(server, key) - - # Generate sanitized key - key = 'os_' + re.sub(r"[^A-Za-z0-9\-]", "_", key).lower() - - # Att value to instance result (exclude manager class) - #TODO: maybe use value.__class__ or similar inside of key_name - if key != 'os_manager': - results[key] = value - return results - -config = nova_load_config_file() -if not config: - sys.exit('Unable to find configfile in %s' % ', '.join(NOVA_CONFIG_FILES)) - -# Load up connections info based on config and then environment -# variables -username = (get_fallback(config, 'username') or - os.environ.get('OS_USERNAME', None)) -api_key = (get_fallback(config, 'api_key') or - os.environ.get('OS_PASSWORD', None)) -auth_url = (get_fallback(config, 'auth_url') or - os.environ.get('OS_AUTH_URL', None)) -project_id = (get_fallback(config, 'project_id') or - os.environ.get('OS_TENANT_NAME', None)) -region_name = (get_fallback(config, 'region_name') or - os.environ.get('OS_REGION_NAME', None)) -auth_system = (get_fallback(config, 'auth_system') or - os.environ.get('OS_AUTH_SYSTEM', None)) - -# Determine what type of IP is preferred to return -prefer_private = False -try: - prefer_private = config.getboolean('openstack', 'prefer_private') -except ConfigParser.NoOptionError: - pass - -client = nova_client.Client( - version=config.get('openstack', 'version'), - username=username, - api_key=api_key, - auth_url=auth_url, - region_name=region_name, - project_id=project_id, - auth_system=auth_system, - service_type=config.get('openstack', 'service_type'), -) - -# Default or added list option -if (len(sys.argv) == 2 and sys.argv[1] == '--list') or len(sys.argv) == 1: - groups = {'_meta': {'hostvars': {}}} - # Cycle on servers - for server in client.servers.list(): - access_ip = get_ips(server) - - # Push to name group of 1 - push(groups, server.name, access_ip) - - # Run through each metadata item and add instance to it - for key, value in server.metadata.iteritems(): - composed_key = to_safe('tag_{0}_{1}'.format(key, value)) - push(groups, composed_key, access_ip) - - # Do special handling of group for backwards compat - # inventory groups - group = server.metadata['group'] if 'group' in server.metadata else 'undefined' - push(groups, group, access_ip) - - # Add vars to _meta key for performance optimization in - # Ansible 1.3+ - groups['_meta']['hostvars'][access_ip] = get_metadata(server) - - # Return server list - print(json.dumps(groups, sort_keys=True, indent=2)) - sys.exit(0) - -##################################################### -# executed with a hostname as a parameter, return the -# variables for that host - -elif len(sys.argv) == 3 and (sys.argv[1] == '--host'): - results = {} - ips = [] - for server in client.servers.list(): - if sys.argv[2] in (get_ips(server) or []): - results = get_metadata(server) - print(json.dumps(results, sort_keys=True, indent=2)) - sys.exit(0) - -else: - print "usage: --list ..OR.. --host <hostname>" - sys.exit(1) diff --git a/inventory/openstack/hosts/openstack.py b/inventory/openstack/hosts/openstack.py new file mode 100755 index 000000000..0d92eae11 --- /dev/null +++ b/inventory/openstack/hosts/openstack.py @@ -0,0 +1,246 @@ +#!/usr/bin/env python + +# Copyright (c) 2012, Marco Vito Moscaritolo <marco@agavee.com> +# Copyright (c) 2013, Jesse Keating <jesse.keating@rackspace.com> +# Copyright (c) 2015, Hewlett-Packard Development Company, L.P. +# Copyright (c) 2016, Rackspace Australia +# +# This module is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software. If not, see <http://www.gnu.org/licenses/>. + +# The OpenStack Inventory module uses os-client-config for configuration. +# https://github.com/stackforge/os-client-config +# This means it will either: +# - Respect normal OS_* environment variables like other OpenStack tools +# - Read values from a clouds.yaml file. +# If you want to configure via clouds.yaml, you can put the file in: +# - Current directory +# - ~/.config/openstack/clouds.yaml +# - /etc/openstack/clouds.yaml +# - /etc/ansible/openstack.yml +# The clouds.yaml file can contain entries for multiple clouds and multiple +# regions of those clouds. If it does, this inventory module will connect to +# all of them and present them as one contiguous inventory. +# +# See the adjacent openstack.yml file for an example config file +# There are two ansible inventory specific options that can be set in +# the inventory section. +# expand_hostvars controls whether or not the inventory will make extra API +# calls to fill out additional information about each server +# use_hostnames changes the behavior from registering every host with its UUID +# and making a group of its hostname to only doing this if the +# hostname in question has more than one server +# fail_on_errors causes the inventory to fail and return no hosts if one cloud +# has failed (for example, bad credentials or being offline). +# When set to False, the inventory will return hosts from +# whichever other clouds it can contact. (Default: True) + +import argparse +import collections +import os +import sys +import time +from distutils.version import StrictVersion + +try: + import json +except: + import simplejson as json + +import os_client_config +import shade +import shade.inventory + +CONFIG_FILES = ['/etc/ansible/openstack.yaml', '/etc/ansible/openstack.yml'] + + +def get_groups_from_server(server_vars, namegroup=True): + groups = [] + + region = server_vars['region'] + cloud = server_vars['cloud'] + metadata = server_vars.get('metadata', {}) + + # Create a group for the cloud + groups.append(cloud) + + # Create a group on region + groups.append(region) + + # And one by cloud_region + groups.append("%s_%s" % (cloud, region)) + + # Check if group metadata key in servers' metadata + if 'group' in metadata: + groups.append(metadata['group']) + + for extra_group in metadata.get('groups', '').split(','): + if extra_group: + groups.append(extra_group.strip()) + + groups.append('instance-%s' % server_vars['id']) + if namegroup: + groups.append(server_vars['name']) + + for key in ('flavor', 'image'): + if 'name' in server_vars[key]: + groups.append('%s-%s' % (key, server_vars[key]['name'])) + + for key, value in iter(metadata.items()): + groups.append('meta-%s_%s' % (key, value)) + + az = server_vars.get('az', None) + if az: + # Make groups for az, region_az and cloud_region_az + groups.append(az) + groups.append('%s_%s' % (region, az)) + groups.append('%s_%s_%s' % (cloud, region, az)) + return groups + + +def get_host_groups(inventory, refresh=False): + (cache_file, cache_expiration_time) = get_cache_settings() + if is_cache_stale(cache_file, cache_expiration_time, refresh=refresh): + groups = to_json(get_host_groups_from_cloud(inventory)) + open(cache_file, 'w').write(groups) + else: + groups = open(cache_file, 'r').read() + return groups + + +def append_hostvars(hostvars, groups, key, server, namegroup=False): + hostvars[key] = dict( + ansible_ssh_host=server['interface_ip'], + openstack=server) + for group in get_groups_from_server(server, namegroup=namegroup): + groups[group].append(key) + + +def get_host_groups_from_cloud(inventory): + groups = collections.defaultdict(list) + firstpass = collections.defaultdict(list) + hostvars = {} + list_args = {} + if hasattr(inventory, 'extra_config'): + use_hostnames = inventory.extra_config['use_hostnames'] + list_args['expand'] = inventory.extra_config['expand_hostvars'] + if StrictVersion(shade.__version__) >= StrictVersion("1.6.0"): + list_args['fail_on_cloud_config'] = \ + inventory.extra_config['fail_on_errors'] + else: + use_hostnames = False + + for server in inventory.list_hosts(**list_args): + + if 'interface_ip' not in server: + continue + firstpass[server['name']].append(server) + for name, servers in firstpass.items(): + if len(servers) == 1 and use_hostnames: + append_hostvars(hostvars, groups, name, servers[0]) + else: + server_ids = set() + # Trap for duplicate results + for server in servers: + server_ids.add(server['id']) + if len(server_ids) == 1 and use_hostnames: + append_hostvars(hostvars, groups, name, servers[0]) + else: + for server in servers: + append_hostvars( + hostvars, groups, server['id'], server, + namegroup=True) + groups['_meta'] = {'hostvars': hostvars} + return groups + + +def is_cache_stale(cache_file, cache_expiration_time, refresh=False): + ''' Determines if cache file has expired, or if it is still valid ''' + if refresh: + return True + if os.path.isfile(cache_file) and os.path.getsize(cache_file) > 0: + mod_time = os.path.getmtime(cache_file) + current_time = time.time() + if (mod_time + cache_expiration_time) > current_time: + return False + return True + + +def get_cache_settings(): + config = os_client_config.config.OpenStackConfig( + config_files=os_client_config.config.CONFIG_FILES + CONFIG_FILES) + # For inventory-wide caching + cache_expiration_time = config.get_cache_expiration_time() + cache_path = config.get_cache_path() + if not os.path.exists(cache_path): + os.makedirs(cache_path) + cache_file = os.path.join(cache_path, 'ansible-inventory.cache') + return (cache_file, cache_expiration_time) + + +def to_json(in_dict): + return json.dumps(in_dict, sort_keys=True, indent=2) + + +def parse_args(): + parser = argparse.ArgumentParser(description='OpenStack Inventory Module') + parser.add_argument('--private', + action='store_true', + help='Use private address for ansible host') + parser.add_argument('--refresh', action='store_true', + help='Refresh cached information') + parser.add_argument('--debug', action='store_true', default=False, + help='Enable debug output') + group = parser.add_mutually_exclusive_group(required=True) + group.add_argument('--list', action='store_true', + help='List active servers') + group.add_argument('--host', help='List details about the specific host') + + return parser.parse_args() + + +def main(): + args = parse_args() + try: + config_files = os_client_config.config.CONFIG_FILES + CONFIG_FILES + shade.simple_logging(debug=args.debug) + inventory_args = dict( + refresh=args.refresh, + config_files=config_files, + private=args.private, + ) + if hasattr(shade.inventory.OpenStackInventory, 'extra_config'): + inventory_args.update(dict( + config_key='ansible', + config_defaults={ + 'use_hostnames': False, + 'expand_hostvars': True, + 'fail_on_errors': True, + } + )) + + inventory = shade.inventory.OpenStackInventory(**inventory_args) + + if args.list: + output = get_host_groups(inventory, refresh=args.refresh) + elif args.host: + output = to_json(inventory.get_host(args.host)) + print(output) + except shade.OpenStackCloudException as e: + sys.stderr.write('%s\n' % e.message) + sys.exit(1) + sys.exit(0) + + +if __name__ == '__main__': + main() diff --git a/library/modify_yaml.py b/library/modify_yaml.py index a4be10ca3..63b507a72 100755 --- a/library/modify_yaml.py +++ b/library/modify_yaml.py @@ -20,6 +20,24 @@ EXAMPLES = ''' yaml_value: 2 ''' + +# pylint: disable=missing-docstring +def set_key(yaml_data, yaml_key, yaml_value): + changes = [] + ptr = yaml_data + for key in yaml_key.split('.'): + if key not in ptr and key != yaml_key.split('.')[-1]: + ptr[key] = {} + ptr = ptr[key] + elif key == yaml_key.split('.')[-1]: + if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr): + ptr[key] = yaml_value + changes.append((yaml_key, yaml_value)) + else: + ptr = ptr[key] + return changes + + def main(): ''' Modify key (supplied in jinja2 dot notation) in yaml file, setting the key to the desired value. @@ -53,22 +71,12 @@ def main(): yaml.add_representer(type(None), none_representer) try: - changes = [] yaml_file = open(dest) yaml_data = yaml.safe_load(yaml_file.read()) yaml_file.close() - ptr = yaml_data - for key in yaml_key.split('.'): - if key not in ptr and key != yaml_key.split('.')[-1]: - ptr[key] = {} - elif key == yaml_key.split('.')[-1]: - if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr): - ptr[key] = yaml_value - changes.append((yaml_key, yaml_value)) - else: - ptr = ptr[key] + changes = set_key(yaml_data, yaml_key, yaml_value) if len(changes) > 0: if backup: diff --git a/openshift-ansible.spec b/openshift-ansible.spec index 6a19a67a6..e57dbfb1b 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -5,7 +5,7 @@ } Name: openshift-ansible -Version: 3.3.7 +Version: 3.4.2 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -91,7 +91,8 @@ popd # Base openshift-ansible files %files -%doc LICENSE.md README* +%doc README* +%license LICENSE %dir %{_datadir}/ansible/%{name} %{_datadir}/ansible/%{name}/library %ghost %{_datadir}/ansible/%{name}/playbooks/common/openshift-master/library.rpmmoved @@ -221,6 +222,297 @@ Atomic OpenShift Utilities includes %changelog +* Mon Sep 26 2016 Scott Dodson <sdodson@redhat.com> 3.4.2-1 +- Add an issue template (sdodson@redhat.com) +- Add openshift_hosted_router_name (andrew@andrewklau.com) +- Fix master service status changed fact. (abutcher@redhat.com) +- Clarify openshift_hosted_metrics_public_url (sdodson@redhat.com) +- Add GCE cloud provider kind. (abutcher@redhat.com) +- add documentation about the openshift_hosted_metrics_public_url option + (kobi.zamir@gmail.com) +- Split openshift_builddefaults_no_proxy if it's not a list + (sdodson@redhat.com) +- Fix references to openshift.master.sdn_cluster_network_cidr in node roles + (sdodson@redhat.com) +- Update the OpenStack dynamic inventory script (lhuard@amadeus.com) +- move LICENSE to /usr/share/licenses/openshift-ansible-VERSION/ + (nakayamakenjiro@gmail.com) +- [uninstall] Stop services on all hosts prior to removing files. + (abutcher@redhat.com) +- Do not create volume claims for hosted components when storage type is + object. (abutcher@redhat.com) +- Add portal_net and sdn_cluster_network_cidr to node NO_PROXY + (sdodson@redhat.com) +- Add origin-node.service.wants to uninstall (andrew@andrewklau.com) +- Update README.md (sdodson@redhat.com) +- Add 'MaxGCEPDVolumeCount' to default scheduler predicates. + (abutcher@redhat.com) +- Switch to origin-1.x branch names (sdodson@redhat.com) +- Open ports for vxlan and Nuage monitor (vishal.patil@nuagenetworks.net) +- Add role to manageiq to allow creation of projects (azellner@redhat.com) +- Add 'MaxEBSVolumeCount' to default scheduler predicates. + (abutcher@redhat.com) +- a-o-i: Don't set unschedulable nodes as infra (smunilla@redhat.com) +- [redeploy-certificates] Set default value for + openshift_master_default_subdomain as workaround. (abutcher@redhat.com) +- [redeploy-certificates] Correct etcd service name. (abutcher@redhat.com) +- [upgrade] Create/configure service signer cert when missing. + (abutcher@redhat.com) +- get quickstarts from origin, not upstream example repos (bparees@redhat.com) +- Define proxy settings for node services (sdodson@redhat.com) +- Check for use_openshift_sdn when restarting openvswitch. + (abutcher@redhat.com) +- Move delegated_serial_command module to etcd_common. (abutcher@redhat.com) +- Fix README links. (abutcher@redhat.com) +- Check for is_atomic when uninstalling flannel package. (abutcher@redhat.com) +- Add atomic-guest tuned profile (andrew.lau@newiteration.com) +- Pause after restarting openvswitch in containerized upgrade. + (dgoodwin@redhat.com) +- Add acceptschema2 and enforcequota settings for hosted registry + (andrew.lau@newiteration.com) +- Always deduplicate detected certificate names (elyscape@gmail.com) +- Add option for specifying s3 registry storage root directory. + (abutcher@redhat.com) +- Set config/namespace where missing for secure registry deployment. + (abutcher@redhat.com) +- Flush handlers before marking a node schedulable after upgrade. + (dgoodwin@redhat.com) +- Iterate over node inventory hostnames instead of openshift.common.hostname + within openshift_manage_node role. (abutcher@redhat.com) +- a-o-i: Do not display version number in quick installer (smunilla@redhat.com) +- Explain our branching strategy (sdodson@redhat.com) +- Fix warnings (mkumatag@in.ibm.com) +- Don't loop over hostvars when setting node schedulability. + (abutcher@redhat.com) +- Copy admin kubeconfig in openshift_manage_node role. (abutcher@redhat.com) +- Adjust to_padded_yaml transformation to use the AnsibleDumper + (tbielawa@redhat.com) +- Secure registry for atomic registry deployment (deployment_subtype=registry). + (abutcher@redhat.com) +- Record schedulability of node prior to upgrade and re-set it to that + (sdodson@redhat.com) +- Fix string substitution error in the to_padded_yaml filter + (tbielawa@redhat.com) +- Update image stream data (sdodson@redhat.com) +- Fix ops/qps typo (jliggitt@redhat.com) +- initial support for v1.3 with logging v1.3 (rmeggins@redhat.com) +- Only prompt for proxy vars if none are set and our version recognizes them + (tbielawa@redhat.com) +- Don't advise people to use additional registries over oreg_url + (sdodson@redhat.com) +- Persist net.ipv4.ip_forward sysctl entry for openshift nodes + (tbielawa@redhat.com) +- Add flannel package removal in uninstallation playbook (mkumatag@in.ibm.com) +- This fixes an issue in AWS where the master node was not part of the nodes in + an unschedulable way (mdanter@gmail.com) +- Don't attempt to create retry files (tbielawa@redhat.com) +- Fix nuage check. (abutcher@redhat.com) +- Change test requirements file name (tbielawa@redhat.com) +- Fix review comments (mkumatag@in.ibm.com) +- Try installing setuptools before the rest of the requirements + (tbielawa@redhat.com) +- Switch to using a requirements.txt file and ensure that setuptools is pinned + to the latest version available on RHEL7 (tbielawa@redhat.com) +- Try using parse_version from pkg_resources instead (tbielawa@redhat.com) +- Add missing pip requirement to virtualenv (tbielawa@redhat.com) +- Fix PyLint errors discovered when upgrading to newer version + (tbielawa@redhat.com) +- Bug 1369410 - uninstall fail at task [restart docker] on atomic-host + (bleanhar@redhat.com) +- Fix typo (mkumatag@in.ibm.com) +- Fix errors in docker role (mkumatag@in.ibm.com) +- Allow overriding the Docker 1.10 requirement for upgrade. + (dgoodwin@redhat.com) +- skip if the objects already exist (rmeggins@redhat.com) +- create and process the logging deployer template in the current project, + logging (rmeggins@redhat.com) +- do not create logging project if it already exists (rmeggins@redhat.com) + +* Thu Sep 01 2016 Scott Dodson <sdodson@redhat.com> 3.4.1-1 +- Bump to 3.4.0 + +* Wed Aug 31 2016 Scott Dodson <sdodson@redhat.com> 3.3.20-1 +- Restore network plugin configuration (sdodson@redhat.com) +- Remove openshift_master_metrics_public_url (abutcher@redhat.com) +- Bug 1371836 - The variant should be Registry 3.3 (smunilla@redhat.com) + +* Wed Aug 31 2016 Troy Dawson <tdawson@redhat.com> 3.3.19-1 +- update flannel_subnet_len default value (mkumatag@in.ibm.com) +- Reload docker facts after upgrading docker (sdodson@redhat.com) + +* Tue Aug 30 2016 Scott Dodson <sdodson@redhat.com> 3.3.18-1 +- Enable dynamic storage (sdodson@redhat.com) +- Change how we set master's metricsPublicURL (sdodson@redhat.com) +- update kubelet argument example with references to new pods-per-core and new + max-pods threshold for 3.3 (jeder@redhat.com) +- update kubelet argument example with references to new pods-per-core and new + max-pods threshold for 3.3 (jeder@redhat.com) + +* Mon Aug 29 2016 Scott Dodson <sdodson@redhat.com> 3.3.17-1 +- Reload units after node container service modified. (dgoodwin@redhat.com) +- Fix flannel check (mkumatag@in.ibm.com) +- Default to port 80 when deploying cockpit-ui (smunilla@redhat.com) +- Set cloudprovider kind with openshift_facts. (abutcher@redhat.com) +- Fix openstack cloudprovider template conditional. (abutcher@redhat.com) + +* Sat Aug 27 2016 Scott Dodson <sdodson@redhat.com> 3.3.16-1 +- Sync image stream data (sdodson@redhat.com) +- Update metrics example inventories (sdodson@redhat.com) +- Preserve AWS options in sysconfig files. (dgoodwin@redhat.com) +- Fix metrics for containerized installs (sdodson@redhat.com) +- Cleanup items botched during rebase (sdodson@redhat.com) +- add check for server and account already exist (mangirdas@judeikis.lt) +- add run_once to repeatable actions (mangirdas@judeikis.lt) +- Remove atomic check and cockpit.socket (smunilla@redhat.com) +- Re-organize registry-console deployment. (abutcher@redhat.com) +- Add registry console template (aweiteka@redhat.com) +- Add support for Atomic Registry Installs (smunilla@redhat.com) +- Apply indentation changes to some other lines (tbielawa@redhat.com) +- Don't use openshift_env for cloud provider facts. (abutcher@redhat.com) +- Enable PEP8 tests by default in the 'make ci' target now + (tbielawa@redhat.com) +- Fix PEP8 errors in cli_installer.py (tbielawa@redhat.com) +- Fix PEP8 in openshift_ansible.py (tbielawa@redhat.com) +- Fix PEP8 in oo_config.py (tbielawa@redhat.com) +- Fix PEP8 in variants.py (tbielawa@redhat.com) +- Fix PEP8 in facts_callback.py (tbielawa@redhat.com) +- fix duplicate src field (jdetiber@redhat.com) +- Refactor volume directory creation (sdodson@redhat.com) +- Rely on IMAGE_PREFIX and IMAGE_VERSION defaults from the templates themselves + (sdodson@redhat.com) +- Add metrics exports to nfs role, move exports to /etc/exports.d/openshift- + ansible.exports (sdodson@redhat.com) +- Add ability to disable pvc creation (sdodson@redhat.com) +- Fix registry volume (sdodson@redhat.com) +- add selectors for metrics and logging (sdodson@redhat.com) +- Add logic to detect existing installs (sdodson@redhat.com) +- Deploy metrics after our router (sdodson@redhat.com) +- Add Enterprise 3.3 template (sdodson@redhat.com) +- Pull in keynote demo changes (sdodson@redhat.com) +- [tags] add some support for running a subset of config via tags + (jdetiber@redhat.com) +- [metrics] add filter to clean up hostname for use in metrics deployment + (jdetiber@redhat.com) +- enable service-serving-cert-signer by default (abutcher@redhat.com) +- Fix review comments (mkumatag@in.ibm.com) +- Remove duplicate flannel registration (mkumatag@in.ibm.com) + +* Wed Aug 24 2016 Scott Dodson <sdodson@redhat.com> 3.3.15-1 +- simplify repo configuration (jdetiber@redhat.com) +- don't set virt_sandbox_use_nfs on Fedora, it was replaced by virt_use_nfs + (maxamillion@fedoraproject.org) +- Correct flannel cert variables. (abutcher@redhat.com) +- Make note about ansible/install logs messing up ci tests + (tbielawa@redhat.com) +- remove fedora origin copr (it's in mainline fedora now), some dnf/yum clean + up (maxamillion@fedoraproject.org) +- Move nested print_read_config_error function into it's own function + (tbielawa@redhat.com) +- Makefile includes ci-pyflakes target now (tbielawa@redhat.com) +- Fix BZ1368296 by quietly recollecting facts if the cache is removed + (tbielawa@redhat.com) +- Correct masterCA config typo. (abutcher@redhat.com) +- don't gather facts when bootstrapping ansible for Fedora hosts + (maxamillion@fedoraproject.org) +- a-o-i: Add variant and variant_version to migration (smunilla@redhat.com) +- Fix upgrade failure when master-config does not have pluginOrderOverride. + (dgoodwin@redhat.com) +- Add externalIPNetworkCIDRs to config (smunilla@redhat.com) + +* Tue Aug 23 2016 Scott Dodson <sdodson@redhat.com> 3.3.14-1 +- a-o-i: Fix ansible_ssh_user question (smunilla@redhat.com) +- Don't run node config upgrade hook if host is not a node. + (dgoodwin@redhat.com) +- Link ca to ca-bundle when ca-bundle does not exist. (abutcher@redhat.com) +- Better error if no OpenShift RPMs are available. (dgoodwin@redhat.com) +- Revert "Due to problems with with_fileglob lets avoid using it for now" + (sdodson@redhat.com) +- Replace some virsh commands by native virt_XXX ansible module + (lhuard@amadeus.com) +- Add warning at end of 3.3 upgrade if pluginOrderOverride is found. + (dgoodwin@redhat.com) +- a-o-i: Remove Legacy Config Upgrade (smunilla@redhat.com) +- Fix etcd uninstall (sdodson@redhat.com) +- Bug 1358951 - Error loading config, no such key: 'deployment' when using + previously valid answers file (smunilla@redhat.com) +- Fix standalone Docker upgrade missing symlink. (dgoodwin@redhat.com) +- Open OpenStack security group for the service node port range + (lhuard@amadeus.com) +- Fix the “node on master” feature (lhuard@amadeus.com) +- Due to problems with with_fileglob lets avoid using it for now + (sdodson@redhat.com) + +* Fri Aug 19 2016 Troy Dawson <tdawson@redhat.com> 3.3.13-1 +- Fix warnings in OpenStack provider with ansible 2.1 (lhuard@amadeus.com) +- Mount /sys rw (sdodson@redhat.com) +- Update uninstall.yml (sdodson@redhat.com) +- Fix padding on registry config (sdodson@redhat.com) + +* Wed Aug 17 2016 Troy Dawson <tdawson@redhat.com> 3.3.12-1 +- Fixes to typos, grammar, and product branding in cli_installer + (tpoitras@redhat.com) +- Reconcile roles after master upgrade, but before nodes. (dgoodwin@redhat.com) +- a-o-i: Fix nosetests after removing 3.2 from installer (smunilla@redhat.com) +- Bug 1367323 - the "OpenShift Container Platform 3.2" variant is still listed + when quick install ose-3.3 (smunilla@redhat.com) +- Bug 1367199 - iptablesSyncPeriod should default to 30s OOTB + (smunilla@redhat.com) +- Sync remaining content (sdodson@redhat.com) +- XPaas 1.3.3 (sdodson@redhat.com) +- a-o-i: Fix broken tests from installed hosts check (smunilla@redhat.com) +- Add clientCommonNames to RequestHeaderProvider optional items + (sdodson@redhat.com) +- a-o-i: Mapping for 3.2 Upgrades (smunilla@redhat.com) +- a-o-i: fix bz#1329455 (ghuang@redhat.com) +- Add nfs group to OSEv3:vars (sdodson@redhat.com) +- fixing openshift key error in case of node failure during run (ssh issue) + (jawed.khelil@amadeus.com) +- add 3.3 to installer (rmeggins@redhat.com) + +* Mon Aug 15 2016 Troy Dawson <tdawson@redhat.com> 3.3.11-1 +- Ensure etcd user exists in etcd_server_certificates by installing etcd. + (abutcher@redhat.com) +- a-o-i: Fix broken upgrades (smunilla@redhat.com) + +* Fri Aug 12 2016 Troy Dawson <tdawson@redhat.com> 3.3.10-1 +- Reference tmpdir from first master hostvars when evacuating nodes. + (abutcher@redhat.com) +- Support for redeploying certificates. (abutcher@redhat.com) +- qps typo (deads@redhat.com) +- a-o-i: Automatically Label Nodes as Infra (smunilla@redhat.com) +- Improvements for Docker 1.10+ upgrade image nuking. (dgoodwin@redhat.com) +- a-o-i: Restrict installed host check (smunilla@redhat.com) +- Shutdown Docker before upgrading the rpm. (dgoodwin@redhat.com) +- Restrict the middleware stanza contains 'registry' and 'storage' at least on + 3.3 (ghuang@redhat.com) +- docker-registry's middleware stanza should contain 'registry' and 'storage' + by default (ghuang@redhat.com) + +* Wed Aug 10 2016 Troy Dawson <tdawson@redhat.com> 3.3.9-1 +- Enable 'NoVolumeZoneConflict' policy for scheduler (abutcher@redhat.com) +- a-o-i: Update nosetests for ansible_ssh_user (smunilla@redhat.com) +- move ansible_ssh_user to deployment, remove ansible_config and + ansible_log_path (ghuang@redhat.com) +- Labeling nodes only (ghuang@redhat.com) +- Set become=no for etcd server certificates temporary directory. + (abutcher@redhat.com) +- Move storage includes up to main. (abutcher@redhat.com) +- Support gathering ansible 2.1/2.2 system facts (abutcher@redhat.com) +- Try/except urlparse calls. (abutcher@redhat.com) +- with_fileglob no longer supports wildcard prefixes. (abutcher@redhat.com) +- BUILD.md lies (jmainguy@redhat.com) +- Migrate ca.crt to ca-bundle.crt (sdodson@redhat.com) +- Upgrade configs for protobuf support. (dgoodwin@redhat.com) +- Fixed a bug in modify_yaml module. (dgoodwin@redhat.com) +- make the improved log formatter work with ansible 2.1 (rmeggins@redhat.com) +- Convert ansible facts callback to v2. (abutcher@redhat.com) +- Add 3.3 protobuf config stanzas for master/node config. (dgoodwin@redhat.com) +- Introduce 1.3/3.3 upgrade path. (dgoodwin@redhat.com) + +* Mon Aug 08 2016 Troy Dawson <tdawson@redhat.com> 3.3.8-1 +- Fix little mistake in openshift_master_htpasswd_users value . + (jmferrer@paradigmatecnologico.com) + * Fri Aug 05 2016 Troy Dawson <tdawson@redhat.com> 3.3.7-1 - Call relocated openshift-loadbalancer playbook in master scaleup. (abutcher@redhat.com) diff --git a/playbooks/adhoc/bootstrap-fedora.yml b/playbooks/adhoc/bootstrap-fedora.yml index 5ca383a37..b370d7fba 100644 --- a/playbooks/adhoc/bootstrap-fedora.yml +++ b/playbooks/adhoc/bootstrap-fedora.yml @@ -1,4 +1,5 @@ - hosts: OSEv3 + gather_facts: false tasks: - name: install python and deps for ansible modules raw: dnf install -y python2 python2-dnf libselinux-python libsemanage-python python2-firewall pyOpenSSL python-cryptography diff --git a/playbooks/adhoc/metrics_setup/playbooks/install.yml b/playbooks/adhoc/metrics_setup/playbooks/install.yml index 235f775ef..a9ec3c1ef 100644 --- a/playbooks/adhoc/metrics_setup/playbooks/install.yml +++ b/playbooks/adhoc/metrics_setup/playbooks/install.yml @@ -16,21 +16,30 @@ - name: "Add metrics-deployer" command: "{{item}}" + run_once: true + register: output + failed_when: ('already exists' not in output.stderr) and (output.rc != 0) with_items: - oc project openshift-infra - oc create -f /tmp/metrics-deployer-setup.yaml - name: "Give metrics-deployer SA permissions" command: "oadm policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer" + run_once: true - name: "Give heapster SA permissions" command: "oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:openshift-infra:heapster" + run_once: true - name: "Create metrics-deployer secret" command: "oc secrets new metrics-deployer nothing=/dev/null" + register: output + failed_when: ('already exists' not in output.stderr) and (output.rc != 0) + run_once: true - name: "Copy metrics.yaml to remote" copy: "src=../files/metrics.yaml dest=/tmp/metrics.yaml force=yes" - name: "Process yml template" shell: "oc process -f /tmp/metrics.yaml -v MASTER_URL={{ masterPublicURL }},REDEPLOY=true,HAWKULAR_METRICS_HOSTNAME={{ metrics_external_service }},IMAGE_PREFIX={{ metrics_image_prefix }},IMAGE_VERSION={{ metrics_image_version }},USE_PERSISTENT_STORAGE=false | oc create -f -" + run_once: true
\ No newline at end of file diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 4edd44fe4..789f66b14 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -22,6 +22,7 @@ - set_fact: is_containerized: "{{ is_atomic or containerized | default(false) | bool }}" +# Stop services on all hosts prior to removing files. - hosts: nodes become: yes tasks: @@ -35,6 +36,46 @@ - origin-node failed_when: false +- hosts: masters + become: yes + tasks: + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - atomic-enterprise-master + - atomic-openshift-master + - atomic-openshift-master-api + - atomic-openshift-master-controllers + - openshift-master + - openshift-master-api + - openshift-master-controllers + - origin-master + - origin-master-api + - origin-master-controllers + - pcsd + failed_when: false + +- hosts: etcd + become: yes + tasks: + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - etcd + failed_when: false + +- hosts: lb + become: yes + tasks: + - name: Stop services + service: name={{ item }} state=stopped + with_items: + - haproxy + failed_when: false + +- hosts: nodes + become: yes + tasks: - name: unmask services command: systemctl unmask "{{ item }}" changed_when: False @@ -72,6 +113,10 @@ - tuned-profiles-openshift-node - tuned-profiles-origin-node + - name: Remove flannel package + action: "{{ ansible_pkg_mgr }} name=flannel state=absent" + when: openshift_use_flannel | default(false) | bool and not is_atomic | bool + - shell: systemctl reset-failed changed_when: False @@ -92,12 +137,6 @@ - vlinuxbr - vovsbr - - name: restart docker - service: name=docker state=restarted - - - name: restart NetworkManager - service: name=NetworkManager state=restarted - - shell: find /var/lib/origin/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true changed_when: False @@ -161,51 +200,44 @@ with_items: - /etc/ansible/facts.d/openshift.fact - /etc/atomic-enterprise + - /etc/dnsmasq.d/origin-dns.conf + - /etc/dnsmasq.d/origin-upstream-dns.conf + - /etc/NetworkManager/dispatcher.d/99-origin-dns.sh - /etc/openshift - /etc/openshift-sdn - /etc/origin - - /etc/systemd/system/atomic-openshift-node.service - - /etc/systemd/system/atomic-openshift-node-dep.service - - /etc/systemd/system/origin-node.service - - /etc/systemd/system/origin-node-dep.service - - /etc/systemd/system/openvswitch.service - /etc/sysconfig/atomic-enterprise-node - /etc/sysconfig/atomic-openshift-node - /etc/sysconfig/atomic-openshift-node-dep - - /etc/sysconfig/origin-node - - /etc/sysconfig/origin-node-dep - /etc/sysconfig/openshift-node - /etc/sysconfig/openshift-node-dep - /etc/sysconfig/openvswitch - /etc/sysconfig/origin-node + - /etc/sysconfig/origin-node + - /etc/sysconfig/origin-node-dep + - /etc/systemd/system/atomic-openshift-node-dep.service + - /etc/systemd/system/atomic-openshift-node.service - /etc/systemd/system/atomic-openshift-node.service.wants + - /etc/systemd/system/docker.service.d/docker-sdn-ovs.conf + - /etc/systemd/system/openvswitch.service + - /etc/systemd/system/origin-node-dep.service + - /etc/systemd/system/origin-node.service + - /etc/systemd/system/origin-node.service.wants - /run/openshift-sdn - /var/lib/atomic-enterprise - /var/lib/openshift - /var/lib/origin - - /etc/NetworkManager/dispatcher.d/99-origin-dns.sh - - /etc/dnsmasq.d/origin-dns.conf - - /etc/dnsmasq.d/origin-upstream-dns.conf + + - name: restart docker + service: name=docker state=restarted + + - name: restart NetworkManager + service: name=NetworkManager state=restarted + - hosts: masters become: yes tasks: - - name: Stop services - service: name={{ item }} state=stopped - with_items: - - atomic-enterprise-master - - atomic-openshift-master - - atomic-openshift-master-api - - atomic-openshift-master-controllers - - openshift-master - - openshift-master-api - - openshift-master-controllers - - origin-master - - origin-master-api - - origin-master-controllers - - pcsd - failed_when: false - - name: unmask services command: systemctl unmask "{{ item }}" changed_when: False @@ -289,6 +321,7 @@ - /usr/local/bin/oadm - /usr/local/bin/oc - /usr/local/bin/kubectl + - /etc/flannel # Since we are potentially removing the systemd unit files for separated # master-api and master-controllers services, so we need to reload the @@ -299,12 +332,6 @@ - hosts: etcd become: yes tasks: - - name: Stop services - service: name={{ item }} state=stopped - with_items: - - etcd - failed_when: false - - name: unmask services command: systemctl unmask "{{ item }}" changed_when: False @@ -338,17 +365,18 @@ - /etc/ansible/facts.d/openshift.fact - /etc/etcd - /etc/systemd/system/etcd_container.service - - /var/lib/etcd + + # Intenationally using rm command over file module because if someone had mounted a filesystem + # at /var/lib/etcd then the contents was not removed correctly + - name: Remove etcd data + shell: rm -rf /var/lib/etcd/* + args: + warn: no + failed_when: false - hosts: lb become: yes tasks: - - name: Stop services - service: name={{ item }} state=stopped - with_items: - - haproxy - failed_when: false - - name: unmask services command: systemctl unmask "{{ item }}" changed_when: False diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml index 647c72239..05cfe7d6e 100644 --- a/playbooks/aws/openshift-cluster/config.yml +++ b/playbooks/aws/openshift-cluster/config.yml @@ -30,7 +30,7 @@ openshift_hosted_router_selector: 'type=infra' openshift_node_labels: region: "{{ deployment_vars[deployment_type].region }}" - type: "{{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] if inventory_hostname in groups['tag_host-type_node'] else hostvars[inventory_hostname]['ec2_tag_host-type'] }}" + type: "{{ hostvars[inventory_hostname]['ec2_tag_sub-host-type'] }}" openshift_master_cluster_method: 'native' openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index 0a931fbe0..0b85b2485 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -5,6 +5,8 @@ connection: local become: no gather_facts: no + tags: + - always tasks: - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml - add_host: @@ -14,6 +16,8 @@ - hosts: l_oo_all_hosts gather_facts: no + tags: + - always tasks: - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml @@ -22,3 +26,4 @@ openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_debug_level: "{{ debug_level | default(2) }}" openshift_deployment_type: "{{ deployment_type }}" + openshift_deployment_subtype: "{{ deployment_subtype | default(none) }}" diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml index 1c8d99341..0ba11a21b 100644 --- a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml +++ b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml @@ -1,4 +1,6 @@ --- +- include: ../../common/openshift-cluster/verify_ansible_version.yml + - hosts: localhost connection: local become: no @@ -8,7 +10,7 @@ - add_host: name: "{{ item }}" groups: l_oo_all_hosts - with_items: g_all_hosts + with_items: "{{ g_all_hosts | default([]) }}" - hosts: l_oo_all_hosts gather_facts: no diff --git a/playbooks/byo/openshift-cluster/redeploy-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-certificates.yml new file mode 100644 index 000000000..6d1247e0f --- /dev/null +++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml @@ -0,0 +1,22 @@ +--- +- include: ../../common/openshift-cluster/verify_ansible_version.yml + +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: "{{ g_all_hosts | default([]) }}" + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml + +- include: ../../common/openshift-cluster/redeploy-certificates.yml + vars: + openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/nuke_images.sh b/playbooks/byo/openshift-cluster/upgrades/docker/nuke_images.sh new file mode 120000 index 000000000..d5d864b63 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/docker/nuke_images.sh @@ -0,0 +1 @@ +../../../../common/openshift-cluster/upgrades/files/nuke_images.sh
\ No newline at end of file diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_2/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_2/README.md index 62577c3df..30603463a 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_2/README.md +++ b/playbooks/byo/openshift-cluster/upgrades/v3_2/README.md @@ -1,10 +1,12 @@ -# v3.1 to v3.2 upgrade playbook +# v3.2 Major and Minor Upgrade Playbook ## Overview This playbook currently performs the following steps. * Upgrade and restart master services + * Unschedule node. + * Upgrade and restart docker * Upgrade and restart node services * Modifies the subset of the configuration necessary * Applies the latest cluster policies @@ -13,4 +15,4 @@ following steps. * Updates image streams and quickstarts ## Usage -ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml index e28313221..5d549eee7 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml @@ -47,11 +47,19 @@ openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}" when: openshift_docker_log_options is not defined -- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml + +# Configure the upgrade target for the common upgrade tasks: +- hosts: l_oo_all_hosts + tasks: + - set_fact: + openshift_upgrade_target: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" + openshift_upgrade_min: "{{ '1.1' if deployment_type == 'origin' else '3.1' }}" + +- include: ../../../../common/openshift-cluster/upgrades/pre.yml vars: openshift_deployment_type: "{{ deployment_type }}" -- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +- include: ../../../../common/openshift-cluster/upgrades/upgrade.yml vars: openshift_deployment_type: "{{ deployment_type }}" - include: ../../../openshift-master/restart.yml -- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml +- include: ../../../../common/openshift-cluster/upgrades/post.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_3/README.md new file mode 100644 index 000000000..6892f6324 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/README.md @@ -0,0 +1,18 @@ +# v3.3 Major and Minor Upgrade Playbook + +## Overview +This playbook currently performs the +following steps. + + * Upgrade and restart master services + * Unschedule node. + * Upgrade and restart docker + * Upgrade and restart node services + * Modifies the subset of the configuration necessary + * Applies the latest cluster policies + * Updates the default router if one exists + * Updates the default registry if one exists + * Updates image streams and quickstarts + +## Usage +ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml new file mode 100644 index 000000000..e740b12c0 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml @@ -0,0 +1,67 @@ +--- +- include: ../../../../common/openshift-cluster/verify_ansible_version.yml + +- hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + - add_host: + name: "{{ item }}" + groups: l_oo_all_hosts + with_items: g_all_hosts | default([]) + +- hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml + +- include: ../../../../common/openshift-cluster/evaluate_groups.yml + vars: + # Do not allow adding hosts during upgrade. + g_new_master_hosts: [] + g_new_node_hosts: [] + openshift_cluster_id: "{{ cluster_id | default('default') }}" + openshift_deployment_type: "{{ deployment_type }}" + +- name: Set oo_options + hosts: oo_all_hosts + tasks: + - set_fact: + openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" + when: openshift_docker_additional_registries is not defined + - set_fact: + openshift_docker_insecure_registries: "{{ lookup('oo_option', 'docker_insecure_registries') }}" + when: openshift_docker_insecure_registries is not defined + - set_fact: + openshift_docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') }}" + when: openshift_docker_blocked_registries is not defined + - set_fact: + openshift_docker_options: "{{ lookup('oo_option', 'docker_options') }}" + when: openshift_docker_options is not defined + - set_fact: + openshift_docker_log_driver: "{{ lookup('oo_option', 'docker_log_driver') }}" + when: openshift_docker_log_driver is not defined + - set_fact: + openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}" + when: openshift_docker_log_options is not defined + + +# Configure the upgrade target for the common upgrade tasks: +- hosts: l_oo_all_hosts + tasks: + - set_fact: + openshift_upgrade_target: "{{ '1.3' if deployment_type == 'origin' else '3.3' }}" + openshift_upgrade_min: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" + +- include: ../../../../common/openshift-cluster/upgrades/pre.yml + vars: + openshift_deployment_type: "{{ deployment_type }}" +- include: ../../../../common/openshift-cluster/upgrades/upgrade.yml + vars: + openshift_deployment_type: "{{ deployment_type }}" + master_config_hook: "v3_3/master_config_upgrade.yml" + node_config_hook: "v3_3/node_config_upgrade.yml" +- include: ../../../openshift-master/restart.yml +- include: ../../../../common/openshift-cluster/upgrades/post.yml diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml index d966b58fd..8c0708df0 100644 --- a/playbooks/byo/openshift_facts.yml +++ b/playbooks/byo/openshift_facts.yml @@ -10,7 +10,7 @@ - add_host: name: "{{ item }}" groups: l_oo_all_hosts - with_items: g_all_hosts + with_items: "{{ g_all_hosts }}" - hosts: l_oo_all_hosts gather_facts: no diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml index e9fb3de96..26b31d313 100644 --- a/playbooks/common/openshift-cluster/additional_config.yml +++ b/playbooks/common/openshift-cluster/additional_config.yml @@ -1,11 +1,3 @@ -- name: Configure flannel - hosts: oo_first_master - vars: - etcd_urls: "{{ openshift.master.etcd_urls }}" - roles: - - role: flannel_register - when: openshift.common.use_flannel | bool - - name: Additional master configuration hosts: oo_first_master vars: @@ -23,8 +15,6 @@ when: openshift.common.use_manageiq | bool - role: cockpit when: not openshift.common.is_atomic and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and - (osm_use_cockpit | bool or osm_use_cockpit is undefined ) + (osm_use_cockpit | bool or osm_use_cockpit is undefined ) and ( openshift.common.deployment_subtype != 'registry' ) - role: flannel_register when: openshift.common.use_flannel | bool - - diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 5cf5df08e..d6a99fcda 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,14 +1,22 @@ --- - include: evaluate_groups.yml + tags: + - always - include: initialize_facts.yml + tags: + - always - include: validate_hostnames.yml + tags: + - node - include: initialize_openshift_version.yml - name: Set oo_options hosts: oo_all_hosts + tags: + - always tasks: - set_fact: openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" @@ -30,15 +38,29 @@ when: openshift_docker_log_options is not defined - include: ../openshift-etcd/config.yml + tags: + - etcd - include: ../openshift-nfs/config.yml + tags: + - nfs - include: ../openshift-loadbalancer/config.yml + tags: + - loadbalancer - include: ../openshift-master/config.yml + tags: + - master - include: additional_config.yml + tags: + - master - include: ../openshift-node/config.yml + tags: + - node - include: openshift_hosted.yml + tags: + - hosted diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml index f2bcc872f..4cfe8617e 100644 --- a/playbooks/common/openshift-cluster/enable_dnsmasq.yml +++ b/playbooks/common/openshift-cluster/enable_dnsmasq.yml @@ -8,11 +8,12 @@ post_tasks: - fail: msg="This playbook requires a master version of at least Origin 1.1 or OSE 3.1" when: not openshift.common.version_gte_3_1_1_or_1_1_1 | bool - + - name: Reconfigure masters to listen on our new dns_port hosts: oo_masters_to_config handlers: - include: ../../../roles/openshift_master/handlers/main.yml + static: yes vars: os_firewall_allow: - service: skydns tcp @@ -43,6 +44,7 @@ hosts: oo_nodes_to_config handlers: - include: ../../../roles/openshift_node/handlers/main.yml + static: yes pre_tasks: - openshift_facts: role: "{{ item.role }}" diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index 3fb42a7fa..b3e02fb97 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -77,7 +77,7 @@ ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_master_hosts | default([]) }}" - when: g_nodeonmaster | default(false) == true and g_new_node_hosts is not defined + when: g_nodeonmaster | default(false) | bool and not g_new_node_hosts | default(false) | bool - name: Evaluate oo_first_etcd add_host: diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index 4d4a09828..4aca4daf4 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -1,5 +1,8 @@ +--- - name: Create persistent volumes hosts: oo_first_master + tags: + - hosted vars: persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" @@ -9,6 +12,8 @@ - name: Create Hosted Resources hosts: oo_first_master + tags: + - hosted pre_tasks: - set_fact: openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}" @@ -36,6 +41,90 @@ openshift_serviceaccounts_sccs: - privileged when: not openshift.common.version_gte_3_2_or_1_2 + - role: openshift_hosted - role: openshift_metrics when: openshift.hosted.metrics.deploy | bool - - role: openshift_hosted + - role: cockpit-ui + when: openshift.common.deployment_subtype == 'registry' + +- name: Configure CA certificate for secure registry + hosts: oo_nodes_to_config + tags: + - hosted + tasks: + - name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + when: openshift.common.deployment_subtype == 'registry' + changed_when: false + delegate_to: "{{ groups.oo_first_master.0 }}" + run_once: true + - set_fact: + openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + when: openshift.common.deployment_subtype == 'registry' + delegate_to: "{{ groups.oo_first_master.0 }}" + run_once: true + - name: Copy the admin client config(s) + command: > + cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_hosted_kubeconfig }} + when: openshift.common.deployment_subtype == 'registry' + changed_when: false + delegate_to: "{{ groups.oo_first_master.0 }}" + run_once: true + - name: Retrieve docker-registry route + command: > + {{ openshift.common.client_binary }} get route docker-registry + --template='{{ '{{' }} .spec.host {{ '}}' }}' + --config={{ openshift_hosted_kubeconfig }} + -n default + register: docker_registry_route + when: openshift.common.deployment_subtype == 'registry' + changed_when: false + delegate_to: "{{ groups.oo_first_master.0 }}" + run_once: true + - name: Retrieve registry service IP + command: > + {{ openshift.common.client_binary }} get service docker-registry + --template='{{ '{{' }} .spec.clusterIP {{ '}}' }}' + --config={{ openshift_hosted_kubeconfig }} + -n default + register: docker_registry_service_ip + when: openshift.common.deployment_subtype == 'registry' + changed_when: false + delegate_to: "{{ groups.oo_first_master.0 }}" + run_once: true + - name: Create registry CA directories + file: + path: "/etc/docker/certs.d/{{ item }}" + state: directory + with_items: + - "{{ docker_registry_service_ip.stdout }}:5000" + - "{{ docker_registry_route.stdout }}" + - "docker-registry.default.svc.cluster.local:5000" + when: openshift.common.deployment_subtype == 'registry' + - name: Copy CA to registry CA directories + copy: + src: "{{ openshift.common.config_base }}/node/ca.crt" + dest: "/etc/docker/certs.d/{{ item }}" + remote_src: yes + force: yes + with_items: + - "{{ docker_registry_service_ip.stdout }}:5000" + - "{{ docker_registry_route.stdout }}" + - "docker-registry.default.svc.cluster.local:5000" + when: openshift.common.deployment_subtype == 'registry' + notify: + - Restart docker + - name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + when: openshift.common.deployment_subtype == 'registry' + changed_when: False + delegate_to: "{{ groups.oo_first_master.0 }}" + run_once: true + handlers: + - name: Restart docker + service: + name: docker + state: restarted diff --git a/playbooks/common/openshift-cluster/redeploy-certificates.yml b/playbooks/common/openshift-cluster/redeploy-certificates.yml new file mode 100644 index 000000000..5b72c3450 --- /dev/null +++ b/playbooks/common/openshift-cluster/redeploy-certificates.yml @@ -0,0 +1,255 @@ +--- +- include: evaluate_groups.yml + +- include: initialize_facts.yml + +- include: initialize_openshift_version.yml + +- name: Load openshift_facts + hosts: oo_etcd_to_config:oo_masters_to_config:oo_nodes_to_config + roles: + - openshift_facts + +- name: Redeploy etcd certificates + hosts: oo_etcd_to_config + any_errors_fatal: true + vars: + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_conf_dir: /etc/etcd + etcd_generated_certs_dir: "{{ etcd_conf_dir }}/generated_certs" + + pre_tasks: + - stat: + path: "{{ etcd_generated_certs_dir }}" + register: etcd_generated_certs_dir_stat + - name: Backup etcd certificates + command: > + tar -czvf /etc/etcd/etcd-certificate-backup-{{ ansible_date_time.epoch }}.tgz + {{ etcd_conf_dir }}/ca.crt + {{ etcd_conf_dir }}/ca + {{ etcd_generated_certs_dir }} + when: etcd_generated_certs_dir_stat.stat.exists + delegate_to: "{{ etcd_ca_host }}" + run_once: true + - name: Remove existing etcd certificates + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ etcd_conf_dir }}/ca.crt" + - "{{ etcd_conf_dir }}/ca" + - "{{ etcd_generated_certs_dir }}" + roles: + - role: openshift_etcd_server_certificates + etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" + etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" + etcd_certificates_redeploy: true + +- name: Redeploy master certificates + hosts: oo_masters_to_config + any_errors_fatal: true + vars: + openshift_ca_host: "{{ groups.oo_first_master.0 }}" + openshift_master_count: "{{ openshift.master.master_count | default(groups.oo_masters | length) }}" + pre_tasks: + # set_fact task copied from playbooks/common/openshift-master/config.yml + # so that openshift_master_default_subdomain has a default value of "" + # (emptry string). openshift_master_default_subdomain must have a default + # value for openshift_master_facts to set metrics_public_url. + # TODO: clean this up. + - set_fact: + openshift_master_default_subdomain: "{{ lookup('oo_option', 'openshift_master_default_subdomain') | default(None, true) }}" + when: openshift_master_default_subdomain is not defined + - stat: + path: "{{ openshift_generated_configs_dir }}" + register: openshift_generated_configs_dir_stat + - name: Backup generated certificate and config directories + command: > + tar -czvf /etc/origin/master-node-cert-config-backup-{{ ansible_date_time.epoch }}.tgz + {{ openshift_generated_configs_dir }} + {{ openshift.common.config_base }}/master + when: openshift_generated_configs_dir_stat.stat.exists + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - name: Remove generated certificate directories + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ openshift_generated_configs_dir }}" + - name: Remove generated certificates + file: + path: "{{ openshift.common.config_base }}/master/{{ item }}" + state: absent + with_items: + - "{{ hostvars[inventory_hostname] | certificates_to_synchronize(include_keys=false) }}" + - "etcd.server.crt" + - "etcd.server.key" + - "master.etcd-client.crt" + - "master.etcd-client.key" + - "master.server.crt" + - "master.server.key" + - "openshift-master.crt" + - "openshift-master.key" + - "openshift-master.kubeconfig" + - name: Remove CA certificate + file: + path: "{{ openshift.common.config_base }}/master/{{ item }}" + state: absent + when: openshift_certificates_redeploy_ca | default(false) | bool + with_items: + - "ca.crt" + - "ca.key" + - "ca.serial.txt" + - "ca-bundle.crt" + roles: + - role: openshift_master_certificates + openshift_master_etcd_hosts: "{{ hostvars + | oo_select_keys(groups['oo_etcd_to_config'] | default([])) + | oo_collect('openshift.common.hostname') + | default(none, true) }}" + openshift_master_hostnames: "{{ hostvars + | oo_select_keys(groups['oo_masters_to_config'] | default([])) + | oo_collect('openshift.common.all_hostnames') + | oo_flatten | unique }}" + openshift_certificates_redeploy: true + - role: openshift_etcd_client_certificates + etcd_certificates_redeploy: true + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}" + etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" + etcd_cert_prefix: "master.etcd-" + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config + +- name: Redeploy node certificates + hosts: oo_nodes_to_config + any_errors_fatal: true + pre_tasks: + - name: Remove CA certificate + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ openshift.common.config_base }}/node/ca.crt" + roles: + - role: openshift_node_certificates + openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" + openshift_ca_host: "{{ groups.oo_first_master.0 }}" + openshift_certificates_redeploy: true + +- name: Restart etcd + hosts: oo_etcd_to_config + tasks: + - name: restart etcd + service: + name: "{{ 'etcd' if not openshift.common.is_containerized | bool else 'etcd_container' }}" + state: restarted + +- name: Stop master services + hosts: oo_masters_to_config + vars: + openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" + tasks: + - name: stop master + service: name={{ openshift.common.service_type }}-master state=stopped + when: not openshift_master_ha | bool + - name: stop master api + service: name={{ openshift.common.service_type }}-master-api state=stopped + when: openshift_master_ha | bool and openshift_master_cluster_method == 'native' + - name: stop master controllers + service: name={{ openshift.common.service_type }}-master-controllers state=stopped + when: openshift_master_ha | bool and openshift_master_cluster_method == 'native' + +- name: Start master services + hosts: oo_masters_to_config + serial: 1 + vars: + openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" + tasks: + - name: start master + service: name={{ openshift.common.service_type }}-master state=started + when: not openshift_master_ha | bool + - name: start master api + service: name={{ openshift.common.service_type }}-master-api state=started + when: openshift_master_ha | bool and openshift_master_cluster_method == 'native' + - name: start master controllers + service: name={{ openshift.common.service_type }}-master-controllers state=started + when: openshift_master_ha | bool and openshift_master_cluster_method == 'native' + +- name: Restart masters (pacemaker) + hosts: oo_first_master + vars: + openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" + tasks: + - name: restart master + command: pcs resource restart master + when: openshift_master_ha | bool and openshift_master_cluster_method == 'pacemaker' + +- name: Restart nodes + hosts: oo_nodes_to_config + tasks: + - name: restart node + service: name={{ openshift.common.service_type }}-node state=restarted + +- name: Copy admin client config(s) + hosts: oo_first_master + tasks: + - name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + + - name: Copy admin client config(s) + command: > + cp {{ openshift.common.config_base }}/master//admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig + changed_when: False + +- name: Serially evacuate all nodes to trigger redeployments + hosts: oo_nodes_to_config + serial: 1 + any_errors_fatal: true + tasks: + - name: Determine if node is currently scheduleable + command: > + {{ openshift.common.client_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig + get node {{ openshift.common.hostname | lower }} -o json + register: node_output + when: openshift_certificates_redeploy_ca | default(false) | bool + delegate_to: "{{ groups.oo_first_master.0 }}" + changed_when: false + + - set_fact: + was_schedulable: "{{ 'unschedulable' not in (node_output.stdout | from_json).spec }}" + when: openshift_certificates_redeploy_ca | default(false) | bool + + - name: Prepare for node evacuation + command: > + {{ openshift.common.admin_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig + manage-node {{ openshift.common.hostname | lower }} + --schedulable=false + delegate_to: "{{ groups.oo_first_master.0 }}" + when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool + + - name: Evacuate node + command: > + {{ openshift.common.admin_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig + manage-node {{ openshift.common.hostname | lower }} + --evacuate --force + delegate_to: "{{ groups.oo_first_master.0 }}" + when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool + + - name: Set node schedulability + command: > + {{ openshift.common.admin_binary }} --config={{ hostvars[groups.oo_first_master.0].mktemp.stdout }}/admin.kubeconfig + manage-node {{ openshift.common.hostname | lower }} --schedulable=true + delegate_to: "{{ groups.oo_first_master.0 }}" + when: openshift_certificates_redeploy_ca | default(false) | bool and was_schedulable | bool + +- name: Delete temporary directory + hosts: oo_first_master + tasks: + - name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/playbooks/common/openshift-cluster/upgrades/atomic-openshift-master.j2 b/playbooks/common/openshift-cluster/upgrades/atomic-openshift-master.j2 new file mode 120000 index 000000000..2441f8887 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/atomic-openshift-master.j2 @@ -0,0 +1 @@ +../../../../roles/openshift_master/templates/atomic-openshift-master.j2
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_node_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/containerized_node_upgrade.yml index 60ea84f8e..32a3636aa 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_node_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/containerized_node_upgrade.yml @@ -1,7 +1,7 @@ -- include_vars: ../../../../../roles/openshift_node/vars/main.yml +- include_vars: ../../../../roles/openshift_node/vars/main.yml - name: Update systemd units - include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version={{ openshift_image_tag }} + include: ../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version={{ openshift_image_tag }} - name: Verifying the correct version was configured shell: grep {{ verify_upgrade_version }} {{ item }} diff --git a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml new file mode 100644 index 000000000..e8a20aa2b --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml @@ -0,0 +1,69 @@ +--- +- name: Create local temp directory for syncing certs + hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + register: local_cert_sync_tmpdir + changed_when: false + +- name: Create service signer certificate + hosts: oo_first_master + tasks: + - name: Create remote temp directory for creating certs + command: mktemp -d /tmp/openshift-ansible-XXXXXXX + register: remote_cert_create_tmpdir + changed_when: false + + - name: Create service signer certificate + command: > + {{ openshift.common.admin_binary }} ca create-signer-cert + --cert=service-signer.crt + --key=service-signer.key + --name=openshift-service-serving-signer + --serial=service-signer.serial.txt + args: + chdir: "{{ remote_cert_create_tmpdir.stdout }}/" + + - name: Retrieve service signer certificate + fetch: + src: "{{ remote_cert_create_tmpdir.stdout }}/{{ item }}" + dest: "{{ hostvars.localhost.local_cert_sync_tmpdir.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + with_items: + - "service-signer.crt" + - "service-signer.key" + + - name: Delete remote temp directory + file: + name: "{{ remote_cert_create_tmpdir.stdout }}" + state: absent + changed_when: false + +- name: Deploy service signer certificate + hosts: oo_masters_to_config + tasks: + - name: Deploy service signer certificate + copy: + src: "{{ hostvars.localhost.local_cert_sync_tmpdir.stdout }}/{{ item }}" + dest: "{{ openshift.common.config_base }}/master/" + with_items: + - "service-signer.crt" + - "service-signer.key" + +- name: Delete local temp directory + hosts: localhost + connection: local + become: no + gather_facts: no + tasks: + - name: Delete local temp directory + file: + name: "{{ local_cert_sync_tmpdir.stdout }}" + state: absent + changed_when: false diff --git a/playbooks/common/openshift-cluster/upgrades/docker-cluster b/playbooks/common/openshift-cluster/upgrades/docker-cluster new file mode 120000 index 000000000..055ad09fc --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/docker-cluster @@ -0,0 +1 @@ +../../../../roles/openshift_master/templates/docker-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml index 20d66522f..417096dd0 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml @@ -13,14 +13,36 @@ failed_when: false when: openshift.common.is_containerized | bool +- name: Check Docker image count + shell: "docker images -aq | wc -l" + register: docker_image_count + +- debug: var=docker_image_count.stdout + - name: Remove all containers and images script: nuke_images.sh docker register: nuke_images_result when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool +- name: Check Docker image count + shell: "docker images -aq | wc -l" + register: docker_image_count + when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool + +- debug: var=docker_image_count.stdout + when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool + +- service: name=docker state=stopped + - name: Upgrade Docker action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version }} state=present" +- service: name=docker state=started + +- name: Update docker facts + openshift_facts: + role: docker + - name: Restart containerized services service: name={{ item }} state=started with_items: diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml index 06b3e244f..8002af4fc 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml @@ -28,7 +28,7 @@ - fail: msg: This playbook requires access to Docker 1.10 or later # Disable the 1.10 requirement if the user set a specific Docker version - when: avail_docker_version.stdout | version_compare('1.10','<') and docker_version is not defined + when: docker_version is not defined and (docker_upgrade is not defined or docker_upgrade | bool == True) and (avail_docker_version.stdout == "" or avail_docker_version.stdout | version_compare('1.10','<')) # Default l_docker_upgrade to False, we'll set to True if an upgrade is required: - set_fact: diff --git a/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh b/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh index 6b155f7fa..8635eab0d 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/nuke_images.sh @@ -15,9 +15,11 @@ then fi # Delete all images (forcefully) -image_ids=`docker images -q` +image_ids=`docker images -aq` if test -n "$image_ids" then - # Taken from: https://gist.github.com/brianclements/f72b2de8e307c7b56689#gistcomment-1443144 - docker rmi $(docker images | grep "$2/\|/$2 \| $2 \|$2 \|$2-\|$2_" | awk '{print $1 ":" $2}') 2>/dev/null || echo "No images matching \"$2\" left to purge." + # Some layers are deleted recursively and are no longer present + # when docker goes to remove them: + docker rmi -f `docker images -aq` || true fi + diff --git a/playbooks/common/openshift-cluster/upgrades/master_docker b/playbooks/common/openshift-cluster/upgrades/master_docker new file mode 120000 index 000000000..6aeca2842 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/master_docker @@ -0,0 +1 @@ +../../../../roles/openshift_master/templates/master_docker
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/native-cluster b/playbooks/common/openshift-cluster/upgrades/native-cluster new file mode 120000 index 000000000..4af88e666 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/native-cluster @@ -0,0 +1 @@ +../../../../roles/openshift_master/templates/native-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.dep.service b/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.dep.service new file mode 120000 index 000000000..add8b7fa9 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.dep.service @@ -0,0 +1 @@ +../../../../roles/openshift_node/templates/openshift.docker.node.dep.service
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.service b/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.service new file mode 120000 index 000000000..ed181633d --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/openshift.docker.node.service @@ -0,0 +1 @@ +../../../../roles/openshift_node/templates/openshift.docker.node.service
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/openvswitch.docker.service b/playbooks/common/openshift-cluster/upgrades/openvswitch.docker.service new file mode 120000 index 000000000..c21e895f2 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/openvswitch.docker.service @@ -0,0 +1 @@ +../../../../roles/openshift_node/templates/openvswitch.docker.service
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/openvswitch.sysconfig.j2 b/playbooks/common/openshift-cluster/upgrades/openvswitch.sysconfig.j2 new file mode 120000 index 000000000..ead6904c4 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/openvswitch.sysconfig.j2 @@ -0,0 +1 @@ +../../../../roles/openshift_node/templates/openvswitch.sysconfig.j2
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/post.yml index ccf9514f1..e43954453 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/post.yml @@ -57,3 +57,16 @@ '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' --api-version=v1 +# Check for warnings to be printed at the end of the upgrade: +- name: Check for warnings + hosts: oo_masters_to_config + tasks: + # Check if any masters are using pluginOrderOverride and warn if so, only for 1.3/3.3 and beyond: + - command: > + grep pluginOrderOverride {{ openshift.common.config_base }}/master/master-config.yaml + register: grep_plugin_order_override + when: openshift.common.version_gte_3_3_or_1_3 | bool + failed_when: false + - name: Warn if pluginOrderOverride is in use in master-config.yaml + debug: msg="WARNING pluginOrderOverride is being deprecated in master-config.yaml, please see https://docs.openshift.com/enterprise/latest/architecture/additional_concepts/admission_controllers.html for more information." + when: not grep_plugin_order_override | skipped and grep_plugin_order_override.rc == 0 diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/pre.yml index a32123952..42a24eaf8 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre.yml @@ -3,7 +3,7 @@ # Evaluate host groups and gather facts ############################################################################### -- include: ../../initialize_facts.yml +- include: ../initialize_facts.yml - name: Update repos and initialize facts on all hosts hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config @@ -39,7 +39,6 @@ - name: Verify upgrade can proceed on first master hosts: oo_first_master vars: - target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" g_pacemaker_upgrade_url_segment: "{{ 'org/latest' if deployment_type =='origin' else '.com/enterprise/3.1' }}" gather_facts: no tasks: @@ -63,14 +62,14 @@ - fail: msg: > openshift_pkg_version is {{ openshift_pkg_version }} which is not a - valid version for a {{ target_version }} upgrade - when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(target_version ,'<') + valid version for a {{ openshift_upgrade_target }} upgrade + when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(openshift_upgrade_target ,'<') - fail: msg: > openshift_image_tag is {{ openshift_image_tag }} which is not a - valid version for a {{ target_version }} upgrade - when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(target_version ,'<') + valid version for a {{ openshift_upgrade_target }} upgrade + when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(openshift_upgrade_target ,'<') - set_fact: openshift_release: "{{ openshift_release[1:] }}" @@ -79,15 +78,15 @@ - fail: msg: > openshift_release is {{ openshift_release }} which is not a - valid release for a {{ target_version }} upgrade - when: openshift_release is defined and not openshift_release | version_compare(target_version ,'=') + valid release for a {{ openshift_upgrade_target }} upgrade + when: openshift_release is defined and not openshift_release | version_compare(openshift_upgrade_target ,'=') -- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml +- include: ../../../common/openshift-cluster/initialize_openshift_version.yml vars: - # Request openshift_release 3.2 and let the openshift_version role handle converting this + # Request specific openshift_release and let the openshift_version role handle converting this # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" + openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False # Docker role (a dependency) should be told not to do anything to installed version # of docker, we handle this separately during upgrade. (the inventory may have a @@ -141,7 +140,6 @@ - name: Verify upgrade targets hosts: oo_masters_to_config:oo_nodes_to_config vars: - target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" pre_tasks: - fail: @@ -175,48 +173,24 @@ register: avail_openshift_version when: not openshift.common.is_containerized | bool - - name: Verify OpenShift 3.2 RPMs are available for upgrade + - name: Verify OpenShift RPMs are available for upgrade fail: - msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but 3.2 or greater is required" - when: deployment_type != 'origin' and not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<') - - - name: Verify Origin 1.2 RPMs are available for upgrade - fail: - msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but 1.2 or greater is required" - when: deployment_type == 'origin' and not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<') - - # TODO: Are these two grep checks necessary anymore? - # Note: the version number is hardcoded here in hopes of catching potential - # bugs in how g_aos_versions.curr_version is set - - name: Verifying the correct version is installed for upgrade - shell: grep 3.1.1.6 {{ item }} - with_items: - - /etc/sysconfig/openvswitch - - /etc/sysconfig/{{ openshift.common.service_type }}* - when: verify_upgrade_version is defined - - - name: Verifying the image version is used in the systemd unit - shell: grep IMAGE_VERSION {{ item }} - with_items: - - /etc/systemd/system/openvswitch.service - - /etc/systemd/system/{{ openshift.common.service_type }}*.service - when: openshift.common.is_containerized | bool and verify_upgrade_version is defined - - - fail: - msg: This upgrade playbook must be run on Origin 1.1 or later - when: deployment_type == 'origin' and openshift.common.version | version_compare('1.1','<') + msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but {{ openshift_upgrade_target }} or greater is required" + when: not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<') - fail: - msg: This upgrade playbook must be run on OpenShift Enterprise 3.1 or later - when: deployment_type == 'atomic-openshift' and openshift.common.version | version_compare('3.1','<') + msg: "This upgrade playbook must be run against OpenShift {{ openshift_upgrade_min }} or later" + when: deployment_type == 'origin' and openshift.common.version | version_compare(openshift_upgrade_min,'<') - name: Verify docker upgrade targets hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config tasks: - - name: Determine available Docker - script: ../files/rpm_versions.sh docker - register: g_docker_version_result - when: not openshift.common.is_atomic | bool + # Only check if docker upgrade is required if docker_upgrade is not + # already set to False. + - include: docker/upgrade_check.yml + when: docker_upgrade is not defined or docker_upgrade | bool and not openshift.common.is_atomic | bool + + # Additional checks for Atomic hosts: - name: Determine available Docker shell: "rpm -q --queryformat '---\ncurr_version: %{VERSION}\navail_version: \n' docker" @@ -224,18 +198,12 @@ when: openshift.common.is_atomic | bool - set_fact: - g_docker_version: "{{ g_docker_version_result.stdout | from_yaml }}" - when: not openshift.common.is_atomic | bool - - - set_fact: - g_docker_version: "{{ g_atomic_docker_version_result.stdout | from_yaml }}" + l_docker_version: "{{ g_atomic_docker_version_result.stdout | from_yaml }}" when: openshift.common.is_atomic | bool - fail: msg: This playbook requires access to Docker 1.10 or later - when: g_docker_version.avail_version | default(g_docker_version.curr_version, true) | version_compare('1.10','<') - - # TODO: add check to upgrade ostree to get latest Docker + when: openshift.common.is_atomic | bool and l_docker_version.avail_version | default(l_docker_version.curr_version, true) | version_compare('1.10','<') - set_fact: pre_upgrade_complete: True diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml index f5e4d807e..f5e4d807e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/upgrade.yml index 59cedc839..ba4fc63be 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade.yml @@ -3,23 +3,77 @@ # The restart playbook should be run after this playbook completes. ############################################################################### +# Separate step so we can execute in parallel and clear out anything unused +# before we get into the serialized upgrade process which will then remove +# remaining images if possible. +- name: Cleanup unused Docker images + hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config + tasks: + - name: Check Docker image count + shell: "docker images -aq | wc -l" + register: docker_image_count + when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool + + - debug: var=docker_image_count.stdout + when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool + + - name: Remove unused Docker images for Docker 1.10+ migration + shell: "docker rmi `docker images -aq`" + # Will fail on images still in use: + failed_when: false + when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool + + - name: Check Docker image count + shell: "docker images -aq | wc -l" + register: docker_image_count + when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool + + - debug: var=docker_image_count.stdout + when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool + ############################################################################### # Upgrade Masters ############################################################################### -- name: Upgrade master +- name: Upgrade master packages hosts: oo_masters_to_config handlers: - - include: ../../../../../roles/openshift_master/handlers/main.yml + - include: ../../../../roles/openshift_master/handlers/main.yml + static: yes roles: - openshift_facts tasks: - include: rpm_upgrade.yml component=master when: not openshift.common.is_containerized | bool - - include_vars: ../../../../../roles/openshift_master/vars/main.yml +- name: Determine if service signer cert must be created + hosts: oo_first_master + tasks: + - name: Determine if service signer certificate must be created + stat: + path: "{{ openshift.common.config_base }}/master/service-signer.crt" + register: service_signer_cert_stat + changed_when: false + +# Create service signer cert when missing. Service signer certificate +# is added to master config in the master config hook for v3_3. +- include: create_service_signer_cert.yml + when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool) + +- name: Upgrade master config and systemd units + hosts: oo_masters_to_config + handlers: + - include: ../../../../roles/openshift_master/handlers/main.yml + static: yes + roles: + - openshift_facts + tasks: + - include: "{{ master_config_hook }}" + when: master_config_hook is defined + + - include_vars: ../../../../roles/openshift_master/vars/main.yml - name: Update systemd units - include: ../../../../../roles/openshift_master/tasks/systemd_units.yml + include: ../../../../roles/openshift_master/tasks/systemd_units.yml # - name: Upgrade master configuration # openshift_upgrade_config: @@ -28,6 +82,31 @@ # role: master # config_base: "{{ hostvars[inventory_hostname].openshift.common.config_base }}" + - name: Check for ca-bundle.crt + stat: + path: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + register: ca_bundle_stat + failed_when: false + + - name: Check for ca.crt + stat: + path: "{{ openshift.common.config_base }}/master/ca.crt" + register: ca_crt_stat + failed_when: false + + - name: Migrate ca.crt to ca-bundle.crt + command: mv ca.crt ca-bundle.crt + args: + chdir: "{{ openshift.common.config_base }}/master" + when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists + + - name: Link ca.crt to ca-bundle.crt + file: + src: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + path: "{{ openshift.common.config_base }}/master/ca.crt" + state: link + when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists + - name: Set master update status to complete hosts: oo_masters_to_config tasks: @@ -53,6 +132,52 @@ when: master_update_failed | length > 0 ############################################################################### +# Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints +############################################################################### + +- name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints + hosts: oo_masters_to_config + roles: + - { role: openshift_cli } + vars: + origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}" + ent_reconcile_bindings: true + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + # Similar to pre.yml, we don't want to upgrade docker during the openshift_cli role, + # it will be updated when we perform node upgrade. + docker_protect_installed_version: True + tasks: + - name: Verifying the correct commandline tools are available + shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}} + when: openshift.common.is_containerized | bool and verify_upgrade_version is defined + + - name: Reconcile Cluster Roles + command: > + {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig + policy reconcile-cluster-roles --additive-only=true --confirm + run_once: true + + - name: Reconcile Cluster Role Bindings + command: > + {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig + policy reconcile-cluster-role-bindings + --exclude-groups=system:authenticated + --exclude-groups=system:authenticated:oauth + --exclude-groups=system:unauthenticated + --exclude-users=system:anonymous + --additive-only=true --confirm + when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool + run_once: true + + - name: Reconcile Security Context Constraints + command: > + {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm --additive-only=true + run_once: true + + - set_fact: + reconcile_complete: True + +############################################################################### # Upgrade Nodes ############################################################################### @@ -64,11 +189,24 @@ roles: - openshift_facts handlers: - - include: ../../../../../roles/openshift_node/handlers/main.yml + - include: ../../../../roles/openshift_node/handlers/main.yml + static: yes tasks: # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node # or docker actually needs an upgrade before proceeding. Perhaps best to save this until # we merge upgrade functionality into the base roles and a normal config.yml playbook run. + - name: Determine if node is currently scheduleable + command: > + {{ openshift.common.client_binary }} get node {{ openshift.common.hostname | lower }} -o json + register: node_output + delegate_to: "{{ groups.oo_first_master.0 }}" + changed_when: false + when: inventory_hostname in groups.oo_nodes_to_config + + - set_fact: + was_schedulable: "{{ 'unschedulable' not in (node_output.stdout | from_json).spec }}" + when: inventory_hostname in groups.oo_nodes_to_config + - name: Mark unschedulable if host is a node command: > {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=false @@ -81,13 +219,10 @@ delegate_to: "{{ groups.oo_first_master.0 }}" when: inventory_hostname in groups.oo_nodes_to_config - # Only check if docker upgrade is required if docker_upgrade is not - # already set to False. - - include: ../docker/upgrade_check.yml - when: docker_upgrade is not defined or docker_upgrade | bool and not openshift.common.is_atomic | bool - - - include: ../docker/upgrade.yml + - include: docker/upgrade.yml when: l_docker_upgrade is defined and l_docker_upgrade | bool and not openshift.common.is_atomic | bool + - include: "{{ node_config_hook }}" + when: node_config_hook is defined and inventory_hostname in groups.oo_nodes_to_config - include: rpm_upgrade.yml vars: @@ -98,55 +233,14 @@ - include: containerized_node_upgrade.yml when: inventory_hostname in groups.oo_nodes_to_config and openshift.common.is_containerized | bool + - meta: flush_handlers + - name: Set node schedulability command: > {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true delegate_to: "{{ groups.oo_first_master.0 }}" - when: inventory_hostname in groups.oo_nodes_to_config and openshift.node.schedulable | bool - + when: inventory_hostname in groups.oo_nodes_to_config and was_schedulable | bool -############################################################################### -# Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints -############################################################################### - -- name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints - hosts: oo_masters_to_config - roles: - - { role: openshift_cli } - vars: - origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}" - ent_reconcile_bindings: true - openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" - tasks: - - name: Verifying the correct commandline tools are available - shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}} - when: openshift.common.is_containerized | bool and verify_upgrade_version is defined - - - name: Reconcile Cluster Roles - command: > - {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-roles --additive-only=true --confirm - run_once: true - - - name: Reconcile Cluster Role Bindings - command: > - {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-role-bindings - --exclude-groups=system:authenticated - --exclude-groups=system:authenticated:oauth - --exclude-groups=system:unauthenticated - --exclude-users=system:anonymous - --additive-only=true --confirm - when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool - run_once: true - - - name: Reconcile Security Context Constraints - command: > - {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm --additive-only=true - run_once: true - - - set_fact: - reconcile_complete: True ############################################################################## # Gate on reconcile diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 deleted file mode 120000 index cf20e8959..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles/openshift_master/templates/atomic-openshift-master.j2
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker deleted file mode 120000 index 5a3dd12b3..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles/openshift_master/templates/docker
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster deleted file mode 120000 index 3ee319365..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles/openshift_master/templates/docker-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins deleted file mode 120000 index 27ddaa18b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library deleted file mode 120000 index 53bed9684..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library +++ /dev/null @@ -1 +0,0 @@ -../library
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins deleted file mode 120000 index cf407f69b..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster deleted file mode 120000 index f44f8eb4f..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles/openshift_master/templates/native-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service deleted file mode 120000 index b384a3f4d..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles/openshift_node/templates/openshift.docker.node.dep.service
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service deleted file mode 120000 index a2f140144..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles/openshift_node/templates/openshift.docker.node.service
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service deleted file mode 120000 index 61946ff91..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles/openshift_node/templates/openvswitch.docker.service
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j2 deleted file mode 120000 index 3adc56e4e..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j2 +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles/openshift_node/templates/openvswitch.sysconfig.j2
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles deleted file mode 120000 index 6bc1a7aef..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml new file mode 100644 index 000000000..684eea343 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml @@ -0,0 +1,50 @@ +--- +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.acceptContentTypes' + yaml_value: 'application/vnd.kubernetes.protobuf,application/json' + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.contentType' + yaml_value: 'application/vnd.kubernetes.protobuf' + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.burst' + yaml_value: 400 + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.qps' + yaml_value: 200 + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.acceptContentTypes' + yaml_value: 'application/vnd.kubernetes.protobuf,application/json' + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.contentType' + yaml_value: 'application/vnd.kubernetes.protobuf' + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.burst' + yaml_value: 600 + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.qps' + yaml_value: 300 + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.servicesServingCert.signer.certFile' + yaml_value: service-signer.crt + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.servicesServingCert.signer.keyFile' + yaml_value: service-signer.key diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml new file mode 100644 index 000000000..8f64636ae --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml @@ -0,0 +1,21 @@ +--- +- modify_yaml: + dest: "{{ openshift.common.config_base}}/node/node-config.yaml" + yaml_key: 'masterClientConnectionOverrides.acceptContentTypes' + yaml_value: 'application/vnd.kubernetes.protobuf,application/json' + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/node/node-config.yaml" + yaml_key: 'masterClientConnectionOverrides.contentType' + yaml_value: 'application/vnd.kubernetes.protobuf' + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/node/node-config.yaml" + yaml_key: 'masterClientConnectionOverrides.burst' + yaml_value: 40 + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/node/node-config.yaml" + yaml_key: 'masterClientConnectionOverrides.qps' + yaml_value: 20 + diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 1d818eea0..7f60cd9e4 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -48,6 +48,12 @@ - set_fact: openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default('10s', true) }}" when: openshift_hosted_metrics_resolution is not defined + - set_fact: + openshift_hosted_metrics_deployer_prefix: "{{ lookup('oo_option', 'openshift_hosted_metrics_deployer_prefix') | default('openshift') }}" + when: openshift_hosted_metrics_deployer_prefix is not defined + - set_fact: + openshift_hosted_metrics_deployer_version: "{{ lookup('oo_option', 'openshift_hosted_metrics_deployer_version') | default('latest') }}" + when: openshift_hosted_metrics_deployer_prefix is not defined roles: - openshift_facts post_tasks: diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index c56353430..66eb293e5 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -43,7 +43,7 @@ ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ groups.oo_nodes_to_config | default([]) }}" - when: hostvars[item].openshift.common.is_containerized | bool and (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config) + when: hostvars[item].openshift.common is defined and hostvars[item].openshift.common.is_containerized | bool and (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config) - name: Configure node instances hosts: oo_containerized_master_nodes @@ -156,10 +156,7 @@ - name: Set schedulability hosts: oo_first_master vars: - openshift_nodes: "{{ hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_collect('openshift.common.hostname') }}" - openshift_node_vars: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config']) }}" + openshift_nodes: "{{ groups.oo_nodes_to_config | default([]) }}" pre_tasks: # Necessary because when you're on a node that's also a master the master will be # restarted after the node restarts docker and it will take up to 60 seconds for diff --git a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml index 3117d9edc..b42ca83af 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_network.yml @@ -1,27 +1,11 @@ --- -- name: Test if libvirt network for openshift already exists - command: "virsh -c {{ libvirt_uri }} net-info {{ libvirt_network }}" - register: net_info_result - changed_when: False - failed_when: "net_info_result.rc != 0 and 'no network with matching name' not in net_info_result.stderr" - -- name: Create a temp directory for the template xml file - command: "mktemp -d /tmp/openshift-ansible-XXXXXXX" - register: mktemp - when: net_info_result.rc == 1 - -- name: Create network xml file - template: - src: templates/network.xml - dest: "{{ mktemp.stdout }}/network.xml" - when: net_info_result.rc == 1 - -- name: Create libvirt network for openshift - command: "virsh -c {{ libvirt_uri }} net-create {{ mktemp.stdout }}/network.xml" - when: net_info_result.rc == 1 - -- name: Remove the temp directory - file: - path: "{{ mktemp.stdout }}" - state: absent - when: net_info_result.rc == 1 +- name: Create the libvirt network for OpenShift + virt_net: + name: '{{ libvirt_network }}' + state: '{{ item }}' + autostart: 'yes' + xml: "{{ lookup('template', 'network.xml') }}" + uri: '{{ libvirt_uri }}' + with_items: + - present + - active diff --git a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml index 397158b9e..8685624ec 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/configure_libvirt_storage_pool.yml @@ -6,22 +6,25 @@ # We need to set permissions on the directory and any items created under the directory, so we need to call the acl module with and without default set. - acl: - default: "{{ item }}" + default: '{{ item.default }}' entity: kvm etype: group name: "{{ libvirt_storage_pool_path }}" - permissions: rwx + permissions: '{{ item.permissions }}' state: present with_items: - - no - - yes + - default: no + permissions: x + - default: yes + permissions: rwx -- name: Test if libvirt storage pool for openshift already exists - command: "virsh -c {{ libvirt_uri }} pool-info {{ libvirt_storage_pool }}" - register: pool_info_result - changed_when: False - failed_when: "pool_info_result.rc != 0 and 'no storage pool with matching name' not in pool_info_result.stderr" - -- name: Create the libvirt storage pool for openshift - command: 'virsh -c {{ libvirt_uri }} pool-create-as {{ libvirt_storage_pool }} dir --target {{ libvirt_storage_pool_path }}' - when: pool_info_result.rc == 1 +- name: Create the libvirt storage pool for OpenShift + virt_pool: + name: '{{ libvirt_storage_pool }}' + state: '{{ item }}' + autostart: 'yes' + xml: "{{ lookup('template', 'storage-pool.xml') }}" + uri: '{{ libvirt_uri }}' + with_items: + - present + - active diff --git a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml index cc34d0ef9..e0afc43ba 100644 --- a/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml +++ b/playbooks/libvirt/openshift-cluster/tasks/launch_instances.yml @@ -134,4 +134,4 @@ delay: 1 with_together: - '{{ instances }}' - - '{{ ips }}'
\ No newline at end of file + - '{{ ips }}' diff --git a/playbooks/libvirt/openshift-cluster/templates/network.xml b/playbooks/libvirt/openshift-cluster/templates/network.xml index 050bc7ab9..0ce2a8342 100644 --- a/playbooks/libvirt/openshift-cluster/templates/network.xml +++ b/playbooks/libvirt/openshift-cluster/templates/network.xml @@ -1,5 +1,5 @@ <network> - <name>openshift-ansible</name> + <name>{{ libvirt_network }}</name> <forward mode='nat'> <nat> <port start='1024' end='65535'/> diff --git a/playbooks/libvirt/openshift-cluster/templates/storage-pool.xml b/playbooks/libvirt/openshift-cluster/templates/storage-pool.xml new file mode 100644 index 000000000..da139afd0 --- /dev/null +++ b/playbooks/libvirt/openshift-cluster/templates/storage-pool.xml @@ -0,0 +1,6 @@ +<pool type='dir'> + <name>{{ libvirt_storage_pool }}</name> + <target> + <path>{{ libvirt_storage_pool_path }}</path> + </target> +</pool> diff --git a/playbooks/openstack/openshift-cluster/cluster_hosts.yml b/playbooks/openstack/openshift-cluster/cluster_hosts.yml index 119b376aa..12c436eaf 100644 --- a/playbooks/openstack/openshift-cluster/cluster_hosts.yml +++ b/playbooks/openstack/openshift-cluster/cluster_hosts.yml @@ -1,21 +1,21 @@ --- -g_all_hosts: "{{ groups['tag_clusterid_' ~ cluster_id] | default([]) - | intersect(groups['tag_environment_' ~ cluster_env] | default([])) }}" +g_all_hosts: "{{ groups['meta-clusterid_' ~ cluster_id] | default([]) + | intersect(groups['meta-environment_' ~ cluster_env] | default([])) }}" -g_etcd_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_etcd'] | default([])) }}" +g_etcd_hosts: "{{ g_all_hosts | intersect(groups['meta-host-type_etcd'] | default([])) }}" -g_lb_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_lb'] | default([])) }}" +g_lb_hosts: "{{ g_all_hosts | intersect(groups['meta-host-type_lb'] | default([])) }}" -g_nfs_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_nfs'] | default([])) }}" +g_nfs_hosts: "{{ g_all_hosts | intersect(groups['meta-host-type_nfs'] | default([])) }}" -g_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_master'] | default([])) }}" +g_master_hosts: "{{ g_all_hosts | intersect(groups['meta-host-type_master'] | default([])) }}" -g_new_master_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_new_master'] | default([])) }}" +g_new_master_hosts: "{{ g_all_hosts | intersect(groups['meta-host-type_new_master'] | default([])) }}" -g_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_node'] | default([])) }}" +g_node_hosts: "{{ g_all_hosts | intersect(groups['meta-host-type_node'] | default([])) }}" -g_new_node_hosts: "{{ g_all_hosts | intersect(groups['tag_host-type_new_node'] | default([])) }}" +g_new_node_hosts: "{{ g_all_hosts | intersect(groups['meta-host-type_new_node'] | default([])) }}" -g_infra_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_infra'] | default([])) }}" +g_infra_hosts: "{{ g_node_hosts | intersect(groups['meta-sub-host-type_infra'] | default([])) }}" -g_compute_hosts: "{{ g_node_hosts | intersect(groups['tag_sub-host-type_compute'] | default([])) }}" +g_compute_hosts: "{{ g_node_hosts | intersect(groups['meta-sub-host-type_compute'] | default([])) }}" diff --git a/playbooks/openstack/openshift-cluster/dns.yml b/playbooks/openstack/openshift-cluster/dns.yml index 446a1846f..285f8fa78 100644 --- a/playbooks/openstack/openshift-cluster/dns.yml +++ b/playbooks/openstack/openshift-cluster/dns.yml @@ -21,7 +21,7 @@ groups: oo_hosts_to_add_in_dns ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - with_items: "{{ groups['tag_clusterid_' ~ cluster_id] }}" + with_items: "{{ groups['meta-clusterid_' ~ cluster_id] }}" - name: Gather facts hosts: oo_hosts_to_add_in_dns diff --git a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml index 2d0098784..458cf5ac7 100644 --- a/playbooks/openstack/openshift-cluster/files/heat_stack.yaml +++ b/playbooks/openstack/openshift-cluster/files/heat_stack.yaml @@ -42,6 +42,12 @@ parameters: description: Source of legitimate ssh connections default: 0.0.0.0/0 + node_port_incoming: + type: string + label: Source of node port connections + description: Authorized sources targetting node ports + default: 0.0.0.0/0 + num_etcd: type: number label: Number of etcd nodes @@ -393,6 +399,11 @@ resources: port_range_min: 4789 port_range_max: 4789 remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: { get_param: node_port_incoming } infra-secgrp: type: OS::Neutron::SecurityGroup diff --git a/playbooks/openstack/openshift-cluster/launch.yml b/playbooks/openstack/openshift-cluster/launch.yml index b9aae2f4c..127e3e2e6 100644 --- a/playbooks/openstack/openshift-cluster/launch.yml +++ b/playbooks/openstack/openshift-cluster/launch.yml @@ -33,6 +33,7 @@ -P external_net={{ openstack_network_external_net }} -P ssh_public_key="{{ openstack_ssh_public_key }}" -P ssh_incoming={{ openstack_ssh_access_from }} + -P node_port_incoming={{ openstack_node_port_access_from }} -P num_etcd={{ num_etcd }} -P num_masters={{ num_masters }} -P num_nodes={{ num_nodes }} @@ -48,6 +49,8 @@ -P infra_flavor={{ openstack_flavor["infra"] }} -P dns_flavor={{ openstack_flavor["dns"] }} openshift-ansible-{{ cluster_id }}-stack' + args: + chdir: '{{ playbook_dir }}' - name: Wait for OpenStack Stack readiness shell: 'heat stack-show openshift-ansible-{{ cluster_id }}-stack | awk ''$2 == "stack_status" {print $4}''' @@ -103,13 +106,13 @@ ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - groups: 'tag_environment_{{ cluster_env }}, tag_host-type_etcd, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' + groups: 'meta-environment_{{ cluster_env }}, meta-host-type_etcd, meta-sub-host-type_default, meta-clusterid_{{ cluster_id }}' openshift_node_labels: type: "etcd" with_together: - - parsed_outputs.etcd_names - - parsed_outputs.etcd_ips - - parsed_outputs.etcd_floating_ips + - '{{ parsed_outputs.etcd_names }}' + - '{{ parsed_outputs.etcd_ips }}' + - '{{ parsed_outputs.etcd_floating_ips }}' - name: Add new master instances groups and variables add_host: @@ -117,13 +120,13 @@ ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - groups: 'tag_environment_{{ cluster_env }}, tag_host-type_master, tag_sub-host-type_default, tag_clusterid_{{ cluster_id }}' + groups: 'meta-environment_{{ cluster_env }}, meta-host-type_master, meta-sub-host-type_default, meta-clusterid_{{ cluster_id }}' openshift_node_labels: type: "master" with_together: - - parsed_outputs.master_names - - parsed_outputs.master_ips - - parsed_outputs.master_floating_ips + - '{{ parsed_outputs.master_names }}' + - '{{ parsed_outputs.master_ips }}' + - '{{ parsed_outputs.master_floating_ips }}' - name: Add new node instances groups and variables add_host: @@ -131,13 +134,13 @@ ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_compute, tag_clusterid_{{ cluster_id }}' + groups: 'meta-environment_{{ cluster_env }}, meta-host-type_node, meta-sub-host-type_compute, meta-clusterid_{{ cluster_id }}' openshift_node_labels: type: "compute" with_together: - - parsed_outputs.node_names - - parsed_outputs.node_ips - - parsed_outputs.node_floating_ips + - '{{ parsed_outputs.node_names }}' + - '{{ parsed_outputs.node_ips }}' + - '{{ parsed_outputs.node_floating_ips }}' - name: Add new infra instances groups and variables add_host: @@ -145,13 +148,13 @@ ansible_ssh_host: '{{ item[2] }}' ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - groups: 'tag_environment_{{ cluster_env }}, tag_host-type_node, tag_sub-host-type_infra, tag_clusterid_{{ cluster_id }}' + groups: 'meta-environment_{{ cluster_env }}, meta-host-type_node, meta-sub-host-type_infra, meta-clusterid_{{ cluster_id }}' openshift_node_labels: type: "infra" with_together: - - parsed_outputs.infra_names - - parsed_outputs.infra_ips - - parsed_outputs.infra_floating_ips + - '{{ parsed_outputs.infra_names }}' + - '{{ parsed_outputs.infra_ips }}' + - '{{ parsed_outputs.infra_floating_ips }}' - name: Add DNS groups and variables add_host: @@ -166,10 +169,10 @@ host: '{{ item }}' port: 22 with_flattened: - - parsed_outputs.master_floating_ips - - parsed_outputs.node_floating_ips - - parsed_outputs.infra_floating_ips - - parsed_outputs.dns_floating_ip + - '{{ parsed_outputs.master_floating_ips }}' + - '{{ parsed_outputs.node_floating_ips }}' + - '{{ parsed_outputs.infra_floating_ips }}' + - '{{ parsed_outputs.dns_floating_ip }}' - name: Wait for user setup command: 'ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no -o ConnectTimeout=10 -o UserKnownHostsFile=/dev/null {{ deployment_vars[deployment_type].ssh_user }}@{{ item }} echo {{ deployment_vars[deployment_type].ssh_user }} user is setup' @@ -178,10 +181,10 @@ retries: 30 delay: 1 with_flattened: - - parsed_outputs.master_floating_ips - - parsed_outputs.node_floating_ips - - parsed_outputs.infra_floating_ips - - parsed_outputs.dns_floating_ip + - '{{ parsed_outputs.master_floating_ips }}' + - '{{ parsed_outputs.node_floating_ips }}' + - '{{ parsed_outputs.infra_floating_ips }}' + - '{{ parsed_outputs.dns_floating_ip }}' - include: update.yml diff --git a/playbooks/openstack/openshift-cluster/list.yml b/playbooks/openstack/openshift-cluster/list.yml index ba9c6bf9c..de68f5207 100644 --- a/playbooks/openstack/openshift-cluster/list.yml +++ b/playbooks/openstack/openshift-cluster/list.yml @@ -7,7 +7,7 @@ vars_files: - vars.yml tasks: - - set_fact: scratch_group=tag_clusterid_{{ cluster_id }} + - set_fact: scratch_group=meta-clusterid_{{ cluster_id }} when: cluster_id != '' - set_fact: scratch_group=all when: cluster_id == '' @@ -17,7 +17,7 @@ ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_ssh_host: "{{ hostvars[item].ansible_ssh_host | default(item) }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - with_items: groups[scratch_group] | default([]) | difference(['localhost']) + with_items: "{{ groups[scratch_group] | default([]) | difference(['localhost']) }}" - name: List Hosts hosts: oo_list_hosts @@ -31,4 +31,4 @@ - vars.yml tasks: - debug: - msg: "{{ hostvars | oo_select_keys(groups[scratch_group] | default([])) | oo_pretty_print_cluster }}" + msg: "{{ hostvars | oo_select_keys(groups[scratch_group] | default([])) | oo_pretty_print_cluster('meta-') }}" diff --git a/playbooks/openstack/openshift-cluster/terminate.yml b/playbooks/openstack/openshift-cluster/terminate.yml index 5bd8476f1..4527f4a28 100644 --- a/playbooks/openstack/openshift-cluster/terminate.yml +++ b/playbooks/openstack/openshift-cluster/terminate.yml @@ -11,7 +11,7 @@ groups: oo_hosts_to_terminate ansible_ssh_user: "{{ deployment_vars[deployment_type].ssh_user }}" ansible_become: "{{ deployment_vars[deployment_type].become }}" - with_items: (groups['tag_environment_' ~ cluster_env]|default([])) | intersect(groups['tag_clusterid_' ~ cluster_id ]|default([])) + with_items: "{{ (groups['meta-environment_' ~ cluster_env]|default([])) | intersect(groups['meta-clusterid_' ~ cluster_id ]|default([])) }}" - name: Unsubscribe VMs hosts: oo_hosts_to_terminate diff --git a/playbooks/openstack/openshift-cluster/vars.yml b/playbooks/openstack/openshift-cluster/vars.yml index bc53a51b0..17063ef34 100644 --- a/playbooks/openstack/openshift-cluster/vars.yml +++ b/playbooks/openstack/openshift-cluster/vars.yml @@ -12,6 +12,8 @@ openstack_ssh_public_key: "{{ lookup('file', lookup('oo_option', 'public_k default('~/.ssh/id_rsa.pub', True)) }}" openstack_ssh_access_from: "{{ lookup('oo_option', 'ssh_from') | default('0.0.0.0/0', True) }}" +openstack_node_port_access_from: "{{ lookup('oo_option', 'node_port_from') | + default('0.0.0.0/0', True) }}" openstack_flavor: dns: "{{ lookup('oo_option', 'dns_flavor' ) | default('m1.small', True) }}" etcd: "{{ lookup('oo_option', 'etcd_flavor' ) | default('m1.small', True) }}" diff --git a/roles/cockpit-ui/meta/main.yml b/roles/cockpit-ui/meta/main.yml new file mode 100644 index 000000000..6ad2e324a --- /dev/null +++ b/roles/cockpit-ui/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Samuel Munilla + description: Deploy and Enable cockpit-ui + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.1 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml new file mode 100644 index 000000000..9fc15ee8b --- /dev/null +++ b/roles/cockpit-ui/tasks/main.yml @@ -0,0 +1,73 @@ +--- +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + +- set_fact: + openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + +- name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_kubeconfig }} + changed_when: False + +- name: Create passthrough route for docker-registry + command: > + {{ openshift.common.client_binary }} create route passthrough + --service docker-registry + --config={{ openshift_hosted_kubeconfig }} + -n default + register: create_docker_registry_route + changed_when: "'already exists' not in create_docker_registry_route.stderr" + failed_when: "'already exists' not in create_docker_registry_route.stderr and create_docker_registry_route.rc != 0" + +- name: Create passthrough route for registry-console + command: > + {{ openshift.common.client_binary }} create route passthrough + --service registry-console + --port registry-console + --config={{ openshift_hosted_kubeconfig }} + -n default + register: create_registry_console_route + changed_when: "'already exists' not in create_registry_console_route.stderr" + failed_when: "'already exists' not in create_registry_console_route.stderr and create_registry_console_route.rc != 0" + +- name: Retrieve docker-registry route + command: > + {{ openshift.common.client_binary }} get route docker-registry + --template='{{ '{{' }} .spec.host {{ '}}' }}' + --config={{ openshift_hosted_kubeconfig }} + -n default + register: docker_registry_route + changed_when: false + +- name: Retrieve cockpit kube url + command: > + {{ openshift.common.client_binary }} get route registry-console + --template='https://{{ '{{' }} .spec.host {{ '}}' }}' + -n default + register: registry_console_cockpit_kube_url + changed_when: false + +- set_fact: + cockpit_image_prefix: "{{ '-p IMAGE_PREFIX=' ~ openshift_cockpit_deployer_prefix | default('') }}" + +- name: Deploy registry-console + command: > + {{ openshift.common.client_binary }} new-app --template=registry-console + {{ cockpit_image_prefix }} + -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}" + -p REGISTRY_HOST="{{ docker_registry_route.stdout }}" + -p COCKPIT_KUBE_URL="{{ registry_console_cockpit_kube_url.stdout }}" + --config={{ openshift_hosted_kubeconfig }} + -n default + register: deploy_registry_console + changed_when: "'already exists' not in deploy_registry_console.stderr" + failed_when: "'already exists' not in deploy_registry_console.stderr and deploy_registry_console.rc != 0" + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 87a4e7af0..a89f5b91a 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -67,7 +67,7 @@ dest: /etc/sysconfig/docker regexp: '^{{ item.reg_conf_var }}=.*$' line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" - when: item.reg_fact_val != '' and docker_check.stat.isreg + when: item.reg_fact_val != '' and docker_check.stat.isreg is defined and docker_check.stat.isreg with_items: - reg_conf_var: ADD_REGISTRY reg_fact_val: "{{ docker_additional_registries | default(None, true)}}" @@ -96,7 +96,8 @@ reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}" notify: - restart docker - when: "{{ 'http_proxy' in openshift.common or 'https_proxy' in openshift.common and docker_check.stat.isreg }}" + when: + - docker_check.stat.isreg is defined and docker_check.stat.isreg and '"http_proxy" in openshift.common or "https_proxy" in openshift.common' - name: Set various Docker options lineinfile: @@ -108,7 +109,7 @@ {% if docker_log_options is defined %} {{ docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\ {% if docker_options is defined %} {{ docker_options }}{% endif %}\ {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'" - when: docker_check.stat.isreg + when: docker_check.stat.isreg is defined and docker_check.stat.isreg notify: - restart docker diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 75d40216d..ba4136327 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -58,30 +58,6 @@ group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" mode: 0700 -- name: Validate permissions on certificate files - file: - path: "{{ item }}" - mode: 0600 - owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" - group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" - when: etcd_url_scheme == 'https' - with_items: - - "{{ etcd_ca_file }}" - - "{{ etcd_cert_file }}" - - "{{ etcd_key_file }}" - -- name: Validate permissions on peer certificate files - file: - path: "{{ item }}" - mode: 0600 - owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" - group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" - when: etcd_peer_url_scheme == 'https' - with_items: - - "{{ etcd_peer_ca_file }}" - - "{{ etcd_peer_cert_file }}" - - "{{ etcd_peer_key_file }}" - - name: Write etcd global config file template: src: etcd.conf.j2 diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd_ca/tasks/main.yml index 865074e41..4e68bc962 100644 --- a/roles/etcd_ca/tasks/main.yml +++ b/roles/etcd_ca/tasks/main.yml @@ -38,9 +38,18 @@ delegate_to: "{{ etcd_ca_host }}" run_once: true -- command: touch {{ etcd_ca_db }} - args: - creates: "{{ etcd_ca_db }}" +- name: Check etcd_ca_db exist + stat: path="{{ etcd_ca_db }}" + register: etcd_ca_db_check + changed_when: false + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- name: Touch etcd_ca_db file + file: + path: "{{ etcd_ca_db }}" + state: touch + when: etcd_ca_db_check.stat.isreg is not defined delegate_to: "{{ etcd_ca_host }}" run_once: true diff --git a/roles/etcd_client_certificates/library b/roles/etcd_client_certificates/library deleted file mode 120000 index 494d3c39e..000000000 --- a/roles/etcd_client_certificates/library +++ /dev/null @@ -1 +0,0 @@ -../../library
\ No newline at end of file diff --git a/roles/etcd_client_certificates/meta/main.yml b/roles/etcd_client_certificates/meta/main.yml index 713c78c70..efebdb599 100644 --- a/roles/etcd_client_certificates/meta/main.yml +++ b/roles/etcd_client_certificates/meta/main.yml @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- role: etcd_ca +- role: etcd_common diff --git a/roles/etcd_client_certificates/tasks/main.yml b/roles/etcd_client_certificates/tasks/main.yml index b86afb81c..275aa0a63 100644 --- a/roles/etcd_client_certificates/tasks/main.yml +++ b/roles/etcd_client_certificates/tasks/main.yml @@ -1,4 +1,19 @@ --- +- name: Ensure CA certificate exists on etcd_ca_host + stat: + path: "{{ etcd_ca_cert }}" + register: g_ca_cert_stat_result + delegate_to: "{{ etcd_ca_host }}" + run_once: true + +- fail: + msg: > + CA certificate {{ etcd_ca_cert }} doesn't exist on CA host + {{ etcd_ca_host }}. Apply 'etcd_ca' role to + {{ etcd_ca_host }}. + when: not g_ca_cert_stat_result.stat.exists | bool + run_once: true + - name: Check status of external etcd certificatees stat: path: "{{ etcd_cert_config_dir }}/{{ item }}" @@ -7,11 +22,14 @@ - "{{ etcd_cert_prefix }}client.key" - "{{ etcd_cert_prefix }}ca.crt" register: g_external_etcd_cert_stat_result + when: not etcd_certificates_redeploy | default(false) | bool - set_fact: - etcd_client_certs_missing: "{{ False in (g_external_etcd_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list) }}" + etcd_client_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool + else (False in (g_external_etcd_cert_stat_result.results + | default({}) + | oo_collect(attribute='stat.exists') + | list)) }}" - name: Ensure generated_certs directory present file: diff --git a/library/delegated_serial_command.py b/roles/etcd_common/library/delegated_serial_command.py index 3969edfdd..3969edfdd 100755 --- a/library/delegated_serial_command.py +++ b/roles/etcd_common/library/delegated_serial_command.py diff --git a/roles/etcd_server_certificates/library b/roles/etcd_server_certificates/library deleted file mode 120000 index 494d3c39e..000000000 --- a/roles/etcd_server_certificates/library +++ /dev/null @@ -1 +0,0 @@ -../../library
\ No newline at end of file diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml index edcf51092..718515023 100644 --- a/roles/etcd_server_certificates/tasks/main.yml +++ b/roles/etcd_server_certificates/tasks/main.yml @@ -1,4 +1,8 @@ --- +- name: Install etcd + action: "{{ ansible_pkg_mgr }} name=etcd state=present" + when: not etcd_is_containerized | bool + - name: Check status of etcd certificates stat: path: "{{ etcd_cert_config_dir }}/{{ item }}" @@ -7,11 +11,14 @@ - "{{ etcd_cert_prefix }}peer.crt" - "{{ etcd_cert_prefix }}ca.crt" register: g_etcd_server_cert_stat_result + when: not etcd_certificates_redeploy | default(false) | bool - set_fact: - etcd_server_certs_missing: "{{ False in (g_etcd_server_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list) }}" + etcd_server_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool + else (False in (g_etcd_server_cert_stat_result.results + | default({}) + | oo_collect(attribute='stat.exists') + | list)) }}" - name: Ensure generated_certs directory present file: @@ -69,6 +76,8 @@ when: etcd_server_certs_missing | bool delegate_to: "{{ etcd_ca_host }}" +# Certificates must be signed serially in order to avoid competing +# for the serial file. - name: Sign and create the peer crt delegated_serial_command: command: > @@ -93,6 +102,7 @@ - name: Create local temp directory for syncing certs local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX + become: no register: g_etcd_server_mktemp changed_when: False when: etcd_server_certs_missing | bool @@ -131,6 +141,39 @@ - name: Delete temporary directory file: name={{ g_etcd_server_mktemp.stdout }} state=absent + become: no changed_when: False when: etcd_server_certs_missing | bool delegate_to: localhost + +- name: Validate permissions on certificate files + file: + path: "{{ item }}" + mode: 0600 + owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + when: etcd_url_scheme == 'https' + with_items: + - "{{ etcd_ca_file }}" + - "{{ etcd_cert_file }}" + - "{{ etcd_key_file }}" + +- name: Validate permissions on peer certificate files + file: + path: "{{ item }}" + mode: 0600 + owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + when: etcd_peer_url_scheme == 'https' + with_items: + - "{{ etcd_peer_ca_file }}" + - "{{ etcd_peer_cert_file }}" + - "{{ etcd_peer_key_file }}" + +- name: Validate permissions on the config dir + file: + path: "{{ etcd_conf_dir }}" + state: directory + owner: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + group: "{{ 'etcd' if not etcd_is_containerized | bool else omit }}" + mode: 0700 diff --git a/roles/flannel/README.md b/roles/flannel/README.md index 8f271aada..84e2c5c49 100644 --- a/roles/flannel/README.md +++ b/roles/flannel/README.md @@ -13,15 +13,15 @@ to 0.3. Role Variables -------------- -| Name | Default value | Description | -|---------------------|-----------------------------------------|-----------------------------------------------| -| flannel_interface | ansible_default_ipv4.interface | interface to use for inter-host communication | -| flannel_etcd_key | /openshift.com/network | etcd prefix | -| etcd_hosts | etcd_urls | a list of etcd endpoints | -| etcd_conf_dir | {{ openshift.common.config_base }}/node | SSL certificates directory | -| etcd_peer_ca_file | {{ etcd_conf_dir }}/ca.crt | SSL CA to use for etcd | -| etcd_peer_cert_file | Openshift SSL cert | SSL cert to use for etcd | -| etcd_peer_key_file | Openshift SSL key | SSL key to use for etcd | +| Name | Default value | Description | +|----------------------|-----------------------------------------|-----------------------------------------------| +| flannel_interface | ansible_default_ipv4.interface | interface to use for inter-host communication | +| flannel_etcd_key | /openshift.com/network | etcd prefix | +| etcd_hosts | etcd_urls | a list of etcd endpoints | +| etcd_cert_config_dir | {{ openshift.common.config_base }}/node | SSL certificates directory | +| etcd_peer_ca_file | {{ etcd_conf_dir }}/ca.crt | SSL CA to use for etcd | +| etcd_peer_cert_file | Openshift SSL cert | SSL cert to use for etcd | +| etcd_peer_key_file | Openshift SSL key | SSL key to use for etcd | Dependencies ------------ diff --git a/roles/flannel/defaults/main.yaml b/roles/flannel/defaults/main.yaml index 34cebda9c..988731ef2 100644 --- a/roles/flannel/defaults/main.yaml +++ b/roles/flannel/defaults/main.yaml @@ -2,7 +2,6 @@ flannel_interface: "{{ ansible_default_ipv4.interface }}" flannel_etcd_key: /openshift.com/network etcd_hosts: "{{ etcd_urls }}" -etcd_conf_dir: "{{ openshift.common.config_base }}/node" -etcd_peer_ca_file: "{{ etcd_conf_dir }}/{{ 'ca' if (embedded_etcd | bool) else 'node.etcd-ca' }}.crt" -etcd_peer_cert_file: "{{ etcd_conf_dir }}/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'node.etcd-client' }}.crt" -etcd_peer_key_file: "{{ etcd_conf_dir }}/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'node.etcd-client' }}.key" +etcd_peer_ca_file: "{{ openshift.common.config_base }}/node/{{ 'ca' if (embedded_etcd | bool) else 'flannel.etcd-ca' }}.crt" +etcd_peer_cert_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.crt" +etcd_peer_key_file: "{{ openshift.common.config_base }}/node/{{ 'system:node:' + openshift.common.hostname if (embedded_etcd | bool) else 'flannel.etcd-client' }}.key" diff --git a/roles/flannel_register/README.md b/roles/flannel_register/README.md index 623c4c7cf..20a07c35e 100644 --- a/roles/flannel_register/README.md +++ b/roles/flannel_register/README.md @@ -16,7 +16,7 @@ Role Variables |---------------------|----------------------------------------------------|-------------------------------------------------| | flannel_network | {{ openshift.common.portal_net }} or 172.16.1.1/16 | interface to use for inter-host communication | | flannel_min_network | {{ min_network }} or 172.16.5.0 | beginning of IP range for the subnet allocation | -| flannel_subnet_len | /openshift.com/network | size of the subnet allocated to each host | +| flannel_subnet_len | 24 | size of the subnet allocated to each host | | flannel_etcd_key | /openshift.com/network | etcd prefix | | etcd_hosts | etcd_urls | a list of etcd endpoints | | etcd_conf_dir | {{ openshift.common.config_base }}/master | SSL certificates directory | diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml index 3f16dd819..fdead100c 100644 --- a/roles/nuage_master/meta/main.yml +++ b/roles/nuage_master/meta/main.yml @@ -13,4 +13,8 @@ galaxy_info: - cloud - system dependencies: -- { role: nuage_ca } +- role: nuage_ca +- role: os_firewall + os_firewall_allow: + - service: openshift-monitor + port: "{{ nuage_mon_rest_server_port }}/tcp" diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml index 3f16dd819..9f84eacf6 100644 --- a/roles/nuage_node/meta/main.yml +++ b/roles/nuage_node/meta/main.yml @@ -13,4 +13,8 @@ galaxy_info: - cloud - system dependencies: -- { role: nuage_ca } +- role: nuage_ca +- role: os_firewall + os_firewall_allow: + - service: vxlan + port: 4789/udp diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index e1bf7dcad..bb89b65a6 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -3,6 +3,10 @@ msg: "openshift_ca_host variable must be defined for this role" when: openshift_ca_host is not defined +- fail: + msg: "Both 'certfile' and 'keyfile' keys must be supplied when configuring openshift_master_ca_certificate" + when: openshift_master_ca_certificate is defined and ('certfile' not in openshift_master_ca_certificate or 'keyfile' not in openshift_master_ca_certificate) + - name: Install the base package for admin tooling action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: not openshift.common.is_containerized | bool @@ -35,9 +39,43 @@ run_once: true - set_fact: - master_ca_missing: "{{ False in (g_master_ca_stat_result.results - | oo_collect(attribute='stat.exists') - | list) }}" + master_ca_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool + else False in (g_master_ca_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + run_once: true + +- name: Retain original serviceaccount keys + copy: + src: "{{ item }}" + dest: "{{ item }}.keep" + remote_src: true + with_items: + - "{{ openshift_ca_config_dir }}/serviceaccounts.private.key" + - "{{ openshift_ca_config_dir }}/serviceaccounts.public.key" + when: openshift_certificates_redeploy | default(false) | bool + +- name: Deploy master ca certificate + copy: + src: "{{ item.src }}" + dest: "{{ openshift_ca_config_dir }}/{{ item.dest }}" + force: "{{ true if openshift_certificates_redeploy_ca | default(false) | bool else false }}" + with_items: + - src: "{{ (openshift_master_ca_certificate | default({'certfile':none})).certfile }}" + dest: ca.crt + - src: "{{ (openshift_master_ca_certificate | default({'keyfile':none})).keyfile }}" + dest: ca.key + when: openshift_master_ca_certificate is defined + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- name: Create ca serial + copy: + content: "1" + dest: "{{ openshift_ca_config_dir }}/ca.serial.txt" + force: "{{ true if openshift_certificates_redeploy | default(false) | bool else false }}" + when: openshift_master_ca_certificate is defined + delegate_to: "{{ openshift_ca_host }}" run_once: true - name: Create the master certificates if they do not already exist @@ -54,3 +92,22 @@ when: master_ca_missing | bool delegate_to: "{{ openshift_ca_host }}" run_once: true + +- name: Restore original serviceaccount keys + copy: + src: "{{ item }}.keep" + dest: "{{ item }}" + remote_src: true + with_items: + - "{{ openshift_ca_config_dir }}/serviceaccounts.private.key" + - "{{ openshift_ca_config_dir }}/serviceaccounts.public.key" + when: openshift_certificates_redeploy | default(false) | bool + +- name: Remove backup serviceaccount keys + file: + path: "{{ item }}.keep" + state: absent + with_items: + - "{{ openshift_ca_config_dir }}/serviceaccounts.private.key" + - "{{ openshift_ca_config_dir }}/serviceaccounts.public.key" + when: openshift_certificates_redeploy | default(false) | bool diff --git a/roles/openshift_cloud_provider/tasks/main.yml b/roles/openshift_cloud_provider/tasks/main.yml index 6111d1207..e217e37ea 100644 --- a/roles/openshift_cloud_provider/tasks/main.yml +++ b/roles/openshift_cloud_provider/tasks/main.yml @@ -2,12 +2,8 @@ - name: Set cloud provider facts openshift_facts: role: cloudprovider - openshift_env: "{{ hostvars - | oo_merge_hostvars(vars, inventory_hostname) - | oo_openshift_env }}" - openshift_env_structures: - - 'openshift.cloudprovider.aws.*' - - 'openshift.cloudprovider.openstack.*' + local_facts: + kind: "{{ openshift_cloudprovider_kind | default(None) }}" - name: Create cloudprovider config dir file: diff --git a/roles/openshift_cloud_provider/tasks/openstack.yml b/roles/openshift_cloud_provider/tasks/openstack.yml index c501121e5..f22dd4520 100644 --- a/roles/openshift_cloud_provider/tasks/openstack.yml +++ b/roles/openshift_cloud_provider/tasks/openstack.yml @@ -7,4 +7,4 @@ template: dest: "{{ openshift.common.config_base }}/cloudprovider/openstack.conf" src: openstack.conf.j2 - when: "'auth_url' in openshift.cloudprovider.openstack and 'username' in openshift.cloudprovider.openstack and 'password' in openshift.cloudprovider.openstack and ('tenant_id' in openshift.cloudprovider.openstack or 'tenant_name' in openshift.cloudprovider.openstack)" + when: "openshift_cloudprovider_openstack_auth_url is defined and openshift_cloudprovider_openstack_username is defined and openshift_cloudprovider_openstack_password is defined and (openshift_cloudprovider_openstack_tenant_id is defined or openshift_cloudprovider_openstack_tenant_name is defined)" diff --git a/roles/openshift_cloud_provider/templates/openstack.conf.j2 b/roles/openshift_cloud_provider/templates/openstack.conf.j2 index 8a06b3a08..ce452db24 100644 --- a/roles/openshift_cloud_provider/templates/openstack.conf.j2 +++ b/roles/openshift_cloud_provider/templates/openstack.conf.j2 @@ -1,16 +1,16 @@ [Global] -auth-url = {{ openshift.cloudprovider.openstack.auth_url }} -username = {{ openshift.cloudprovider.openstack.username }} -password = {{ openshift.cloudprovider.openstack.password }} -{% if 'tenant_id' in openshift.cloudprovider.openstack %} -tenant-id = {{ openshift.cloudprovider.openstack.tenant_id }} +auth-url = {{ openshift_cloudprovider_openstack_auth_url }} +username = {{ openshift_cloudprovider_openstack_username }} +password = {{ openshift_cloudprovider_openstack_password }} +{% if openshift_cloudprovider_openstack_tenant_id is defined %} +tenant-id = {{ openshift_cloudprovider_openstack_tenant_id }} {% else %} -tenant-name = {{ openshift.cloudprovider.openstack.tenant_name }} +tenant-name = {{ openshift_cloudprovider_openstack_tenant_name }} {% endif %} -{% if 'region' in openshift.cloudprovider.openstack %} -region = {{ openshift.cloudprovider.openstack.region }} +{% if openshift_cloudprovider_openstack_region is defined %} +region = {{ openshift_cloudprovider_openstack_region }} {% endif %} -{% if 'lb_subnet_id' in openshift.cloudprovider.openstack %} +{% if openshift_cloudprovider_openstack_lb_subnet_id is defined %} [LoadBalancer] -subnet-id = {{ openshift.cloudprovider.openstack.lb_subnet_id }} +subnet-id = {{ openshift_cloudprovider_openstack_lb_subnet_id }} {% endif %} diff --git a/roles/openshift_cloud_provider/vars/main.yml b/roles/openshift_cloud_provider/vars/main.yml index c608e9b54..83bf6edc8 100644 --- a/roles/openshift_cloud_provider/vars/main.yml +++ b/roles/openshift_cloud_provider/vars/main.yml @@ -1,4 +1,4 @@ --- -has_cloudprovider: "{{ 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != None }}" -cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'aws' }}" -cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift.cloudprovider.kind == 'openstack' }}" +has_cloudprovider: "{{ openshift_cloudprovider_kind | default(None) != None }}" +cloudprovider_is_aws: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'aws' }}" +cloudprovider_is_openstack: "{{ has_cloudprovider | bool and openshift_cloudprovider_kind == 'openstack' }}" diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index ece335fbf..f10a77697 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -1,11 +1,11 @@ --- - fail: - msg: Flannel can not be used with openshift sdn - when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_flannel | default(false) | bool + msg: Flannel can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use flannel + when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_flannel | default(false) | bool - fail: - msg: Nuage sdn can not be used with openshift sdn - when: openshift_use_openshift_sdn | default(false) | bool and openshift_use_nuage | default(false) | bool + msg: Nuage sdn can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use nuage + when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_nuage | default(false) | bool - fail: msg: Nuage sdn can not be used with flannel diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index eb8b5e99b..0ce142983 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -13,7 +13,7 @@ log_options: "{{ openshift_docker_log_options | default(None) }}" options: "{{ openshift_docker_options | default(None) }}" disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}" - hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(None) }}" + hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(openshift.common.deployment_subtype != 'registry') }}" hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}" - set_fact: diff --git a/roles/openshift_etcd_server_certificates/meta/main.yml b/roles/openshift_etcd_server_certificates/meta/main.yml new file mode 100644 index 000000000..7750f14af --- /dev/null +++ b/roles/openshift_etcd_server_certificates/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift Etcd Server Certificates + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.1 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_etcd_facts +- role: etcd_server_certificates diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index a15285417..e843049f9 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -20,6 +20,8 @@ xpaas_templates_base: "{{ examples_base }}/xpaas-templates" quickstarts_base: "{{ examples_base }}/quickstart-templates" infrastructure_origin_base: "{{ examples_base }}/infrastructure-templates/origin" infrastructure_enterprise_base: "{{ examples_base }}/infrastructure-templates/enterprise" +cockpit_ui_base: "{{ examples_base }}/infrastructure-templates/enterprise" + openshift_examples_import_command: "create" registry_url: "" diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index 236717203..48da98017 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -5,37 +5,22 @@ # # This script should be run from openshift-ansible/roles/openshift_examples -XPAAS_VERSION=ose-v1.3.2 +XPAAS_VERSION=ose-v1.3.3 ORIGIN_VERSION=${1:-v1.3} EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} find ${EXAMPLES_BASE} -name '*.json' -delete -find ${EXAMPLES_BASE} -name '*.yaml' -delete +find ${EXAMPLES_BASE} -name '*.yaml' -delete -exclude registry-console.json TEMP=`mktemp -d` pushd $TEMP wget https://github.com/openshift/origin/archive/master.zip -O origin-master.zip -wget https://github.com/openshift/django-ex/archive/master.zip -O django-ex-master.zip -wget https://github.com/openshift/rails-ex/archive/master.zip -O rails-ex-master.zip -wget https://github.com/openshift/nodejs-ex/archive/master.zip -O nodejs-ex-master.zip -wget https://github.com/openshift/dancer-ex/archive/master.zip -O dancer-ex-master.zip -wget https://github.com/openshift/cakephp-ex/archive/master.zip -O cakephp-ex-master.zip wget https://github.com/jboss-openshift/application-templates/archive/${XPAAS_VERSION}.zip -O application-templates-master.zip unzip origin-master.zip -unzip django-ex-master.zip -unzip rails-ex-master.zip -unzip nodejs-ex-master.zip -unzip dancer-ex-master.zip -unzip cakephp-ex-master.zip unzip application-templates-master.zip cp origin-master/examples/db-templates/* ${EXAMPLES_BASE}/db-templates/ +cp origin-master/examples/quickstarts/* ${EXAMPLES_BASE}/quickstart-templates/ cp origin-master/examples/jenkins/jenkins-*template.json ${EXAMPLES_BASE}/quickstart-templates/ -cp origin-master/examples/jenkins/pipeline/jenkinstemplate.json ${EXAMPLES_BASE}/quickstart-templates/ cp origin-master/examples/image-streams/* ${EXAMPLES_BASE}/image-streams/ -cp django-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ -cp rails-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ -cp nodejs-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ -cp dancer-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ -cp cakephp-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ mv application-templates-${XPAAS_VERSION}/jboss-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/ find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' ! -wholename '*demo*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; wget https://raw.githubusercontent.com/jboss-fuse/application-templates/master/fis-image-streams.json -O ${EXAMPLES_BASE}/xpaas-streams/fis-image-streams.json diff --git a/roles/openshift_examples/files/examples/latest b/roles/openshift_examples/files/examples/latest index f7e713306..26e5d1951 120000 --- a/roles/openshift_examples/files/examples/latest +++ b/roles/openshift_examples/files/examples/latest @@ -1 +1 @@ -v1.2
\ No newline at end of file +v1.3
\ No newline at end of file diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/README.md b/roles/openshift_examples/files/examples/v1.2/db-templates/README.md index 609f4dec9..c66bdb8bf 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/README.md +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/README.md @@ -38,35 +38,11 @@ Replace `/path/to/template.json` with an appropriate path, that can be either a local path or an URL. Example: $ oc new-app https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json - --> Deploying template mongodb-ephemeral for "https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json" - With parameters: - DATABASE_SERVICE_NAME=mongodb - MONGODB_USER=userJNX # generated - MONGODB_PASSWORD=tnEDilMVrgjp5AI2 # generated - MONGODB_DATABASE=sampledb - MONGODB_ADMIN_PASSWORD=8bYEs8OlNYhVyMBs # generated - --> Creating resources ... - Service "mongodb" created - DeploymentConfig "mongodb" created - --> Success - Run 'oc status' to view your app. The parameters listed in the output above can be tweaked by specifying values in the command line with the `-p` option: $ oc new-app examples/db-templates/mongodb-ephemeral-template.json -p DATABASE_SERVICE_NAME=mydb -p MONGODB_USER=default - --> Deploying template mongodb-ephemeral for "examples/db-templates/mongodb-ephemeral-template.json" - With parameters: - DATABASE_SERVICE_NAME=mydb - MONGODB_USER=default - MONGODB_PASSWORD=RPvMbWlQFOevSowQ # generated - MONGODB_DATABASE=sampledb - MONGODB_ADMIN_PASSWORD=K7tIjDxDHHYCvFrJ # generated - --> Creating resources ... - Service "mydb" created - DeploymentConfig "mydb" created - --> Success - Run 'oc status' to view your app. Note that the persistent template requires an existing persistent volume, otherwise the deployment won't ever succeed. diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-ephemeral-template.json new file mode 100644 index 000000000..64b004ff4 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-ephemeral-template.json @@ -0,0 +1,184 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-ephemeral", + "annotations": { + "description": "MariaDB database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-mariadb", + "tags": "database,mariadb" + } + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${MYSQL_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${MYSQL_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + } + ], + "labels": { + "template": "mariadb-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-persistent-template.json new file mode 100644 index 000000000..0d5b39e81 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mariadb-persistent-template.json @@ -0,0 +1,208 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-persistent", + "annotations": { + "description": "MariaDB database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-mariadb", + "tags": "database,mariadb" + } + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${MYSQL_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${MYSQL_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + } + ], + "labels": { + "template": "mariadb-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json index 9a935be5e..329e7a692 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-ephemeral-template.json @@ -60,7 +60,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mongodb:latest", + "name": "mongodb:3.2", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -182,7 +182,7 @@ }, { "name": "MONGODB_USER", - "displayName": "MongoDB User", + "displayName": "MongoDB Connection Username", "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -190,8 +190,8 @@ }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user.", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true @@ -214,5 +214,6 @@ ], "labels": { "template": "mongodb-ephemeral-template" - } + }, + "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}" } diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json index 4f73d00cc..0fedad71e 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mongodb-persistent-template.json @@ -77,7 +77,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mongodb:latest", + "name": "mongodb:3.2", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -199,7 +199,7 @@ }, { "name": "MONGODB_USER", - "displayName": "MongoDB User", + "displayName": "MongoDB Connection Username", "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -207,8 +207,8 @@ }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user.", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true @@ -238,5 +238,6 @@ ], "labels": { "template": "mongodb-persistent-template" - } + }, + "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}" } diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json index 5f133b946..8a4ec41b2 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-ephemeral-template.json @@ -3,7 +3,6 @@ "apiVersion": "v1", "metadata": { "name": "mysql-ephemeral", - "creationTimestamp": null, "annotations": { "description": "MySQL database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mysql-database", @@ -60,7 +59,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mysql:latest", + "name": "mysql:5.6", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -122,10 +121,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -179,7 +178,7 @@ }, { "name": "MYSQL_USER", - "displayName": "MySQL User", + "displayName": "MySQL Connection Username", "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -187,8 +186,8 @@ }, { "name": "MYSQL_PASSWORD", - "displayName": "MySQL Password", - "description": "Password for the MySQL user.", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json index 88d8c3940..cae14c998 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/mysql-persistent-template.json @@ -65,7 +65,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mysql:latest", + "name": "mysql:5.6", "namespace": "${NAMESPACE}" } } @@ -173,7 +173,7 @@ }, { "name": "MYSQL_USER", - "displayName": "MySQL User", + "displayName": "MySQL Connection Username", "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -181,8 +181,8 @@ }, { "name": "MYSQL_PASSWORD", - "displayName": "MySQL Password", - "description": "Password for the MySQL user.", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json index e90244a6b..2b4b2a0cd 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-ephemeral-template.json @@ -60,7 +60,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "postgresql:latest", + "name": "postgresql:9.5", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -121,10 +121,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -178,7 +178,7 @@ }, { "name": "POSTGRESQL_USER", - "displayName": "PostgreSQL User", + "displayName": "PostgreSQL Connection Username", "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -186,8 +186,8 @@ }, { "name": "POSTGRESQL_PASSWORD", - "displayName": "PostgreSQL Password", - "description": "Password for the PostgreSQL user.", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json index 7b05076a5..63a04f08f 100644 --- a/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/db-templates/postgresql-persistent-template.json @@ -77,7 +77,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "postgresql:latest", + "name": "postgresql:9.5", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -195,7 +195,7 @@ }, { "name": "POSTGRESQL_USER", - "displayName": "PostgreSQL User", + "displayName": "PostgreSQL Connection Username", "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -203,8 +203,8 @@ }, { "name": "POSTGRESQL_PASSWORD", - "displayName": "PostgreSQL Password", - "description": "Password for the PostgreSQL user.", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json index 3d7afe4aa..6cbf81591 100644 --- a/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json +++ b/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json @@ -1,5 +1,5 @@ { - "kind": "List", + "kind": "ImageStreamList", "apiVersion": "v1", "metadata": { "name": "dotnet-image-streams", @@ -12,21 +12,39 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dotnetcore-10-rhel7" + "name": "dotnet" }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7", "tags": [ { + "name": "latest", + "annotations": { + "description": ".Net Core 1.0 S2I image.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.0/test/asp-net-hello-world" + }, + "from": { + "kind": "ImageStreamTag", + "name": "1.0" + } + }, + { "name": "1.0", "annotations": { "description": ".Net Core 1.0 S2I image.", "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", - "supports":"dotnet:1.0", + "supports":"dotnet:1.0,dotnet", "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", "sampleContextDir": "1.0/test/asp-net-hello-world", "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7:1.0" } } ] diff --git a/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json index d971e5e7a..8aedf80fe 100644 --- a/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v1.2/image-streams/image-streams-centos7.json @@ -92,7 +92,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "0.10" + "name": "4" } }, { @@ -109,6 +109,21 @@ "kind": "DockerImage", "name": "openshift/nodejs-010-centos7:latest" } + }, + { + "name": "4", + "annotations": { + "description": "Build and run NodeJS 4 applications", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs:4,nodejs", + "version": "4", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/nodejs-4-centos7:latest" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml index 77ffee7f9..8b28f872f 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/logging-deployer.yaml @@ -323,4 +323,3 @@ items: description: "(Deprecated) Node selector operations Curator (label=value)." name: CURATOR_OPS_NODESELECTOR value: "" - diff --git a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml index 89639fd67..ab62ae76f 100644 --- a/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.2/infrastructure-templates/origin/metrics-deployer.yaml @@ -68,6 +68,8 @@ objects: value: ${IGNORE_PREFLIGHT} - name: USE_PERSISTENT_STORAGE value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} - name: HAWKULAR_METRICS_HOSTNAME value: ${HAWKULAR_METRICS_HOSTNAME} - name: CASSANDRA_NODES @@ -76,6 +78,8 @@ objects: value: ${CASSANDRA_PV_SIZE} - name: METRIC_DURATION value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} - name: HEAPSTER_NODE_ID value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION @@ -123,6 +127,10 @@ parameters: name: USE_PERSISTENT_STORAGE value: "true" - + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- description: "The number of Cassandra Nodes to deploy for the initial cluster" name: CASSANDRA_NODES value: "1" @@ -135,6 +143,10 @@ parameters: name: METRIC_DURATION value: "7" - + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- description: "The identifier used when generating metric ids in Hawkular" name: HEAPSTER_NODE_ID value: "nodename" diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json index f85e7e537..ab4982690 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/cakephp-mysql.json @@ -126,9 +126,9 @@ }, "spec": { "strategy": { - "type": "Rolling", + "type": "Recreate", "recreateParams": { - "pre": { + "pre": { "failurePolicy": "Retry", "execNewPod": { "command": [ diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json index bc9c8e8fd..cc7920b7d 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/dancer-mysql.json @@ -207,9 +207,9 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } + "limits": { + "memory": "${MEMORY_LIMIT}" + } } } ] diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json index 0b7fd7cab..7d1dea11b 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django-postgresql.json @@ -83,7 +83,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "python:3.4" + "name": "python:3.5" }, "env": [ { @@ -273,7 +273,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "postgresql:9.4" + "name": "postgresql:9.5" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json index 9e84e27e1..1c2e40d70 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/django.json @@ -83,7 +83,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "python:3.4" + "name": "python:3.5" }, "env": [ { diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json index d1ae6de90..e8e361415 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-ephemeral-template.json @@ -5,11 +5,12 @@ "name": "jenkins-ephemeral", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, without persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "description": "Jenkins service, without persistent storage.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -25,6 +26,7 @@ }, "tls": { "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" @@ -74,6 +76,7 @@ } }, "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", "containers": [ { "name": "jenkins", @@ -88,7 +91,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 60, + "initialDelaySeconds": 120, "httpGet": { "path": "/login", "port": 8080 @@ -98,6 +101,18 @@ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" } ], "resources": { @@ -135,19 +150,42 @@ } }, { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null + "name": "${JNLP_SERVICE_NAME}" }, "spec": { "ports": [ { - "name": "web", + "name": "agent", "protocol": "TCP", - "port": 8080, - "targetPort": 8080, + "port": 50000, + "targetPort": 50000, "nodePort": 0 } ], @@ -158,6 +196,35 @@ "type": "ClusterIP", "sessionAffinity": "None" } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ @@ -168,11 +235,18 @@ "value": "jenkins" }, { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", "generate": "expression", - "value": "password" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MEMORY_LIMIT", diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json index c7bc3f2fa..e4a18961e 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/jenkins-persistent-template.json @@ -5,11 +5,12 @@ "name": "jenkins-persistent", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, with persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nYou must have persistent volumes available in your cluster to use this template.", + "description": "Jenkins service, with persistent storage.\nYou must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -25,6 +26,7 @@ }, "tls": { "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" @@ -91,6 +93,7 @@ } }, "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", "containers": [ { "name": "jenkins", @@ -105,7 +108,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 60, + "initialDelaySeconds": 120, "httpGet": { "path": "/login", "port": 8080 @@ -115,6 +118,18 @@ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" } ], "resources": { @@ -152,19 +167,42 @@ } }, { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null + "name": "${JNLP_SERVICE_NAME}" }, "spec": { "ports": [ { - "name": "web", + "name": "agent", "protocol": "TCP", - "port": 8080, - "targetPort": 8080, + "port": 50000, + "targetPort": 50000, "nodePort": 0 } ], @@ -175,6 +213,35 @@ "type": "ClusterIP", "sessionAffinity": "None" } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ @@ -185,11 +252,18 @@ "value": "jenkins" }, { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", "generate": "expression", - "value": "password" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MEMORY_LIMIT", diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json index b2b9f2478..6ab4a1781 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs-mongodb.json @@ -83,7 +83,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "nodejs:0.10" + "name": "nodejs:4" }, "env": [ { @@ -271,7 +271,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "mongodb:2.6" + "name": "mongodb:3.2" } } }, @@ -322,7 +322,7 @@ "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongostat --host 127.0.0.1 -u admin -p ${DATABASE_ADMIN_PASSWORD} -n 1 --noheaders"] + "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] } }, "livenessProbe": { diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json index 08c7d3106..ec262e4e8 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/nodejs.json @@ -83,7 +83,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "nodejs:0.10" + "name": "nodejs:4" }, "env": [ { diff --git a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json index e64e2feeb..50d60f2bb 100644 --- a/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/quickstart-templates/rails-postgresql.json @@ -83,7 +83,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "ruby:2.2" + "name": "ruby:2.3" }, "env": [ { @@ -300,7 +300,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${NAMESPACE}", - "name": "postgresql:9.4" + "name": "postgresql:9.5" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/fis-image-streams.json b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/fis-image-streams.json index ed0e94bed..65060cc2c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/fis-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/fis-image-streams.json @@ -20,13 +20,23 @@ { "name": "1.0", "annotations": { - "description": "JBoss Fuse Integration Services 6.2.1 Java S2I images.", + "description": "JBoss Fuse Integration Services 1.0 Java S2I images.", "iconClass": "icon-jboss", "tags": "builder,jboss-fuse,java,xpaas", "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", "version": "1.0" } - } + }, + { + "name": "2.0", + "annotations": { + "description": "JBoss Fuse Integration Services 2.0 Java S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,xpaas", + "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", + "version": "2.0" + } + } ] } }, @@ -42,13 +52,23 @@ { "name": "1.0", "annotations": { - "description": "JBoss Fuse Integration Services 6.2.1 Karaf S2I images.", + "description": "JBoss Fuse Integration Services 1.0 Karaf S2I images.", "iconClass": "icon-jboss", "tags": "builder,jboss-fuse,java,karaf,xpaas", "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", "version": "1.0" } - } + }, + { + "name": "2.0", + "annotations": { + "description": "JBoss Fuse Integration Services 2.0 Karaf S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,karaf,xpaas", + "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", + "version": "2.0" + } + } ] } } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json index 8c21683dc..4edc97f41 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json @@ -194,7 +194,7 @@ { "name": "1.2", "annotations": { - "description": "Decision Server 6.2 S2I images.", + "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.", "iconClass": "icon-jboss", "tags": "builder,decisionserver,java,xpaas", "supports":"decisionserver:6.2,java:8,xpaas:1.2", @@ -211,6 +211,56 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { + "name": "jboss-decisionserver63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,decisionserver,java,xpaas", + "supports":"decisionserver:6.3,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-processserver63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,processserver,java,xpaas", + "supports":"processserver:6.3,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { "name": "jboss-datagrid65-openshift" }, "spec": { diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json index f09900491..754a3b4c0 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 A-MQ applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,amq,java,messaging,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-amq-s2i" }, "labels": { "template": "decisionserver62-amq-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -145,18 +145,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -460,11 +458,6 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ @@ -609,6 +602,11 @@ }, "ports": [ { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { "name": "amqp", "containerPort": 5672, "protocol": "TCP" @@ -658,20 +656,24 @@ "value": "${MQ_PROTOCOL}" }, { - "name": "AMQ_QUEUES", - "value": "${MQ_QUEUES}" + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, { - "name": "AMQ_TOPICS", - "value": "${MQ_TOPICS}" + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json index 7f694e0e1..8be4ac90b 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-basic-s2i" }, "labels": { "template": "decisionserver62-basic-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -301,11 +301,6 @@ "name": "http", "containerPort": 8080, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json index ea1fcd5dc..bf9047599 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 HTTPS applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server HTTPS applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-https-s2i" }, "labels": { "template": "decisionserver62-https-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -403,11 +403,6 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-amq-s2i.json new file mode 100644 index 000000000..51e667e02 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-amq-s2i.json @@ -0,0 +1,696 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server A-MQ applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,amq,java,messaging,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-amq-s2i" + }, + "labels": { + "template": "decisionserver63-amq-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-basic-s2i.json new file mode 100644 index 000000000..c5f0d006a --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-basic-s2i.json @@ -0,0 +1,339 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-basic-s2i" + }, + "labels": { + "template": "decisionserver63-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-https-s2i.json new file mode 100644 index 000000000..3db0e4c84 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver63-https-s2i.json @@ -0,0 +1,473 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server HTTPS applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-https-s2i" + }, + "labels": { + "template": "decisionserver63-https-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json new file mode 100644 index 000000000..1dea463ac --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json @@ -0,0 +1,1079 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-mysql-persistent-s2i" + }, + "labels": { + "template": "processserver63-amq-mysql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-s2i.json new file mode 100644 index 000000000..42264585b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-mysql-s2i.json @@ -0,0 +1,959 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-mysql-s2i" + }, + "labels": { + "template": "processserver63-amq-mysql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json new file mode 100644 index 000000000..f6d0c99ed --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json @@ -0,0 +1,1052 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-postgresql-persistent-s2i" + }, + "labels": { + "template": "processserver63-amq-postgresql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-s2i.json new file mode 100644 index 000000000..41c726cf0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-amq-postgresql-s2i.json @@ -0,0 +1,932 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-postgresql-s2i" + }, + "labels": { + "template": "processserver63-amq-postgresql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-basic-s2i.json new file mode 100644 index 000000000..170c919cb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-basic-s2i.json @@ -0,0 +1,345 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,javaee,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-basic-s2i" + }, + "labels": { + "template": "processserver63-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.H2Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-persistent-s2i.json new file mode 100644 index 000000000..89d0db1a6 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-persistent-s2i.json @@ -0,0 +1,792 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-mysql-persistent-s2i" + }, + "labels": { + "template": "processserver63-mysql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-s2i.json new file mode 100644 index 000000000..26cab29f8 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-mysql-s2i.json @@ -0,0 +1,716 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-mysql-s2i" + }, + "labels": { + "template": "processserver63-mysql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-persistent-s2i.json new file mode 100644 index 000000000..32a512829 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-persistent-s2i.json @@ -0,0 +1,765 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-postgresql-persistent-s2i" + }, + "labels": { + "template": "processserver63-postgresql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-s2i.json new file mode 100644 index 000000000..55e2199bb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/processserver63-postgresql-s2i.json @@ -0,0 +1,689 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-postgresql-s2i" + }, + "labels": { + "template": "processserver63-postgresql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/README.md b/roles/openshift_examples/files/examples/v1.3/db-templates/README.md index 609f4dec9..c66bdb8bf 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/README.md +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/README.md @@ -38,35 +38,11 @@ Replace `/path/to/template.json` with an appropriate path, that can be either a local path or an URL. Example: $ oc new-app https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json - --> Deploying template mongodb-ephemeral for "https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json" - With parameters: - DATABASE_SERVICE_NAME=mongodb - MONGODB_USER=userJNX # generated - MONGODB_PASSWORD=tnEDilMVrgjp5AI2 # generated - MONGODB_DATABASE=sampledb - MONGODB_ADMIN_PASSWORD=8bYEs8OlNYhVyMBs # generated - --> Creating resources ... - Service "mongodb" created - DeploymentConfig "mongodb" created - --> Success - Run 'oc status' to view your app. The parameters listed in the output above can be tweaked by specifying values in the command line with the `-p` option: $ oc new-app examples/db-templates/mongodb-ephemeral-template.json -p DATABASE_SERVICE_NAME=mydb -p MONGODB_USER=default - --> Deploying template mongodb-ephemeral for "examples/db-templates/mongodb-ephemeral-template.json" - With parameters: - DATABASE_SERVICE_NAME=mydb - MONGODB_USER=default - MONGODB_PASSWORD=RPvMbWlQFOevSowQ # generated - MONGODB_DATABASE=sampledb - MONGODB_ADMIN_PASSWORD=K7tIjDxDHHYCvFrJ # generated - --> Creating resources ... - Service "mydb" created - DeploymentConfig "mydb" created - --> Success - Run 'oc status' to view your app. Note that the persistent template requires an existing persistent volume, otherwise the deployment won't ever succeed. diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json new file mode 100644 index 000000000..64b004ff4 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json @@ -0,0 +1,184 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-ephemeral", + "annotations": { + "description": "MariaDB database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-mariadb", + "tags": "database,mariadb" + } + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${MYSQL_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${MYSQL_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + } + ], + "labels": { + "template": "mariadb-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json new file mode 100644 index 000000000..0d5b39e81 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json @@ -0,0 +1,208 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-persistent", + "annotations": { + "description": "MariaDB database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-mariadb", + "tags": "database,mariadb" + } + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${MYSQL_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${MYSQL_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + } + ], + "labels": { + "template": "mariadb-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json index 9a935be5e..329e7a692 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json @@ -60,7 +60,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mongodb:latest", + "name": "mongodb:3.2", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -182,7 +182,7 @@ }, { "name": "MONGODB_USER", - "displayName": "MongoDB User", + "displayName": "MongoDB Connection Username", "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -190,8 +190,8 @@ }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user.", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true @@ -214,5 +214,6 @@ ], "labels": { "template": "mongodb-ephemeral-template" - } + }, + "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}" } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json index 4f73d00cc..0fedad71e 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json @@ -77,7 +77,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mongodb:latest", + "name": "mongodb:3.2", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -199,7 +199,7 @@ }, { "name": "MONGODB_USER", - "displayName": "MongoDB User", + "displayName": "MongoDB Connection Username", "description": "Username for MongoDB user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -207,8 +207,8 @@ }, { "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user.", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true @@ -238,5 +238,6 @@ ], "labels": { "template": "mongodb-persistent-template" - } + }, + "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}" } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json index 5f133b946..8a4ec41b2 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json @@ -3,7 +3,6 @@ "apiVersion": "v1", "metadata": { "name": "mysql-ephemeral", - "creationTimestamp": null, "annotations": { "description": "MySQL database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mysql-database", @@ -60,7 +59,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mysql:latest", + "name": "mysql:5.6", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -122,10 +121,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -179,7 +178,7 @@ }, { "name": "MYSQL_USER", - "displayName": "MySQL User", + "displayName": "MySQL Connection Username", "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -187,8 +186,8 @@ }, { "name": "MYSQL_PASSWORD", - "displayName": "MySQL Password", - "description": "Password for the MySQL user.", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json index 88d8c3940..cae14c998 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json @@ -65,7 +65,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "mysql:latest", + "name": "mysql:5.6", "namespace": "${NAMESPACE}" } } @@ -173,7 +173,7 @@ }, { "name": "MYSQL_USER", - "displayName": "MySQL User", + "displayName": "MySQL Connection Username", "description": "Username for MySQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -181,8 +181,8 @@ }, { "name": "MYSQL_PASSWORD", - "displayName": "MySQL Password", - "description": "Password for the MySQL user.", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json index e90244a6b..2b4b2a0cd 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json @@ -60,7 +60,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "postgresql:latest", + "name": "postgresql:9.5", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -121,10 +121,10 @@ } ], "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, "volumeMounts": [ { "name": "${DATABASE_SERVICE_NAME}-data", @@ -178,7 +178,7 @@ }, { "name": "POSTGRESQL_USER", - "displayName": "PostgreSQL User", + "displayName": "PostgreSQL Connection Username", "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -186,8 +186,8 @@ }, { "name": "POSTGRESQL_PASSWORD", - "displayName": "PostgreSQL Password", - "description": "Password for the PostgreSQL user.", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json index 7b05076a5..63a04f08f 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json @@ -77,7 +77,7 @@ ], "from": { "kind": "ImageStreamTag", - "name": "postgresql:latest", + "name": "postgresql:9.5", "namespace": "${NAMESPACE}" }, "lastTriggeredImage": "" @@ -195,7 +195,7 @@ }, { "name": "POSTGRESQL_USER", - "displayName": "PostgreSQL User", + "displayName": "PostgreSQL Connection Username", "description": "Username for PostgreSQL user that will be used for accessing the database.", "generate": "expression", "from": "user[A-Z0-9]{3}", @@ -203,8 +203,8 @@ }, { "name": "POSTGRESQL_PASSWORD", - "displayName": "PostgreSQL Password", - "description": "Password for the PostgreSQL user.", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", "generate": "expression", "from": "[a-zA-Z0-9]{16}", "required": true diff --git a/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json index 3d7afe4aa..6cbf81591 100644 --- a/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json +++ b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json @@ -1,5 +1,5 @@ { - "kind": "List", + "kind": "ImageStreamList", "apiVersion": "v1", "metadata": { "name": "dotnet-image-streams", @@ -12,21 +12,39 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dotnetcore-10-rhel7" + "name": "dotnet" }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7", "tags": [ { + "name": "latest", + "annotations": { + "description": ".Net Core 1.0 S2I image.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.0/test/asp-net-hello-world" + }, + "from": { + "kind": "ImageStreamTag", + "name": "1.0" + } + }, + { "name": "1.0", "annotations": { "description": ".Net Core 1.0 S2I image.", "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", - "supports":"dotnet:1.0", + "supports":"dotnet:1.0,dotnet", "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", "sampleContextDir": "1.0/test/asp-net-hello-world", "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7:1.0" } } ] diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml index 032f94a18..afd47ec7c 100644 --- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/metrics-deployer.yaml @@ -34,9 +34,11 @@ objects: metadata: generateName: metrics-deployer- spec: + securityContext: {} containers: - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} name: deployer + securityContext: {} volumeMounts: - name: secret mountPath: /secret @@ -48,6 +50,10 @@ objects: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: IMAGE_PREFIX value: ${IMAGE_PREFIX} - name: IMAGE_VERSION @@ -58,8 +64,12 @@ objects: value: ${MODE} - name: REDEPLOY value: ${REDEPLOY} + - name: IGNORE_PREFLIGHT + value: ${IGNORE_PREFLIGHT} - name: USE_PERSISTENT_STORAGE value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} - name: HAWKULAR_METRICS_HOSTNAME value: ${HAWKULAR_METRICS_HOSTNAME} - name: CASSANDRA_NODES @@ -68,6 +78,10 @@ objects: value: ${CASSANDRA_PV_SIZE} - name: METRIC_DURATION value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} + - name: HEAPSTER_NODE_ID + value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION value: ${METRIC_RESOLUTION} dnsPolicy: ClusterFirst @@ -87,7 +101,7 @@ parameters: - description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' name: IMAGE_VERSION - value: "3.2.1" + value: "3.3.0" - description: "Internal URL for the master, for authentication retrieval" name: MASTER_URL @@ -97,7 +111,7 @@ parameters: name: HAWKULAR_METRICS_HOSTNAME required: true - - description: "Can be set to: 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process)" + description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" name: MODE value: "deploy" - @@ -105,10 +119,18 @@ parameters: name: REDEPLOY value: "false" - + description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." + name: IGNORE_PREFLIGHT + value: "false" +- description: "Set to true for persistent storage, set to false to use non persistent storage" name: USE_PERSISTENT_STORAGE value: "true" - + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- description: "The number of Cassandra Nodes to deploy for the initial cluster" name: CASSANDRA_NODES value: "1" @@ -121,6 +143,14 @@ parameters: name: METRIC_DURATION value: "7" - - description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- + description: "The identifier used when generating metric ids in Hawkular" + name: HEAPSTER_NODE_ID + value: "nodename" +- + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" name: METRIC_RESOLUTION - value: "10s" + value: "15s" diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/registry-console.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/registry-console.yaml new file mode 100644 index 000000000..11478263c --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/enterprise/registry-console.yaml @@ -0,0 +1,124 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_PREFIX}registry-console + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" + - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:3.3", set version "3.3"' + name: IMAGE_VERSION + value: "3.3" + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml index 77ffee7f9..8b28f872f 100644 --- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/logging-deployer.yaml @@ -323,4 +323,3 @@ items: description: "(Deprecated) Node selector operations Curator (label=value)." name: CURATOR_OPS_NODESELECTOR value: "" - diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml index 89639fd67..ac5098c8a 100644 --- a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/metrics-deployer.yaml @@ -68,6 +68,8 @@ objects: value: ${IGNORE_PREFLIGHT} - name: USE_PERSISTENT_STORAGE value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} - name: HAWKULAR_METRICS_HOSTNAME value: ${HAWKULAR_METRICS_HOSTNAME} - name: CASSANDRA_NODES @@ -76,6 +78,8 @@ objects: value: ${CASSANDRA_PV_SIZE} - name: METRIC_DURATION value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} - name: HEAPSTER_NODE_ID value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION @@ -123,6 +127,10 @@ parameters: name: USE_PERSISTENT_STORAGE value: "true" - + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- description: "The number of Cassandra Nodes to deploy for the initial cluster" name: CASSANDRA_NODES value: "1" @@ -135,10 +143,14 @@ parameters: name: METRIC_DURATION value: "7" - + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- description: "The identifier used when generating metric ids in Hawkular" name: HEAPSTER_NODE_ID value: "nodename" - - description: "How often metrics should be gathered. Defaults value of '10s' for 10 seconds" + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" name: METRIC_RESOLUTION - value: "10s" + value: "15s" diff --git a/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/registry-console.yaml b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/registry-console.yaml new file mode 100644 index 000000000..80cc4233b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/infrastructure-templates/origin/registry-console.yaml @@ -0,0 +1,124 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_NAME}:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_NAME} + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: "Container image name" + name: IMAGE_NAME + value: "cockpit/kubernetes" + - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' + name: IMAGE_VERSION + value: latest + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json index f85e7e537..ab4982690 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json @@ -126,9 +126,9 @@ }, "spec": { "strategy": { - "type": "Rolling", + "type": "Recreate", "recreateParams": { - "pre": { + "pre": { "failurePolicy": "Retry", "execNewPod": { "command": [ diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp.json deleted file mode 100644 index dc6ecb5c7..000000000 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp.json +++ /dev/null @@ -1,343 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "cakephp-example", - "annotations": { - "description": "An example CakePHP application with no database", - "tags": "quickstart,php,cakephp", - "iconClass": "icon-php" - } - }, - "labels": { - "template": "cakephp-example" - }, - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Exposes and load balances the application pods" - } - }, - "spec": { - "ports": [ - { - "name": "web", - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "name": "${NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}" - }, - "spec": { - "host": "${APPLICATION_DOMAIN}", - "to": { - "kind": "Service", - "name": "${NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Keeps track of changes in the application image" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to build the application" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "from": { - "kind": "ImageStreamTag", - "namespace": "${NAMESPACE}", - "name": "php:5.6" - }, - "env": [ - { - "name": "COMPOSER_MIRROR", - "value": "${COMPOSER_MIRROR}" - } - ] - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - }, - "triggers": [ - { - "type": "ImageChange" - }, - { - "type": "ConfigChange" - }, - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to deploy the application server" - } - }, - "spec": { - "strategy": { - "type": "Rolling" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "cakephp-example" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${NAME}" - }, - "template": { - "metadata": { - "name": "${NAME}", - "labels": { - "name": "${NAME}" - } - }, - "spec": { - "containers": [ - { - "name": "cakephp-example", - "image": " ", - "ports": [ - { - "containerPort": 8080 - } - ], - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "env": [ - { - "name": "DATABASE_SERVICE_NAME", - "value": "${DATABASE_SERVICE_NAME}" - }, - { - "name": "DATABASE_ENGINE", - "value": "${DATABASE_ENGINE}" - }, - { - "name": "DATABASE_NAME", - "value": "${DATABASE_NAME}" - }, - { - "name": "DATABASE_USER", - "value": "${DATABASE_USER}" - }, - { - "name": "DATABASE_PASSWORD", - "value": "${DATABASE_PASSWORD}" - }, - { - "name": "CAKEPHP_SECRET_TOKEN", - "value": "${CAKEPHP_SECRET_TOKEN}" - }, - { - "name": "CAKEPHP_SECURITY_SALT", - "value": "${CAKEPHP_SECURITY_SALT}" - }, - { - "name": "CAKEPHP_SECURITY_CIPHER_SEED", - "value": "${CAKEPHP_SECURITY_CIPHER_SEED}" - }, - { - "name": "OPCACHE_REVALIDATE_FREQ", - "value": "${OPCACHE_REVALIDATE_FREQ}" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - } - } - ] - } - } - } - } - ], - "parameters": [ - { - "name": "NAME", - "displayName": "Name", - "description": "The name assigned to all of the frontend objects defined in this template.", - "required": true, - "value": "cakephp-example" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "required": true, - "value": "openshift" - }, - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "required": true, - "value": "512Mi" - }, - { - "name": "SOURCE_REPOSITORY_URL", - "displayName": "Git Repository URL", - "description": "The URL of the repository with your application source code.", - "required": true, - "value": "https://github.com/openshift/cakephp-ex.git" - }, - { - "name": "SOURCE_REPOSITORY_REF", - "displayName": "Git Reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." - }, - { - "name": "CONTEXT_DIR", - "displayName": "Context Directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - }, - { - "name": "APPLICATION_DOMAIN", - "displayName": "Application Hostname", - "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", - "value": "" - }, - { - "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub Webhook Secret", - "description": "A secret string used to configure the GitHub webhook.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "DATABASE_SERVICE_NAME", - "displayName": "Database Service Name" - }, - { - "name": "DATABASE_ENGINE", - "displayName": "Database Engine", - "description": "Database engine: postgresql, mysql or sqlite (default)." - }, - { - "name": "DATABASE_NAME", - "displayName": "Database Name" - }, - { - "name": "DATABASE_USER", - "displayName": "Database User" - }, - { - "name": "DATABASE_PASSWORD", - "displayName": "Database Password" - }, - { - "name": "CAKEPHP_SECRET_TOKEN", - "displayName": "CakePHP Secret Token", - "description": "Set this to a long random string.", - "generate": "expression", - "from": "[\\w]{50}" - }, - { - "name": "CAKEPHP_SECURITY_SALT", - "displayName": "CakePHP Security Salt", - "description": "Security salt for session hash.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "CAKEPHP_SECURITY_CIPHER_SEED", - "displayName": "CakePHP Security Cipher Seed", - "description": "Security cipher seed for session hash.", - "generate": "expression", - "from": "[0-9]{30}" - }, - { - "name": "OPCACHE_REVALIDATE_FREQ", - "displayName": "OPcache Revalidation Frequency", - "description": "How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", - "value": "2" - }, - { - "name": "COMPOSER_MIRROR", - "displayName": "Custom Composer Mirror URL", - "description": "The custom Composer mirror URL", - "value": "" - } - ] -} diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/dancer.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/dancer.json deleted file mode 100644 index 46b8984e3..000000000 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/dancer.json +++ /dev/null @@ -1,276 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "dancer-example", - "annotations": { - "description": "An example Dancer application with no database", - "tags": "quickstart,perl,dancer", - "iconClass": "icon-perl" - } - }, - "labels": { - "template": "dancer-example" - }, - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Exposes and load balances the application pods" - } - }, - "spec": { - "ports": [ - { - "name": "web", - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "name": "${NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}" - }, - "spec": { - "host": "${APPLICATION_DOMAIN}", - "to": { - "kind": "Service", - "name": "${NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Keeps track of changes in the application image" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to build the application" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "from": { - "kind": "ImageStreamTag", - "namespace": "${NAMESPACE}", - "name": "perl:5.20" - }, - "env": [ - { - "name": "CPAN_MIRROR", - "value": "${CPAN_MIRROR}" - } - ] - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - }, - "triggers": [ - { - "type": "ImageChange" - }, - { - "type": "ConfigChange" - }, - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - } - ] - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to deploy the application server" - } - }, - "spec": { - "strategy": { - "type": "Rolling" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "dancer-example" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${NAME}" - }, - "template": { - "metadata": { - "name": "${NAME}", - "labels": { - "name": "${NAME}" - } - }, - "spec": { - "containers": [ - { - "name": "dancer-example", - "image": " ", - "ports": [ - { - "containerPort": 8080 - } - ], - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "env": [ - { - "name": "PERL_APACHE2_RELOAD", - "value": "${PERL_APACHE2_RELOAD}" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - } - } - ] - } - } - } - } - ], - "parameters": [ - { - "name": "NAME", - "displayName": "Name", - "description": "The name assigned to all of the frontend objects defined in this template.", - "required": true, - "value": "dancer-example" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "required": true, - "value": "openshift" - }, - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "required": true, - "value": "512Mi" - }, - { - "name": "SOURCE_REPOSITORY_URL", - "displayName": "Git Repository URL", - "description": "The URL of the repository with your application source code.", - "required": true, - "value": "https://github.com/openshift/dancer-ex.git" - }, - { - "name": "SOURCE_REPOSITORY_REF", - "displayName": "Git Reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." - }, - { - "name": "CONTEXT_DIR", - "displayName": "Context Directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - }, - { - "name": "APPLICATION_DOMAIN", - "displayName": "Application Hostname", - "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", - "value": "" - }, - { - "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub Webhook Secret", - "description": "A secret string used to configure the GitHub webhook.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "SECRET_KEY_BASE", - "displayName": "Secret Key", - "description": "Your secret key for verifying the integrity of signed cookies.", - "generate": "expression", - "from": "[a-z0-9]{127}" - }, - { - "name": "PERL_APACHE2_RELOAD", - "displayName": "Perl Module Reload", - "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules.", - "value": "" - }, - { - "name": "CPAN_MIRROR", - "displayName": "Custom CPAN Mirror URL", - "description": "The custom CPAN mirror URL", - "value": "" - } - ] -} diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/django.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/django.json deleted file mode 100644 index 1c2e40d70..000000000 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/django.json +++ /dev/null @@ -1,323 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "django-example", - "annotations": { - "description": "An example Django application with no database", - "tags": "quickstart,python,django", - "iconClass": "icon-python" - } - }, - "labels": { - "template": "django-example" - }, - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Exposes and load balances the application pods" - } - }, - "spec": { - "ports": [ - { - "name": "web", - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "name": "${NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}" - }, - "spec": { - "host": "${APPLICATION_DOMAIN}", - "to": { - "kind": "Service", - "name": "${NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Keeps track of changes in the application image" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to build the application" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "from": { - "kind": "ImageStreamTag", - "namespace": "${NAMESPACE}", - "name": "python:3.5" - }, - "env": [ - { - "name": "PIP_INDEX_URL", - "value": "${PIP_INDEX_URL}" - } - ] - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - }, - "triggers": [ - { - "type": "ImageChange" - }, - { - "type": "ConfigChange" - }, - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - } - ], - "postCommit": { - "script": "./manage.py test" - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to deploy the application server" - } - }, - "spec": { - "strategy": { - "type": "Rolling" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "django-example" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${NAME}" - }, - "template": { - "metadata": { - "name": "${NAME}", - "labels": { - "name": "${NAME}" - } - }, - "spec": { - "containers": [ - { - "name": "django-example", - "image": " ", - "ports": [ - { - "containerPort": 8080 - } - ], - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "env": [ - { - "name": "DATABASE_SERVICE_NAME", - "value": "${DATABASE_SERVICE_NAME}" - }, - { - "name": "DATABASE_ENGINE", - "value": "${DATABASE_ENGINE}" - }, - { - "name": "DATABASE_NAME", - "value": "${DATABASE_NAME}" - }, - { - "name": "DATABASE_USER", - "value": "${DATABASE_USER}" - }, - { - "name": "DATABASE_PASSWORD", - "value": "${DATABASE_PASSWORD}" - }, - { - "name": "APP_CONFIG", - "value": "${APP_CONFIG}" - }, - { - "name": "DJANGO_SECRET_KEY", - "value": "${DJANGO_SECRET_KEY}" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - } - } - ] - } - } - } - } - ], - "parameters": [ - { - "name": "NAME", - "displayName": "Name", - "description": "The name assigned to all of the frontend objects defined in this template.", - "required": true, - "value": "django-example" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "required": true, - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "required": true, - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "SOURCE_REPOSITORY_URL", - "displayName": "Git Repository URL", - "required": true, - "description": "The URL of the repository with your application source code.", - "value": "https://github.com/openshift/django-ex.git" - }, - { - "name": "SOURCE_REPOSITORY_REF", - "displayName": "Git Reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." - }, - { - "name": "CONTEXT_DIR", - "displayName": "Context Directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - }, - { - "name": "APPLICATION_DOMAIN", - "displayName": "Application Hostname", - "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", - "value": "" - }, - { - "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub Webhook Secret", - "description": "A secret string used to configure the GitHub webhook.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "DATABASE_SERVICE_NAME", - "displayName": "Database Service Name" - }, - { - "name": "DATABASE_ENGINE", - "displayName": "Database Engine", - "description": "Database engine: postgresql, mysql or sqlite (default)." - }, - { - "name": "DATABASE_NAME", - "displayName": "Database Name" - }, - { - "name": "DATABASE_USER", - "displayName": "Database Username" - }, - { - "name": "DATABASE_PASSWORD", - "displayName": "Database User Password" - }, - { - "name": "APP_CONFIG", - "displayName": "Application Configuration File Path", - "description": "Relative path to Gunicorn configuration file (optional)." - }, - { - "name": "DJANGO_SECRET_KEY", - "displayName": "Django Secret Key", - "description": "Set this to a long random string.", - "generate": "expression", - "from": "[\\w]{50}" - }, - { - "name": "PIP_INDEX_URL", - "displayName": "Custom PyPi Index URL", - "description": "The custom PyPi index URL", - "value": "" - } - ] -} diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json index d1ae6de90..e8e361415 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json @@ -5,11 +5,12 @@ "name": "jenkins-ephemeral", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, without persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "description": "Jenkins service, without persistent storage.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -25,6 +26,7 @@ }, "tls": { "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" @@ -74,6 +76,7 @@ } }, "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", "containers": [ { "name": "jenkins", @@ -88,7 +91,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 60, + "initialDelaySeconds": 120, "httpGet": { "path": "/login", "port": 8080 @@ -98,6 +101,18 @@ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" } ], "resources": { @@ -135,19 +150,42 @@ } }, { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null + "name": "${JNLP_SERVICE_NAME}" }, "spec": { "ports": [ { - "name": "web", + "name": "agent", "protocol": "TCP", - "port": 8080, - "targetPort": 8080, + "port": 50000, + "targetPort": 50000, "nodePort": 0 } ], @@ -158,6 +196,35 @@ "type": "ClusterIP", "sessionAffinity": "None" } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ @@ -168,11 +235,18 @@ "value": "jenkins" }, { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", "generate": "expression", - "value": "password" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MEMORY_LIMIT", diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json index c7bc3f2fa..e4a18961e 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json @@ -5,11 +5,12 @@ "name": "jenkins-persistent", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, with persistent storage.\nThe username is 'admin' and the tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.\nYou must have persistent volumes available in your cluster to use this template.", + "description": "Jenkins service, with persistent storage.\nYou must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, + "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -25,6 +26,7 @@ }, "tls": { "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect", "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" @@ -91,6 +93,7 @@ } }, "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", "containers": [ { "name": "jenkins", @@ -105,7 +108,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 60, + "initialDelaySeconds": 120, "httpGet": { "path": "/login", "port": 8080 @@ -115,6 +118,18 @@ { "name": "JENKINS_PASSWORD", "value": "${JENKINS_PASSWORD}" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" } ], "resources": { @@ -152,19 +167,42 @@ } }, { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null + "name": "${JNLP_SERVICE_NAME}" }, "spec": { "ports": [ { - "name": "web", + "name": "agent", "protocol": "TCP", - "port": 8080, - "targetPort": 8080, + "port": 50000, + "targetPort": 50000, "nodePort": 0 } ], @@ -175,6 +213,35 @@ "type": "ClusterIP", "sessionAffinity": "None" } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "portalIP": "", + "type": "ClusterIP", + "sessionAffinity": "None" + } } ], "parameters": [ @@ -185,11 +252,18 @@ "value": "jenkins" }, { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { "name": "JENKINS_PASSWORD", "displayName": "Jenkins Password", "description": "Password for the Jenkins 'admin' user.", "generate": "expression", - "value": "password" + "from": "[a-zA-Z0-9]{16}", + "required": true }, { "name": "MEMORY_LIMIT", diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json deleted file mode 100644 index 325663313..000000000 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkinstemplate.json +++ /dev/null @@ -1,255 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "jenkins", - "creationTimestamp": null, - "annotations": { - "description": "Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", - "iconClass": "icon-jenkins", - "tags": "instant-app,jenkins" - } - }, - "objects": [ - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "jenkins", - "creationTimestamp": null - }, - "spec": { - "to": { - "kind": "Service", - "name": "${JENKINS_SERVICE_NAME}" - }, - "tls": { - "termination": "edge", - "insecureEdgeTerminationPolicy": "Redirect", - "certificate": "-----BEGIN CERTIFICATE-----\nMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0Rl\nZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0ExGjAYBgNVBAMMEXd3\ndy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu\nY29tMB4XDTE1MDExMjE0MTk0MVoXDTE2MDExMjE0MTk0MVowfDEYMBYGA1UEAwwP\nd3d3LmV4YW1wbGUuY29tMQswCQYDVQQIDAJTQzELMAkGA1UEBhMCVVMxIjAgBgkq\nhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xEDAOBgNVBAoMB0V4YW1wbGUx\nEDAOBgNVBAsMB0V4YW1wbGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMrv\ngu6ZTTefNN7jjiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm\n47VRx5Qrf/YLXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1M\nmNrQUgZyQC6XIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAGjDTALMAkGA1UdEwQC\nMAAwDQYJKoZIhvcNAQEFBQADggEBAFCi7ZlkMnESvzlZCvv82Pq6S46AAOTPXdFd\nTMvrh12E1sdVALF1P1oYFJzG1EiZ5ezOx88fEDTW+Lxb9anw5/KJzwtWcfsupf1m\nV7J0D3qKzw5C1wjzYHh9/Pz7B1D0KthQRATQCfNf8s6bbFLaw/dmiIUhHLtIH5Qc\nyfrejTZbOSP77z8NOWir+BWWgIDDB2//3AkDIQvT20vmkZRhkqSdT7et4NmXOX/j\njhPti4b2Fie0LeuvgaOdKjCpQQNrYthZHXeVlOLRhMTSk3qUczenkKTOhvP7IS9q\n+Dzv5hqgSfvMG392KWh5f8xXfJNs4W5KLbZyl901MeReiLrPH3w=\n-----END CERTIFICATE-----", - "key": "-----BEGIN PRIVATE KEY-----\nMIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMrvgu6ZTTefNN7j\njiZbS/xvQjyXjYMN7oVXv76jbX8gjMOmg9m0xoVZZFAE4XyQDuCm47VRx5Qrf/YL\nXmB2VtCFvB0AhXr5zSeWzPwaAPrjA4ebG+LUo24ziS8KqNxrFs1MmNrQUgZyQC6X\nIe1JHXc9t+JlL5UZyZQC1IfaJulDAgMBAAECgYEAnxOjEj/vrLNLMZE1Q9H7PZVF\nWdP/JQVNvQ7tCpZ3ZdjxHwkvf//aQnuxS5yX2Rnf37BS/TZu+TIkK4373CfHomSx\nUTAn2FsLmOJljupgGcoeLx5K5nu7B7rY5L1NHvdpxZ4YjeISrRtEPvRakllENU5y\ngJE8c2eQOx08ZSRE4TkCQQD7dws2/FldqwdjJucYijsJVuUdoTqxP8gWL6bB251q\nelP2/a6W2elqOcWId28560jG9ZS3cuKvnmu/4LG88vZFAkEAzphrH3673oTsHN+d\nuBd5uyrlnGjWjuiMKv2TPITZcWBjB8nJDSvLneHF59MYwejNNEof2tRjgFSdImFH\nmi995wJBAMtPjW6wiqRz0i41VuT9ZgwACJBzOdvzQJfHgSD9qgFb1CU/J/hpSRIM\nkYvrXK9MbvQFvG6x4VuyT1W8mpe1LK0CQAo8VPpffhFdRpF7psXLK/XQ/0VLkG3O\nKburipLyBg/u9ZkaL0Ley5zL5dFBjTV2Qkx367Ic2b0u9AYTCcgi2DsCQQD3zZ7B\nv7BOm7MkylKokY2MduFFXU0Bxg6pfZ7q3rvg8gqhUFbaMStPRYg6myiDiW/JfLhF\nTcFT4touIo7oriFJ\n-----END PRIVATE KEY-----", - "caCertificate": "-----BEGIN CERTIFICATE-----\nMIIEFzCCAv+gAwIBAgIJALK1iUpF2VQLMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD\nVQQGEwJVUzELMAkGA1UECAwCU0MxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoG\nA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEQMA4GA1UECwwHVGVzdCBDQTEaMBgG\nA1UEAwwRd3d3LmV4YW1wbGVjYS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVA\nZXhhbXBsZS5jb20wHhcNMTUwMTEyMTQxNTAxWhcNMjUwMTA5MTQxNTAxWjCBoTEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlNDMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx\nHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxEDAOBgNVBAsMB1Rlc3QgQ0Ex\nGjAYBgNVBAMMEXd3dy5leGFtcGxlY2EuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFt\ncGxlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nw2rK1J2NMtQj0KDug7g7HRKl5jbf0QMkMKyTU1fBtZ0cCzvsF4CqV11LK4BSVWaK\nrzkaXe99IVJnH8KdOlDl5Dh/+cJ3xdkClSyeUT4zgb6CCBqg78ePp+nN11JKuJlV\nIG1qdJpB1J5O/kCLsGcTf7RS74MtqMFo96446Zvt7YaBhWPz6gDaO/TUzfrNcGLA\nEfHVXkvVWqb3gqXUztZyVex/gtP9FXQ7gxTvJml7UkmT0VAFjtZnCqmFxpLZFZ15\n+qP9O7Q2MpsGUO/4vDAuYrKBeg1ZdPSi8gwqUP2qWsGd9MIWRv3thI2903BczDc7\nr8WaIbm37vYZAS9G56E4+wIDAQABo1AwTjAdBgNVHQ4EFgQUugLrSJshOBk5TSsU\nANs4+SmJUGwwHwYDVR0jBBgwFoAUugLrSJshOBk5TSsUANs4+SmJUGwwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaMJ33zAMV4korHo5aPfayV3uHoYZ\n1ChzP3eSsF+FjoscpoNSKs91ZXZF6LquzoNezbfiihK4PYqgwVD2+O0/Ty7UjN4S\nqzFKVR4OS/6lCJ8YncxoFpTntbvjgojf1DEataKFUN196PAANc3yz8cWHF4uvjPv\nWkgFqbIjb+7D1YgglNyovXkRDlRZl0LD1OQ0ZWhd4Ge1qx8mmmanoBeYZ9+DgpFC\nj9tQAbS867yeOryNe7sEOIpXAAqK/DTu0hB6+ySsDfMo4piXCc2aA/eI2DCuw08e\nw17Dz9WnupZjVdwTKzDhFgJZMLDqn37HQnT6EemLFqbcR0VPEnfyhDtZIQ==\n-----END CERTIFICATE-----" - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "creationTimestamp": null - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "jenkins" - ], - "from": { - "kind": "ImageStreamTag", - "name": "jenkins:1", - "namespace": "openshift" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "template": { - "metadata": { - "creationTimestamp": null, - "labels": { - "name": "${JENKINS_SERVICE_NAME}" - } - }, - "spec": { - "serviceAccountName": "${JENKINS_SERVICE_NAME}", - "containers": [ - { - "name": "jenkins", - "image": " ", - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/login", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 120, - "httpGet": { - "path": "/login", - "port": 8080 - } - }, - "env": [ - { - "name": "JENKINS_PASSWORD", - "value": "${JENKINS_PASSWORD}" - }, - { - "name": "KUBERNETES_MASTER", - "value": "https://kubernetes.default:443" - }, - { - "name": "KUBERNETES_TRUST_CERTIFICATES", - "value": "true" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, - "volumeMounts": [ - { - "name": "${JENKINS_SERVICE_NAME}-data", - "mountPath": "/var/lib/jenkins" - } - ], - "terminationMessagePath": "/dev/termination-log", - "imagePullPolicy": "IfNotPresent", - "capabilities": {}, - "securityContext": { - "capabilities": {}, - "privileged": false - } - } - ], - "volumes": [ - { - "name": "${JENKINS_SERVICE_NAME}-data", - "emptyDir": { - "medium": "" - } - } - ], - "restartPolicy": "Always", - "dnsPolicy": "ClusterFirst" - } - } - } - }, - { - "kind": "ServiceAccount", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}" - } - }, - { - "kind": "RoleBinding", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}_edit" - }, - "groupNames": null, - "subjects": [ - { - "kind": "ServiceAccount", - "name": "${JENKINS_SERVICE_NAME}" - } - ], - "roleRef": { - "name": "edit" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "jenkins-jnlp", - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "agent", - "protocol": "TCP", - "port": 50000, - "targetPort": 50000, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${JENKINS_SERVICE_NAME}", - "annotations": { - "service.alpha.openshift.io/dependencies": "[{\"name\": \"jenkins-jnlp\", \"namespace\": \"\", \"kind\": \"Service\"}]", - "service.openshift.io/infrastructure": "true" - }, - "creationTimestamp": null - }, - "spec": { - "ports": [ - { - "name": "web", - "protocol": "TCP", - "port": 80, - "targetPort": 8080, - "nodePort": 0 - } - ], - "selector": { - "name": "${JENKINS_SERVICE_NAME}" - }, - "portalIP": "", - "type": "ClusterIP", - "sessionAffinity": "None" - } - } - ], - "parameters": [ - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "value": "512Mi" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "value": "openshift" - }, - { - "name": "JENKINS_SERVICE_NAME", - "displayName": "Jenkins Service Name", - "description": "The name of the OpenShift Service exposed for the Jenkins container.", - "value": "jenkins" - }, - { - "name": "JENKINS_PASSWORD", - "displayName": "Jenkins Password", - "description": "Password for the Jenkins user.", - "generate": "expression", - "value": "password" - } - ], - "labels": { - "template": "jenkins-ephemeral-template" - } -} diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/nodejs.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/nodejs.json deleted file mode 100644 index ec262e4e8..000000000 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/nodejs.json +++ /dev/null @@ -1,323 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "name": "nodejs-example", - "annotations": { - "description": "An example Node.js application with no database", - "tags": "quickstart,nodejs", - "iconClass": "icon-nodejs" - } - }, - "labels": { - "template": "nodejs-example" - }, - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Exposes and load balances the application pods" - } - }, - "spec": { - "ports": [ - { - "name": "web", - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "name": "${NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}" - }, - "spec": { - "host": "${APPLICATION_DOMAIN}", - "to": { - "kind": "Service", - "name": "${NAME}" - } - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Keeps track of changes in the application image" - } - } - }, - { - "kind": "BuildConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to build the application" - } - }, - "spec": { - "source": { - "type": "Git", - "git": { - "uri": "${SOURCE_REPOSITORY_URL}", - "ref": "${SOURCE_REPOSITORY_REF}" - }, - "contextDir": "${CONTEXT_DIR}" - }, - "strategy": { - "type": "Source", - "sourceStrategy": { - "from": { - "kind": "ImageStreamTag", - "namespace": "${NAMESPACE}", - "name": "nodejs:4" - }, - "env": [ - { - "name": "NPM_MIRROR", - "value": "${NPM_MIRROR}" - } - ] - } - }, - "output": { - "to": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - }, - "triggers": [ - { - "type": "ImageChange" - }, - { - "type": "ConfigChange" - }, - { - "type": "GitHub", - "github": { - "secret": "${GITHUB_WEBHOOK_SECRET}" - } - }, - { - "type": "Generic", - "generic": { - "secret": "${GENERIC_WEBHOOK_SECRET}" - } - } - ], - "postCommit": { - "script": "npm test" - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${NAME}", - "annotations": { - "description": "Defines how to deploy the application server" - } - }, - "spec": { - "strategy": { - "type": "Rolling" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "nodejs-example" - ], - "from": { - "kind": "ImageStreamTag", - "name": "${NAME}:latest" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "name": "${NAME}" - }, - "template": { - "metadata": { - "name": "${NAME}", - "labels": { - "name": "${NAME}" - } - }, - "spec": { - "containers": [ - { - "name": "nodejs-example", - "image": " ", - "ports": [ - { - "containerPort": 8080 - } - ], - "readinessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 3, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/", - "port": 8080 - } - }, - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - }, - "env": [ - { - "name": "DATABASE_SERVICE_NAME", - "value": "${DATABASE_SERVICE_NAME}" - }, - { - "name": "MONGODB_USER", - "value": "${MONGODB_USER}" - }, - { - "name": "MONGODB_PASSWORD", - "value": "${MONGODB_PASSWORD}" - }, - { - "name": "MONGODB_DATABASE", - "value": "${MONGODB_DATABASE}" - }, - { - "name": "MONGODB_ADMIN_PASSWORD", - "value": "${MONGODB_ADMIN_PASSWORD}" - } - ], - "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } - } - } - ] - } - } - } - } - ], - "parameters": [ - { - "name": "NAME", - "displayName": "Name", - "description": "The name assigned to all of the frontend objects defined in this template.", - "required": true, - "value": "nodejs-example" - }, - { - "name": "NAMESPACE", - "displayName": "Namespace", - "description": "The OpenShift Namespace where the ImageStream resides.", - "required": true, - "value": "openshift" - }, - { - "name": "MEMORY_LIMIT", - "displayName": "Memory Limit", - "description": "Maximum amount of memory the container can use.", - "required": true, - "value": "512Mi" - }, - { - "name": "SOURCE_REPOSITORY_URL", - "displayName": "Git Repository URL", - "description": "The URL of the repository with your application source code.", - "required": true, - "value": "https://github.com/openshift/nodejs-ex.git" - }, - { - "name": "SOURCE_REPOSITORY_REF", - "displayName": "Git Reference", - "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." - }, - { - "name": "CONTEXT_DIR", - "displayName": "Context Directory", - "description": "Set this to the relative path to your project if it is not in the root of your repository." - }, - { - "name": "APPLICATION_DOMAIN", - "displayName": "Application Hostname", - "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", - "value": "" - }, - { - "name": "GITHUB_WEBHOOK_SECRET", - "displayName": "GitHub Webhook Secret", - "description": "A secret string used to configure the GitHub webhook.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "GENERIC_WEBHOOK_SECRET", - "displayName": "Generic Webhook Secret", - "description": "A secret string used to configure the Generic webhook.", - "generate": "expression", - "from": "[a-zA-Z0-9]{40}" - }, - { - "name": "DATABASE_SERVICE_NAME", - "displayName": "Database Service Name" - }, - { - "name": "MONGODB_USER", - "displayName": "MongoDB Username", - "description": "Username for MongoDB user that will be used for accessing the database." - }, - { - "name": "MONGODB_PASSWORD", - "displayName": "MongoDB Password", - "description": "Password for the MongoDB user." - }, - { - "name": "MONGODB_DATABASE", - "displayName": "Database Name" - }, - { - "name": "MONGODB_ADMIN_PASSWORD", - "displayName": "Database Administrator Password", - "description": "Password for the database admin user." - }, - { - "name": "NPM_MIRROR", - "displayName": "Custom NPM Mirror URL", - "description": "The custom NPM mirror URL", - "value": "" - } - ] -} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json index ed0e94bed..65060cc2c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json @@ -20,13 +20,23 @@ { "name": "1.0", "annotations": { - "description": "JBoss Fuse Integration Services 6.2.1 Java S2I images.", + "description": "JBoss Fuse Integration Services 1.0 Java S2I images.", "iconClass": "icon-jboss", "tags": "builder,jboss-fuse,java,xpaas", "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", "version": "1.0" } - } + }, + { + "name": "2.0", + "annotations": { + "description": "JBoss Fuse Integration Services 2.0 Java S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,xpaas", + "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", + "version": "2.0" + } + } ] } }, @@ -42,13 +52,23 @@ { "name": "1.0", "annotations": { - "description": "JBoss Fuse Integration Services 6.2.1 Karaf S2I images.", + "description": "JBoss Fuse Integration Services 1.0 Karaf S2I images.", "iconClass": "icon-jboss", "tags": "builder,jboss-fuse,java,karaf,xpaas", "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", "version": "1.0" } - } + }, + { + "name": "2.0", + "annotations": { + "description": "JBoss Fuse Integration Services 2.0 Karaf S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,karaf,xpaas", + "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", + "version": "2.0" + } + } ] } } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json index 8c21683dc..4edc97f41 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json @@ -194,7 +194,7 @@ { "name": "1.2", "annotations": { - "description": "Decision Server 6.2 S2I images.", + "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.", "iconClass": "icon-jboss", "tags": "builder,decisionserver,java,xpaas", "supports":"decisionserver:6.2,java:8,xpaas:1.2", @@ -211,6 +211,56 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { + "name": "jboss-decisionserver63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,decisionserver,java,xpaas", + "supports":"decisionserver:6.3,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-processserver63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,processserver,java,xpaas", + "supports":"processserver:6.3,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { "name": "jboss-datagrid65-openshift" }, "spec": { diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json index f09900491..754a3b4c0 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 A-MQ applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,amq,java,messaging,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-amq-s2i" }, "labels": { "template": "decisionserver62-amq-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -145,18 +145,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -460,11 +458,6 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ @@ -609,6 +602,11 @@ }, "ports": [ { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { "name": "amqp", "containerPort": 5672, "protocol": "TCP" @@ -658,20 +656,24 @@ "value": "${MQ_PROTOCOL}" }, { - "name": "AMQ_QUEUES", - "value": "${MQ_QUEUES}" + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, { - "name": "AMQ_TOPICS", - "value": "${MQ_TOPICS}" + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json index 7f694e0e1..8be4ac90b 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-basic-s2i" }, "labels": { "template": "decisionserver62-basic-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -301,11 +301,6 @@ "name": "http", "containerPort": 8080, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json index ea1fcd5dc..bf9047599 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json @@ -3,16 +3,16 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for BRMS Realtime Decision Server 6 HTTPS applications built using S2I.", + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server HTTPS applications built using S2I.", "iconClass": "icon-jboss", "tags": "decisionserver,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.3" }, "name": "decisionserver62-https-s2i" }, "labels": { "template": "decisionserver62-https-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.3" }, "parameters": [ { @@ -403,11 +403,6 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" - }, - { - "name": "ping", - "containerPort": 8888, - "protocol": "TCP" } ], "env": [ diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-amq-s2i.json new file mode 100644 index 000000000..51e667e02 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-amq-s2i.json @@ -0,0 +1,696 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server A-MQ applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,amq,java,messaging,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-amq-s2i" + }, + "labels": { + "template": "decisionserver63-amq-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-basic-s2i.json new file mode 100644 index 000000000..c5f0d006a --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-basic-s2i.json @@ -0,0 +1,339 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-basic-s2i" + }, + "labels": { + "template": "decisionserver63-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-https-s2i.json new file mode 100644 index 000000000..3db0e4c84 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver63-https-s2i.json @@ -0,0 +1,473 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server HTTPS applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-https-s2i" + }, + "labels": { + "template": "decisionserver63-https-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json new file mode 100644 index 000000000..1dea463ac --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json @@ -0,0 +1,1079 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-mysql-persistent-s2i" + }, + "labels": { + "template": "processserver63-amq-mysql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-s2i.json new file mode 100644 index 000000000..42264585b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-mysql-s2i.json @@ -0,0 +1,959 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-mysql-s2i" + }, + "labels": { + "template": "processserver63-amq-mysql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json new file mode 100644 index 000000000..f6d0c99ed --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json @@ -0,0 +1,1052 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-postgresql-persistent-s2i" + }, + "labels": { + "template": "processserver63-amq-postgresql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-s2i.json new file mode 100644 index 000000000..41c726cf0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-amq-postgresql-s2i.json @@ -0,0 +1,932 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-postgresql-s2i" + }, + "labels": { + "template": "processserver63-amq-postgresql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-basic-s2i.json new file mode 100644 index 000000000..170c919cb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-basic-s2i.json @@ -0,0 +1,345 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,javaee,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-basic-s2i" + }, + "labels": { + "template": "processserver63-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.H2Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-persistent-s2i.json new file mode 100644 index 000000000..89d0db1a6 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-persistent-s2i.json @@ -0,0 +1,792 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-mysql-persistent-s2i" + }, + "labels": { + "template": "processserver63-mysql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-s2i.json new file mode 100644 index 000000000..26cab29f8 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-mysql-s2i.json @@ -0,0 +1,716 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-mysql-s2i" + }, + "labels": { + "template": "processserver63-mysql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-persistent-s2i.json new file mode 100644 index 000000000..32a512829 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-persistent-s2i.json @@ -0,0 +1,765 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-postgresql-persistent-s2i" + }, + "labels": { + "template": "processserver63-postgresql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-s2i.json new file mode 100644 index 000000000..55e2199bb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/processserver63-postgresql-s2i.json @@ -0,0 +1,689 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-postgresql-s2i" + }, + "labels": { + "template": "processserver63-postgresql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index 4150fabec..058ad8888 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -73,6 +73,27 @@ failed_when: "'already exists' not in oex_import_db_templates.stderr and oex_import_db_templates.rc != 0" changed_when: false +- name: Remove defunct quickstart template files + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ quickstarts_base }}/nodejs.json" + - "{{ quickstarts_base }}/cakephp.json" + - "{{ quickstarts_base }}/dancer.json" + - "{{ quickstarts_base }}/django.json" + +- name: Remove defunct quickstart templates from openshift namespace + command: "{{ openshift.common.client_binary }} -n openshift delete templates/{{ item }}" + with_items: + - nodejs-example + - cakephp-example + - dancer-example + - django-example + register: oex_delete_defunct_quickstart_templates + failed_when: "'not found' not in oex_delete_defunct_quickstart_templates.stderr and oex_delete_defunct_quickstart_templates.rc != 0" + changed_when: false + - name: Import quickstart-templates command: > {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ quickstarts_base }} diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 659f4eba6..b2d007ec9 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -477,6 +477,14 @@ def set_selectors(facts): facts['hosted']['registry'] = {} if 'selector' not in facts['hosted']['registry'] or facts['hosted']['registry']['selector'] in [None, 'None']: facts['hosted']['registry']['selector'] = selector + if 'metrics' not in facts['hosted']: + facts['hosted']['metrics'] = {} + if 'selector' not in facts['hosted']['metrics'] or facts['hosted']['metrics']['selector'] in [None, 'None']: + facts['hosted']['metrics']['selector'] = None + if 'logging' not in facts['hosted']: + facts['hosted']['logging'] = {} + if 'selector' not in facts['hosted']['logging'] or facts['hosted']['logging']['selector'] in [None, 'None']: + facts['hosted']['logging']['selector'] = None return facts @@ -789,7 +797,7 @@ def set_deployment_facts_if_unset(facts): curr_disabled_features = set(facts['master']['disabled_features']) facts['master']['disabled_features'] = list(curr_disabled_features.union(openshift_features)) else: - if deployment_type == 'atomic-enterprise': + if facts['common']['deployment_subtype'] == 'registry': facts['master']['disabled_features'] = openshift_features if 'node' in facts: @@ -944,7 +952,12 @@ def format_url(use_ssl, hostname, port, path=''): netloc = hostname if (use_ssl and port != '443') or (not use_ssl and port != '80'): netloc += ":%s" % port - return urlparse.urlunparse((scheme, netloc, path, '', '', '')) + try: + url = urlparse.urlunparse((scheme, netloc, path, '', '', '')) + except AttributeError: + # pylint: disable=undefined-variable + url = urlunparse((scheme, netloc, path, '', '', '')) + return url def get_current_config(facts): """ Get current openshift config @@ -1023,6 +1036,8 @@ def build_kubelet_args(facts): if facts['cloudprovider']['kind'] == 'openstack': kubelet_args['cloud-provider'] = ['openstack'] kubelet_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if facts['cloudprovider']['kind'] == 'gce': + kubelet_args['cloud-provider'] = ['gce'] if kubelet_args != {}: facts = merge_facts({'node': {'kubelet_args': kubelet_args}}, facts, [], []) return facts @@ -1041,6 +1056,8 @@ def build_controller_args(facts): if facts['cloudprovider']['kind'] == 'openstack': controller_args['cloud-provider'] = ['openstack'] controller_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if facts['cloudprovider']['kind'] == 'gce': + controller_args['cloud-provider'] = ['gce'] if controller_args != {}: facts = merge_facts({'master': {'controller_args': controller_args}}, facts, [], []) return facts @@ -1059,6 +1076,8 @@ def build_api_server_args(facts): if facts['cloudprovider']['kind'] == 'openstack': api_server_args['cloud-provider'] = ['openstack'] api_server_args['cloud-config'] = [cloud_cfg_path + '/openstack.conf'] + if facts['cloudprovider']['kind'] == 'gce': + api_server_args['cloud-provider'] = ['gce'] if api_server_args != {}: facts = merge_facts({'master': {'api_server_args': api_server_args}}, facts, [], []) return facts @@ -1420,6 +1439,9 @@ def set_proxy_facts(facts): builddefaults['http_proxy'] = common['http_proxy'] if 'https_proxy' not in builddefaults and 'https_proxy' in common: builddefaults['https_proxy'] = common['https_proxy'] + # make no_proxy into a list if it's not + if 'no_proxy' in builddefaults and isinstance(builddefaults['no_proxy'], basestring): + builddefaults['no_proxy'] = builddefaults['no_proxy'].split(",") if 'no_proxy' not in builddefaults and 'no_proxy' in common: builddefaults['no_proxy'] = common['no_proxy'] if 'git_http_proxy' not in builddefaults and 'http_proxy' in builddefaults: @@ -1599,11 +1621,13 @@ class OpenShiftFacts(object): try: # ansible-2.1 - # pylint: disable=too-many-function-args + # pylint: disable=too-many-function-args,invalid-name self.system_facts = ansible_facts(module, ['hardware', 'network', 'virtual', 'facter']) - except TypeError: - # ansible-1.9.x,ansible-2.0.x - self.system_facts = ansible_facts(module) + for (k, v) in self.system_facts.items(): + self.system_facts["ansible_%s" % k.replace('-', '_')] = v + except UnboundLocalError: + # ansible-2.2 + self.system_facts = get_all_facts(module)['ansible_facts'] self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite, @@ -1642,7 +1666,12 @@ class OpenShiftFacts(object): else: deployment_type = 'origin' - defaults = self.get_defaults(roles, deployment_type) + if 'common' in local_facts and 'deployment_subtype' in local_facts['common']: + deployment_subtype = local_facts['common']['deployment_subtype'] + else: + deployment_subtype = 'basic' + + defaults = self.get_defaults(roles, deployment_type, deployment_subtype) provider_facts = self.init_provider_facts() facts = apply_provider_facts(defaults, provider_facts) facts = merge_facts(facts, @@ -1674,7 +1703,7 @@ class OpenShiftFacts(object): facts = set_installed_variant_rpm_facts(facts) return dict(openshift=facts) - def get_defaults(self, roles, deployment_type): + def get_defaults(self, roles, deployment_type, deployment_subtype): """ Get default fact values Args: @@ -1684,16 +1713,17 @@ class OpenShiftFacts(object): dict: The generated default facts """ defaults = {} - ip_addr = self.system_facts['default_ipv4']['address'] + ip_addr = self.system_facts['ansible_default_ipv4']['address'] exit_code, output, _ = module.run_command(['hostname', '-f']) hostname_f = output.strip() if exit_code == 0 else '' - hostname_values = [hostname_f, self.system_facts['nodename'], - self.system_facts['fqdn']] + hostname_values = [hostname_f, self.system_facts['ansible_nodename'], + self.system_facts['ansible_fqdn']] hostname = choose_hostname(hostname_values, ip_addr) defaults['common'] = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, deployment_type=deployment_type, + deployment_subtype=deployment_subtype, hostname=hostname, public_hostname=hostname, portal_net='172.30.0.0/16', @@ -1708,6 +1738,9 @@ class OpenShiftFacts(object): {"name": "PodFitsResources"}, {"name": "PodFitsPorts"}, {"name": "NoDiskConflict"}, + {"name": "NoVolumeZoneConflict"}, + {"name": "MaxEBSVolumeCount"}, + {"name": "MaxGCEPDVolumeCount"}, {"name": "Region", "argument": {"serviceAffinity" : {"labels" : ["region"]}}} ] scheduler_priorities = [ @@ -1739,7 +1772,7 @@ class OpenShiftFacts(object): if 'node' in roles: defaults['node'] = dict(labels={}, annotations={}, - iptables_sync_period='5s', + iptables_sync_period='30s', local_quota_per_fsgroup="", set_node_ip=False) @@ -1783,8 +1816,9 @@ class OpenShiftFacts(object): filesystem='ext4', volumeID='123'), host=None, - access_modes=['ReadWriteMany'], - create_pv=True + access_modes=['ReadWriteOnce'], + create_pv=True, + create_pvc=False ) ), registry=dict( @@ -1799,7 +1833,8 @@ class OpenShiftFacts(object): options='*(rw,root_squash)'), host=None, access_modes=['ReadWriteMany'], - create_pv=True + create_pv=True, + create_pvc=True ) ), router=dict() @@ -1821,10 +1856,10 @@ class OpenShiftFacts(object): dict: The generated default facts for the detected provider """ # TODO: cloud provider facts should probably be submitted upstream - product_name = self.system_facts['product_name'] - product_version = self.system_facts['product_version'] - virt_type = self.system_facts['virtualization_type'] - virt_role = self.system_facts['virtualization_role'] + product_name = self.system_facts['ansible_product_name'] + product_version = self.system_facts['ansible_product_version'] + virt_type = self.system_facts['ansible_virtualization_type'] + virt_role = self.system_facts['ansible_virtualization_role'] provider = None metadata = None @@ -2107,12 +2142,16 @@ def main(): additive_facts_to_overwrite=dict(default=[], type='list', required=False), openshift_env=dict(default={}, type='dict', required=False), openshift_env_structures=dict(default=[], type='list', required=False), - protected_facts_to_overwrite=dict(default=[], type='list', required=False), + protected_facts_to_overwrite=dict(default=[], type='list', required=False) ), supports_check_mode=True, add_file_common_args=True, ) + module.params['gather_subset'] = ['hardware', 'network', 'virtual', 'facter'] + module.params['gather_timeout'] = 10 + module.params['filter'] = '*' + role = module.params['role'] local_facts = module.params['local_facts'] additive_facts_to_overwrite = module.params['additive_facts_to_overwrite'] diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 4dbbd7f45..afeb78f95 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -24,6 +24,7 @@ local_facts: # TODO: Deprecate deployment_type in favor of openshift_deployment_type deployment_type: "{{ openshift_deployment_type | default(deployment_type) }}" + deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}" cluster_id: "{{ openshift_cluster_id | default('default') }}" hostname: "{{ openshift_hostname | default(None) }}" ip: "{{ openshift_ip | default(None) }}" @@ -40,4 +41,3 @@ - name: Set repoquery command set_fact: repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" - diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md index 102728820..328f800bf 100644 --- a/roles/openshift_hosted/README.md +++ b/roles/openshift_hosted/README.md @@ -22,6 +22,7 @@ From this role: | openshift_hosted_router_registryurl | 'openshift3/ose-${component}:${version}' | The image to base the OpenShift router on. | | openshift_hosted_router_replicas | Number of nodes matching selector | The number of replicas to configure. | | openshift_hosted_router_selector | region=infra | Node selector used when creating router. The OpenShift router will only be deployed to nodes matching this selector. | +| openshift_hosted_router_name | router | The name of the router to be created. | | openshift_hosted_registry_registryurl | 'openshift3/ose-${component}:${version}' | The image to base the OpenShift registry on. | | openshift_hosted_registry_replicas | Number of nodes matching selector | The number of replicas to configure. | | openshift_hosted_registry_selector | region=infra | Node selector used when creating registry. The OpenShift registry will only be deployed to nodes matching this selector. | diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index fc037ceda..d5077932b 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -18,7 +18,9 @@ l_default_replicas: 0 when: l_node_count | int == 0 -# If registry nodes are defined and the registry storage kind is defined, default should be the number of registry nodes, otherwise just 1: +# If registry nodes are defined and the registry storage kind is +# defined, default should be the number of registry nodes, otherwise +# just 1: - set_fact: l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}" when: l_node_count | int > 0 @@ -49,8 +51,14 @@ failed_when: "openshift_hosted_registry_results.rc != 0 and 'service exists' not in openshift_hosted_registry_results.stdout and 'deployment_config' not in openshift_hosted_registry_results.stderr and 'service' not in openshift_hosted_registry_results.stderr" when: replicas | int > 0 +- include: secure.yml + static: no + when: openshift.common.deployment_subtype == 'registry' + - include: storage/object_storage.yml + static: no when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) == 'object' - include: storage/persistent_volume.yml + static: no when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack'] diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml new file mode 100644 index 000000000..4cb85df04 --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -0,0 +1,87 @@ +--- +- name: Determine if registry certificates must be created + stat: + path: "{{ openshift_master_config_dir }}/{{ item }}" + with_items: + - registry.crt + - registry.key + register: docker_registry_certificates_stat_result + changed_when: false + failed_when: false + +- name: Retrieve registry service IP + command: > + {{ openshift.common.client_binary }} get service docker-registry + --template='{{ '{{' }} .spec.clusterIP {{ '}}' }}' + --config={{ openshift_hosted_kubeconfig }} + -n default + register: docker_registry_service_ip + changed_when: false + +- set_fact: + docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift.master.default_subdomain | default('router.default.svc.cluster.local', true)) }}" + +- name: Create registry certificates if they do not exist + command: > + {{ openshift.common.admin_binary }} ca create-server-cert + --signer-cert=/etc/origin/master/ca.crt + --signer-key=/etc/origin/master/ca.key + --signer-serial=/etc/origin/master/ca.serial.txt + --hostnames="{{ docker_registry_service_ip.stdout }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}" + --cert={{ openshift_master_config_dir }}/registry.crt + --key={{ openshift_master_config_dir }}/registry.key + when: False in (docker_registry_certificates_stat_result.results | default([]) | oo_collect(attribute='stat.exists') | list) + +- name: Create the secret for the registry certificates + command: > + {{ openshift.common.client_binary }} secrets new registry-certificates + {{ openshift_master_config_dir }}/registry.crt + {{ openshift_master_config_dir }}/registry.key + --config={{ openshift_hosted_kubeconfig }} + -n default + register: create_registry_certificates_secret + changed_when: "'already exists' not in create_registry_certificates_secret.stderr" + failed_when: "'already exists' not in create_registry_certificates_secret.stderr and create_registry_certificates_secret.rc != 0" + +- name: "Add the secret to the registry's pod service accounts" + command: > + {{ openshift.common.client_binary }} secrets link {{ item }} registry-certificates + --config={{ openshift_hosted_kubeconfig }} + -n default + with_items: + - registry + - default + +- name: Determine if registry-certificates secret volume attached + command: > + {{ openshift.common.client_binary }} get dc/docker-registry + --template='{{ '{{' }} range .spec.template.spec.volumes {{ '}}' }}{{ '{{' }} .secret.secretName {{ '}}' }}{{ '{{' }} end {{ '}}' }}' + --config={{ openshift_hosted_kubeconfig }} + -n default + register: docker_registry_volumes + changed_when: false + failed_when: false + +- name: Attach registry-certificates secret volume + command: > + {{ openshift.common.client_binary }} volume dc/docker-registry --add --type=secret + --secret-name=registry-certificates + -m /etc/secrets + --config={{ openshift_hosted_kubeconfig }} + -n default + when: "'registry-certificates' not in docker_registry_volumes.stdout" + +- name: Set registry environment variables for TLS certificate + command: > + {{ openshift.common.client_binary }} env dc/docker-registry + REGISTRY_HTTP_TLS_CERTIFICATE=/etc/secrets/registry.crt + REGISTRY_HTTP_TLS_KEY=/etc/secrets/registry.key + --config={{ openshift_hosted_kubeconfig }} + -n default + +# These commands are on a single line to preserve patch json. +- name: Update registry liveness probe from HTTP to HTTPS + command: "{{ openshift.common.client_binary }} patch dc/docker-registry --api-version=v1 -p '{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"registry\",\"livenessProbe\":{\"httpGet\":{\"scheme\":\"HTTPS\"}}}]}}}}' --config={{ openshift_hosted_kubeconfig }} -n default" + +- name: Update registry readiness probe from HTTP to HTTPS + command: "{{ openshift.common.client_binary }} patch dc/docker-registry --api-version=v1 -p '{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"registry\",\"readinessProbe\":{\"httpGet\":{\"scheme\":\"HTTPS\"}}}]}}}}' --config={{ openshift_hosted_kubeconfig }} -n default" diff --git a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml index 6bf859e82..60eefd71a 100644 --- a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml +++ b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml @@ -5,10 +5,11 @@ - name: Determine if volume is already attached to dc/docker-registry command: "{{ openshift.common.client_binary }} get -o template dc/docker-registry --template=\\{\\{.spec.template.spec.volumes\\}\\} --output-version=v1" changed_when: false + failed_when: false register: registry_volumes_output - set_fact: - volume_attached: "{{ registry_volume_claim in registry_volumes_output.stdout }}" + volume_attached: "{{ registry_volume_claim in (registry_volumes_output).stdout | default(['']) }}" - name: Add volume to dc/docker-registry command: > diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index e18b9781c..0cad19c34 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -70,6 +70,10 @@ {% if openshift.hosted.router.registryurl | default(none) is not none -%} --images='{{ openshift.hosted.router.registryurl }}' {% endif -%} + {% if openshift.hosted.router.name | default(none) is not none -%} + {{ openshift.hosted.router.name }} + {% endif -%} + register: openshift_hosted_router_results changed_when: "'service exists' not in openshift_hosted_router_results.stdout" failed_when: "openshift_hosted_router_results.rc != 0 and 'service exists' not in openshift_hosted_router_results.stdout and 'deployment_config' not in openshift_hosted_router_results.stderr and 'service' not in openshift_hosted_router_results.stderr" diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2 index ea5626642..092b0fb35 100644 --- a/roles/openshift_hosted/templates/registry_config.j2 +++ b/roles/openshift_hosted/templates/registry_config.j2 @@ -15,7 +15,7 @@ storage: encrypt: false secure: true v4auth: true - rootdirectory: /registry + rootdirectory: {{ openshift.hosted.registry.storage.s3.rootdirectory | default('/registry') }} chunksize: "{{ openshift.hosted.registry.storage.s3.chunksize | default(26214400) }}" {% elif openshift.hosted.registry.storage.provider == 'azure_blob' %} azure: @@ -58,10 +58,16 @@ auth: openshift: realm: openshift middleware: +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} + registry: + - name: openshift +{% endif %} repository: - name: openshift options: pullthrough: {{ openshift.hosted.registry.pullthrough | default(true) }} + acceptschema2: {{ openshift.hosted.registry.acceptschema2 | default(false) }} + enforcequota: {{ openshift.hosted.registry.enforcequota | default(false) }} {% if openshift.hosted.registry.storage.provider == 's3' and 'cloudfront' in openshift.hosted.registry.storage.s3 %} storage: - name: cloudfront @@ -69,4 +75,7 @@ middleware: baseurl: {{ openshift.hosted.registry.storage.s3.cloudfront.baseurl }} privatekey: {{ openshift.hosted.registry.storage.s3.cloudfront.privatekeyfile }} keypairid: {{ openshift.hosted.registry.storage.s3.cloudfront.keypairid }} +{% elif openshift.common.version_gte_3_3_or_1_3 | bool %} + storage: + - name: openshift {% endif -%} diff --git a/roles/openshift_hosted_logging/README.md b/roles/openshift_hosted_logging/README.md index b3f363571..03db1c4b1 100644 --- a/roles/openshift_hosted_logging/README.md +++ b/roles/openshift_hosted_logging/README.md @@ -5,6 +5,35 @@ - openshift_hosted_logging_master_public_url: https://localhost:8443 ###Optional vars: +- openshift_hosted_logging_image_prefix: logging image prefix. No default. Use this to specify an alternate image repository e.g. my.private.repo:5000/private_openshift/ +- target_registry: DEPRECATED - use openshift_hosted_logging_image_prefix instead +- openshift_hosted_logging_image_version: logging image version suffix. Defaults to the current version of the deployed software. - openshift_hosted_logging_secret_vars: (defaults to nothing=/dev/null) kibana.crt=/etc/origin/master/ca.crt kibana.key=/etc/origin/master/ca.key ca.crt=/etc/origin/master/ca.crt ca.key=/etc/origin/master/ca.key - openshift_hosted_logging_fluentd_replicas: (defaults to 1) 3 - openshift_hosted_logging_cleanup: (defaults to no) Set this to 'yes' in order to cleanup logging components instead of deploying. +- openshift_hosted_logging_elasticsearch_instance_ram: Amount of RAM to reserve per ElasticSearch instance (e.g. 1024M, 2G). Defaults to 8GiB; must be at least 512M (Ref.: [ElasticSearch documentation](https://www.elastic.co/guide/en/elasticsearch/guide/current/hardware.html\#\_memory). +- openshift_hosted_logging_elasticsearch_pvc_size: Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead. +- openshift_hosted_logging_elasticsearch_pvc_prefix: Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size `openshift_hosted_logging_elasticsearch_pvc_size`. +- openshift_hosted_logging_elasticsearch_pvc_dynamic: Set to `true` to have created PersistentVolumeClaims annotated such that their backing storage can be dynamically provisioned (if that is available for your cluster). +- openshift_hosted_logging_elasticsearch_storage_group: Number of a supplemental group ID for access to Elasticsearch storage volumes; backing volumes should allow access by this group ID (defaults to 65534). +- openshift_hosted_logging_elasticsearch_nodeselector: Specify the nodeSelector that Elasticsearch should be use (label=value) +- openshift_hosted_logging_fluentd_nodeselector: The nodeSelector to use for the Fluentd DaemonSet. Defaults to "logging-infra-fluentd=true". +- openshift_hosted_logging_kibana_nodeselector: Specify the nodeSelector that Kibana should be use (label=value) +- openshift_hosted_logging_curator_nodeselector: Specify the nodeSelector that Curator should be use (label=value) +- openshift_hosted_logging_enable_ops_cluster: If "true", configure a second ES cluster and Kibana for ops logs. +- openshift_hosted_logging_use_journal: If this is unset or empty, logging will try to figure out from docker which log driver it is using (json-file or journald). You can set this param to "true" or "false" to force logging to use journal or not (but make sure you are sure which one docker is using). +- openshift_hosted_logging_journal_source: By default, if this param is unset or empty, logging will use `/var/log/journal` if it exists, or `/run/log/journal` if not. You can use this param to force logging to use a different location. +- openshift_hosted_logging_journal_read_from_head: Set to `true` to have fluentd read from the beginning of the journal, to get historical log data. Default is `false`. *WARNING* Using `true` may take several minutes or even hours, depending on the size of the journal, until any new records show up in Elasticsearch, and will cause fluentd to consume a lot of CPU and RAM resources. + +When `openshift_hosted_logging_enable_ops_cluster` is `True`, there are some +additional vars. These work the same as above for their non-ops counterparts, +but apply to the OPS cluster instance: +- openshift_hosted_logging_ops_hostname: kibana-ops.example.com +- openshift_hosted_logging_elasticsearch_ops_cluster_size +- openshift_hosted_logging_elasticsearch_ops_instance_ram +- openshift_hosted_logging_elasticsearch_ops_pvc_size +- openshift_hosted_logging_elasticsearch_ops_pvc_prefix +- openshift_hosted_logging_elasticsearch_ops_pvc_dynamic +- openshift_hosted_logging_elasticsearch_ops_nodeselector +- openshift_hosted_logging_kibana_ops_nodeselector +- openshift_hosted_logging_curator_ops_nodeselector diff --git a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml index 072f7bb4e..082bb6ea2 100644 --- a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml +++ b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml @@ -1,4 +1,7 @@ --- + - debug: msg="WARNING target_registry is deprecated, use openshift_hosted_logging_image_prefix instead" + when: target_registry is defined and target_registry + - fail: msg="This role requires the following vars to be defined. openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, openshift_hosted_logging_elasticsearch_cluster_size" when: "openshift_hosted_logging_hostname is not defined or openshift_hosted_logging_elasticsearch_cluster_size is not defined or @@ -14,9 +17,16 @@ cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig changed_when: False + - name: Check for logging project already exists + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project logging -o jsonpath='{.metadata.name}' + register: logging_project_result + ignore_errors: True + - name: "Create logging project" command: > {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging + when: logging_project_result.stdout == "" - name: "Changing projects" command: > @@ -28,21 +38,20 @@ register: secret_output failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr" - - name: "Copy serviceAccount file" - copy: - dest: /tmp/logging-deployer-sa.yaml - src: "{{role_path}}/files/logging-deployer-sa.yaml" - force: yes - - - name: "Create logging-deployer service account" + - name: "Create templates for logging accounts and the deployer" command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /tmp/logging-deployer-sa.yaml - register: deployer_output - failed_when: "deployer_output.rc == 1 and 'exists' not in deployer_output.stderr" + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml + register: template_output + failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr" + + - name: "Process the logging accounts template" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-deployer-account-template | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -" + register: process_deployer_accounts + failed_when: process_deployer_accounts.rc == 1 and 'already exists' not in process_deployer_accounts.stderr - name: "Set permissions for logging-deployer service account" command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-role-to-user edit system:serviceaccount:logging:logging-deployer + {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig policy add-cluster-role-to-user oauth-editor system:serviceaccount:logging:logging-deployer register: permiss_output failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr" @@ -58,14 +67,16 @@ register: fluentd2_output failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" - - name: "Create deployer template" + - name: "Create ConfigMap for deployer parameters" command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f /usr/share/openshift/examples/infrastructure-templates/enterprise/logging-deployer.yaml -n openshift - register: template_output - failed_when: "template_output.rc == 1 and 'exists' not in template_output.stderr" + {{ openshift.common.client_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-deployer {{ deployer_cmap_params }} + register: deployer_configmap_output + failed_when: "deployer_configmap_output.rc == 1 and 'exists' not in deployer_configmap_output.stderr" - name: "Process the deployer template" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-deployer-template -n openshift -v {{ oc_process_values }} | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-app logging-deployer-template {{ oc_new_app_values }}" + register: process_deployer + failed_when: process_deployer.rc == 1 and 'already exists' not in process_deployer.stderr - name: "Wait for image pull and deployer pod" shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods | grep logging-deployer.*Completed" @@ -74,37 +85,71 @@ retries: 15 delay: 10 - - name: "Process support template" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-support-template | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -" + - name: "Process imagestream template" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-app logging-imagestream-template {{ oc_new_app_values }}" + when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry + register: process_is + failed_when: process_is.rc == 1 and 'already exists' not in process_is.stderr - name: "Set insecured registry" command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig annotate is --all openshift.io/image.insecureRepository=true --overwrite" - when: "target_registry is defined and insecure_registry == 'true'" + when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry - name: "Wait for imagestreams to become available" shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get is | grep logging-fluentd" + when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry register: result until: result.rc == 0 failed_when: result.rc == 1 and 'not found' not in result.stderr retries: 20 delay: 10 - - name: "Wait for replication controllers to become available" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get rc | grep logging-fluentd-1" + - name: "Wait for component pods to be running" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component={{ item }} | grep Running" + with_items: + - es + - kibana + - curator register: result until: result.rc == 0 - failed_when: result.rc == 1 and 'not found' not in result.stderr + failed_when: result.rc == 1 or 'Error' in result.stderr + retries: 20 + delay: 10 + + - name: "Wait for ops component pods to be running" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component={{ item }} | grep Running" + with_items: + - es-ops + - kibana-ops + - curator-ops + when: openshift_hosted_logging_enable_ops_cluster is defined and openshift_hosted_logging_enable_ops_cluster + register: result + until: result.rc == 0 + failed_when: result.rc == 1 or 'Error' in result.stderr retries: 20 delay: 10 + - name: "Wait for fluentd DaemonSet to exist" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get daemonset logging-fluentd" + register: result + until: result.rc == 0 + failed_when: result.rc == 1 or 'Error' in result.stderr + retries: 20 + delay: 10 - - name: "Scale fluentd deployment config" - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale dc/logging-fluentd --replicas={{ fluentd_replicas | default('1') }} + - name: "Deploy fluentd by labeling the node" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig label node {{ openshift_hostname }} {{ openshift_hosted_logging_fluentd_nodeselector if openshift_hosted_logging_fluentd_nodeselector is defined else 'logging-infra-fluentd=true' }}" + - name: "Wait for fluentd to be running" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component=fluentd | grep Running" + register: result + until: result.rc == 0 + failed_when: result.rc == 1 or 'Error' in result.stderr + retries: 20 + delay: 10 - debug: - msg: "Logging components deployed. Note persistant volume for elasticsearch must be setup manually" + msg: "Logging components deployed. Note persistent volume for elasticsearch must be setup manually" - name: Delete temp directory file: diff --git a/roles/openshift_hosted_logging/vars/main.yaml b/roles/openshift_hosted_logging/vars/main.yaml index 88d112209..2ef3164e1 100644 --- a/roles/openshift_hosted_logging/vars/main.yaml +++ b/roles/openshift_hosted_logging/vars/main.yaml @@ -1,6 +1,32 @@ -kh_kv: "KIBANA_HOSTNAME={{ openshift_hosted_logging_hostname | quote }}" -es_cs_kv: "ES_CLUSTER_SIZE={{ openshift_hosted_logging_elasticsearch_cluster_size | string | quote }}" -pmu_kv: "PUBLIC_MASTER_URL={{ openshift_hosted_logging_master_public_url | quote }}" -ip_kv: "{{ 'IMAGE_PREFIX=' ~ target_registry | quote if target_registry is defined else '' }}" -oc_process_values: "{{ kh_kv }},{{ es_cs_kv }},{{ pmu_kv }},{{ ip_kv }}" +tr_or_ohlip: "{{ openshift_hosted_logging_image_prefix or target_registry or none }}" +ip_kv: "{{ '-p IMAGE_PREFIX=' ~ tr_or_ohlip | quote if tr_or_ohlip is defined else '' }}" +iv_kv: "{{ '-p IMAGE_VERSION=' ~ openshift_hosted_logging_image_version | quote if openshift_hosted_logging_image_version is defined else '' }}" +oc_new_app_values: "{{ ip_kv }} {{ iv_kv }}" openshift_master_config_dir: "{{ openshift.common.config_base }}/master" +kh_cmap_param: "{{ '--from-literal kibana-hostname=' ~ openshift_hosted_logging_hostname | quote if openshift_hosted_logging_hostname is defined else '' }}" +kh_ops_cmap_param: "{{ '--from-literal kibana-ops-hostname=' ~ openshift_hosted_logging_ops_hostname | quote if openshift_hosted_logging_ops_hostname is defined else '' }}" +pmu_cmap_param: "{{ '--from-literal public-master-url=' ~ openshift_hosted_logging_master_public_url | quote if openshift_hosted_logging_master_public_url is defined else '' }}" +es_cs_cmap_param: "{{ '--from-literal es-cluster-size=' ~ openshift_hosted_logging_elasticsearch_cluster_size | string | quote if openshift_hosted_logging_elasticsearch_cluster_size is defined else '' }}" +es_ops_cs_cmap_param: "{{ '--from-literal es-ops-cluster-size=' ~ openshift_hosted_logging_elasticsearch_ops_cluster_size | string | quote if openshift_hosted_logging_elasticsearch_ops_cluster_size is defined else '' }}" +es_ir_cmap_param: "{{ '--from-literal es-instance-ram=' ~ openshift_hosted_logging_elasticsearch_instance_ram | quote if openshift_hosted_logging_elasticsearch_instance_ram is defined else '' }}" +es_ops_ir_cmap_param: "{{ '--from-literal es-ops-instance-ram=' ~ openshift_hosted_logging_elasticsearch_ops_instance_ram | quote if openshift_hosted_logging_elasticsearch_ops_instance_ram is defined else '' }}" +es_pvcs_cmap_param: "{{ '--from-literal es-pvc-size=' ~ openshift_hosted_logging_elasticsearch_pvc_size | quote if openshift_hosted_logging_elasticsearch_pvc_size is defined else '' }}" +es_ops_pvcs_cmap_param: "{{ '--from-literal es-ops-pvc-size=' ~ openshift_hosted_logging_elasticsearch_ops_pvc_size | quote if openshift_hosted_logging_elasticsearch_ops_pvc_size is defined else '' }}" +es_pvcp_cmap_param: "{{ '--from-literal es-pvc-prefix=' ~ openshift_hosted_logging_elasticsearch_pvc_prefix | quote if openshift_hosted_logging_elasticsearch_pvc_prefix is defined else '' }}" +es_ops_pvcp_cmap_param: "{{ '--from-literal es-ops-pvc-prefix=' ~ openshift_hosted_logging_elasticsearch_ops_pvc_prefix | quote if openshift_hosted_logging_elasticsearch_ops_pvc_prefix is defined else '' }}" +es_pvcd_cmap_param: "{{ '--from-literal es-pvc-dynamic=' ~ openshift_hosted_logging_elasticsearch_pvc_dynamic | quote if openshift_hosted_logging_elasticsearch_pvc_dynamic is defined else '' }}" +es_ops_pvcd_cmap_param: "{{ '--from-literal es-ops-pvc-dynamic=' ~ openshift_hosted_logging_elasticsearch_ops_pvc_dynamic | quote if openshift_hosted_logging_elasticsearch_ops_pvc_dynamic is defined else '' }}" +es_sg_cmap_param: "{{ '--from-literal storage-group=' ~ openshift_hosted_logging_elasticsearch_storage_group | string | quote if openshift_hosted_logging_elasticsearch_storage_group is defined else '' }}" +es_ns_cmap_param: "{{ '--from-literal es-nodeselector=' ~ openshift_hosted_logging_elasticsearch_nodeselector | quote if openshift_hosted_logging_elasticsearch_nodeselector is defined else '' }}" +es_ops_ns_cmap_param: "{{ '--from-literal es-ops-nodeselector=' ~ openshift_hosted_logging_elasticsearch_ops_nodeselector | quote if openshift_hosted_logging_elasticsearch_ops_nodeselector is defined else '' }}" +fd_ns_cmap_param: "{{ '--from-literal fluentd-nodeselector=' ~ openshift_hosted_logging_fluentd_nodeselector | quote if openshift_hosted_logging_fluentd_nodeselector is defined else 'logging-infra-fluentd=true' }}" +kb_ns_cmap_param: "{{ '--from-literal kibana-nodeselector=' ~ openshift_hosted_logging_kibana_nodeselector | quote if openshift_hosted_logging_kibana_nodeselector is defined else '' }}" +kb_ops_ns_cmap_param: "{{ '--from-literal kibana-ops-nodeselector=' ~ openshift_hosted_logging_kibana_ops_nodeselector | quote if openshift_hosted_logging_kibana_ops_nodeselector is defined else '' }}" +cr_ns_cmap_param: "{{ '--from-literal curator-nodeselector=' ~ openshift_hosted_logging_curator_nodeselector | quote if openshift_hosted_logging_curator_nodeselector is defined else '' }}" +cr_ops_ns_cmap_param: "{{ '--from-literal curator-ops-nodeselector=' ~ openshift_hosted_logging_curator_ops_nodeselector | quote if openshift_hosted_logging_curator_ops_nodeselector is defined else '' }}" +ops_cmap_param: "{{ '--from-literal enable-ops-cluster=' ~ openshift_hosted_logging_enable_ops_cluster | string | lower | quote if openshift_hosted_logging_enable_ops_cluster is defined else '' }}" +use_journal_cmap_param: "{{ '--from-literal use-journal=' ~ openshift_hosted_logging_use_journal | string | lower | quote if openshift_hosted_logging_use_journal is defined else '' }}" +journal_source_cmap_param: "{{ '--from-literal journal-source=' ~ openshift_hosted_logging_journal_source | quote if openshift_hosted_logging_journal_source is defined else '' }}" +journal_read_from_head_cmap_param: "{{ '--from-literal journal-read-from-head=' ~ openshift_hosted_logging_journal_read_from_head | string | lower | quote if openshift_hosted_logging_journal_read_from_head is defined else '' }}" +ips_cmap_param: "{{ '--from-literal image-pull-secret=' ~ openshift_hosted_logging_image_pull_secret | quote if openshift_hosted_logging_image_pull_secret is defined else '' }}" +deployer_cmap_params: "{{ kh_cmap_param }} {{ kh_ops_cmap_param }} {{ pmu_cmap_param }} {{ es_cs_cmap_param }} {{ es_ir_cmap_param }} {{ es_pvcs_cmap_param }} {{ es_pvcp_cmap_param }} {{ es_pvcd_cmap_param }} {{ es_ops_cs_cmap_param }} {{ es_ops_ir_cmap_param }} {{ es_ops_pvcs_cmap_param }} {{ es_ops_pvcp_cmap_param }} {{ es_ops_pvcd_cmap_param }} {{ es_sg_cmap_param }} {{ es_ns_cmap_param }} {{ es_ops_ns_cmap_param }} {{ fd_ns_cmap_param }} {{ kb_ns_cmap_param }} {{ kb_ops_ns_cmap_param }} {{ cr_ns_cmap_param }} {{ cr_ops_ns_cmap_param }} {{ ops_cmap_param }} {{ use_journal_cmap_param }} {{ journal_source_cmap_param }} {{ journal_read_from_head_cmap_param }} {{ ips_cmap_param }}" diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index 291cdbbb5..f45ade751 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -1,6 +1,22 @@ +--- +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + +- set_fact: + openshift_manage_node_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + +- name: Copy the admin client config(s) + command: > + cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_manage_node_kubeconfig }} + changed_when: False + - name: Wait for Node Registration command: > - {{ openshift.common.client_binary }} get node {{ item | lower }} + {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.common.hostname | lower }} + --config={{ openshift_manage_node_kubeconfig }} + -n default register: omd_get_node until: omd_get_node.rc == 0 retries: 50 @@ -10,13 +26,22 @@ - name: Set node schedulability command: > - {{ openshift.common.admin_binary }} manage-node {{ item.openshift.common.hostname | lower }} --schedulable={{ 'true' if item.openshift.node.schedulable | bool else 'false' }} - with_items: - - "{{ openshift_node_vars }}" + {{ openshift.common.admin_binary }} manage-node {{ hostvars[item].openshift.common.hostname | lower }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }} + --config={{ openshift_manage_node_kubeconfig }} + -n default + with_items: "{{ openshift_nodes }}" + when: hostvars[item].openshift.common.hostname is defined - name: Label nodes command: > - {{ openshift.common.client_binary }} label --overwrite node {{ item.openshift.common.hostname | lower }} {{ item.openshift.node.labels | oo_combine_dict }} - with_items: - - "{{ openshift_node_vars }}" - when: "'labels' in item.openshift.node and item.openshift.node.labels != {}" + {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.common.hostname | lower }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }} + --config={{ openshift_manage_node_kubeconfig }} + -n default + with_items: "{{ openshift_nodes }}" + when: hostvars[item].openshift.common.hostname is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {} + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index de0a7000e..5d7a3c038 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -70,6 +70,4 @@ when: openshift.common.version_gte_3_2_or_1_2 | bool - name: Clean temporary configuration file - command: > - rm -f {{manage_iq_tmp_conf}} - changed_when: false + file: path={{manage_iq_tmp_conf}} state=absent diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml index b2aed79c7..6a0c5b41b 100644 --- a/roles/openshift_manageiq/vars/main.yml +++ b/roles/openshift_manageiq/vars/main.yml @@ -30,6 +30,7 @@ manage_iq_tasks: - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin - policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin - policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin + - policy add-cluster-role-to-user self-provisioner system:serviceaccount:management-infra:management-admin manage_iq_openshift_3_2_tasks: - policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index e1efb4c2b..d8a4aa9bb 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -202,6 +202,10 @@ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname == openshift_master_hosts[0] register: start_result +- set_fact: + master_api_service_status_changed: "{{ start_result | changed }}" + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname == openshift_master_hosts[0] + - pause: seconds: 15 when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' @@ -216,7 +220,7 @@ - set_fact: master_api_service_status_changed: "{{ start_result | changed }}" - when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname != openshift_master_hosts[0] # A separate wait is required here for native HA since notifies will # be resolved after all tasks in the role. @@ -277,37 +281,3 @@ - name: Set the cluster user password shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster when: install_result | changed - -- name: Lookup default group for ansible_ssh_user - command: "/usr/bin/id -g {{ ansible_ssh_user }}" - changed_when: false - register: _ansible_ssh_user_gid - -- set_fact: - client_users: "{{ [ansible_ssh_user, 'root'] | unique }}" - -- name: Create the client config dir(s) - file: - path: "~{{ item }}/.kube" - state: directory - mode: 0700 - owner: "{{ item }}" - group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" - with_items: "{{ client_users }}" - -# TODO: Update this file if the contents of the source file are not present in -# the dest file, will need to make sure to ignore things that could be added -- name: Copy the admin client config(s) - command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config - args: - creates: ~{{ item }}/.kube/config - with_items: "{{ client_users }}" - -- name: Update the permissions on the admin client config(s) - file: - path: "~{{ item }}/.kube/config" - state: file - mode: 0700 - owner: "{{ item }}" - group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" - with_items: "{{ client_users }}" diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index 458b56fd1..56110c28f 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -16,7 +16,7 @@ # workaround for missing systemd unit files - name: Create the systemd unit files template: - src: "docker/master.docker.service.j2" + src: "master_docker/master.docker.service.j2" dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master.service" when: openshift.common.is_containerized | bool and (openshift.master.ha is not defined or not openshift.master.ha | bool) register: create_master_unit_file @@ -45,6 +45,13 @@ failed_when: false changed_when: false +- name: Preserve Master API AWS options + command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-api + register: master_api_aws + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + failed_when: false + changed_when: false + - name: Create the master api service env file template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2" @@ -62,13 +69,29 @@ line: "{{ item }}" with_items: "{{ master_api_proxy.stdout_lines | default([]) }}" +- name: Restore Master API AWS Options + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + and master_api_aws.rc == 0 and + not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api + line: "{{ item }}" + with_items: "{{ master_api_aws.stdout_lines | default([]) }}" + - name: Preserve Master Controllers Proxy Config options - command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api + command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers register: master_controllers_proxy when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" failed_when: false changed_when: false +- name: Preserve Master Controllers AWS options + command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + register: master_controllers_aws + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + failed_when: false + changed_when: false + - name: Create the master controllers service env file template: src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2" @@ -84,12 +107,21 @@ line: "{{ item }}" with_items: "{{ master_controllers_proxy.stdout_lines | default([]) }}" when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" - and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common + and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common + +- name: Restore Master Controllers AWS Options + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers + line: "{{ item }}" + with_items: "{{ master_controllers_aws.stdout_lines | default([]) }}" + when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native" + and master_controllers_aws.rc == 0 and + not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) - name: Install Master docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service" - src: docker/master.docker.service.j2 + src: master_docker/master.docker.service.j2 register: install_result when: openshift.common.is_containerized | bool and openshift.master.ha is defined and not openshift.master.ha | bool @@ -99,6 +131,12 @@ failed_when: false changed_when: false +- name: Preserve Master AWS options + command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master + register: master_aws + failed_when: false + changed_when: false + - name: Create the master service env file template: src: "atomic-openshift-master.j2" @@ -112,4 +150,11 @@ dest: /etc/sysconfig/{{ openshift.common.service_type }}-master line: "{{ item }}" with_items: "{{ master_proxy.stdout_lines | default([]) }}" - when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common
\ No newline at end of file + when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common + +- name: Restore Master AWS Options + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-master + line: "{{ item }}" + with_items: "{{ master_aws.stdout_lines | default([]) }}" + when: master_aws.rc == 0 and not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 75d44d308..10eaeb401 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} -AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} -AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined %} +AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'api_env_vars' in openshift.master or 'controllers_env_vars' in openshift.master -%} diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 index df1dbb85e..eef0f414e 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2 @@ -12,7 +12,7 @@ Requires=docker.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api Environment=GOTRACEBACK=crash ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api LimitNOFILE=131072 diff --git a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 index 5ff2edae4..a8f5d7351 100644 --- a/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2 @@ -11,7 +11,7 @@ PartOf=docker.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers LimitNOFILE=131072 diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 662f23aa3..ced3eb76f 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -44,6 +44,13 @@ auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }} {% endif %} controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }} {% endif %} +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} +controllerConfig: + serviceServingCert: + signer: + certFile: service-signer.crt + keyFile: service-signer.key +{% endif %} controllers: '*' corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} @@ -131,7 +138,21 @@ kubernetesMasterConfig: {% endif %} masterClients: {# TODO: allow user to set externalKubernetesKubeConfig #} +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} + externalKubernetesClientConnectionOverrides: + acceptContentTypes: application/vnd.kubernetes.protobuf,application/json + contentType: application/vnd.kubernetes.protobuf + burst: 400 + qps: 200 +{% endif %} externalKubernetesKubeConfig: "" +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} + openshiftLoopbackClientConnectionOverrides: + acceptContentTypes: application/vnd.kubernetes.protobuf,application/json + contentType: application/vnd.kubernetes.protobuf + burst: 600 + qps: 300 +{% endif %} openshiftLoopbackKubeConfig: openshift-master.kubeconfig masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: @@ -142,6 +163,7 @@ networkConfig: {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet serviceNetworkCIDR: {{ openshift.common.portal_net }} + externalIPNetworkCIDRs: {{ openshift_master_external_ip_network_cidrs | default(["0.0.0.0/0"]) | to_padded_yaml(1,2) }} oauthConfig: {% if 'oauth_always_show_provider_selection' in openshift.master %} alwaysShowProviderSelection: {{ openshift.master.oauth_always_show_provider_selection }} @@ -159,7 +181,7 @@ oauthConfig: {% if openshift.common.version_gte_3_2_or_1_2 | bool %} masterCA: ca-bundle.crt {% else %} - masterCA: ca.rt + masterCA: ca.crt {% endif %} masterPublicURL: {{ openshift.master.public_api_url }} masterURL: {{ openshift.master.api_url }} @@ -196,7 +218,7 @@ serviceAccountConfig: {% if openshift.common.version_gte_3_2_or_1_2 | bool %} masterCA: ca-bundle.crt {% else %} - masterCA: ca.rt + masterCA: ca.crt {% endif %} privateKeyFile: serviceaccounts.private.key publicKeyFiles: diff --git a/roles/openshift_master/templates/docker/master.docker.service.j2 b/roles/openshift_master/templates/master_docker/master.docker.service.j2 index 97f698b68..be7644710 100644 --- a/roles/openshift_master/templates/docker/master.docker.service.j2 +++ b/roles/openshift_master/templates/master_docker/master.docker.service.j2 @@ -8,7 +8,7 @@ Wants=etcd_container.service [Service] EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master -ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master Restart=always diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 41308bd81..43fb3cafa 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} -AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} -AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined %} +AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'api_env_vars' in openshift.master -%} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 37a5d75f2..6d26a69eb 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -4,9 +4,9 @@ CONFIG_FILE={{ openshift_master_config_file }} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} -{% if 'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws %} -AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }} -AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }} +{% if openshift_cloudprovider_kind | default('') == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_access_key is defined %} +AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }} +AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'controllers_env_vars' in openshift.master -%} diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 9ed082d9f..ffde59358 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -21,18 +21,22 @@ with_items: - "{{ openshift_master_certs }}" register: g_master_cert_stat_result + when: not openshift_certificates_redeploy | default(false) | bool - set_fact: - master_certs_missing: "{{ False in (g_master_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list) }}" + master_certs_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool + else (False in (g_master_cert_stat_result.results + | default({}) + | oo_collect(attribute='stat.exists') + | list)) }}" + - name: Ensure the generated_configs directory present file: path: "{{ openshift_master_generated_config_dir }}" state: directory mode: 0700 - when: master_certs_missing | bool + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host delegate_to: "{{ openshift_ca_host }}" - file: @@ -43,7 +47,7 @@ - ca.crt - ca.key - ca.serial.txt - when: master_certs_missing | bool + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host delegate_to: "{{ openshift_ca_host }}" - name: Create the master certificates if they do not already exist @@ -57,7 +61,7 @@ --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_master_generated_config_dir }} --overwrite=false - when: master_certs_missing | bool + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host delegate_to: "{{ openshift_ca_host }}" - file: @@ -67,7 +71,7 @@ force: true with_items: - "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}" - when: master_certs_missing | bool + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host delegate_to: "{{ openshift_ca_host }}" - name: Remove generated etcd client certs when using external etcd @@ -124,3 +128,65 @@ when: master_certs_missing | bool delegate_to: localhost become: no + +- name: Lookup default group for ansible_ssh_user + command: "/usr/bin/id -g {{ ansible_ssh_user }}" + changed_when: false + register: _ansible_ssh_user_gid + +- set_fact: + client_users: "{{ [ansible_ssh_user, 'root'] | unique }}" + +- name: Create the client config dir(s) + file: + path: "~{{ item }}/.kube" + state: directory + mode: 0700 + owner: "{{ item }}" + group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" + with_items: "{{ client_users }}" + +# TODO: Update this file if the contents of the source file are not present in +# the dest file, will need to make sure to ignore things that could be added +- name: Copy the admin client config(s) + copy: + src: "{{ openshift_master_config_dir }}/admin.kubeconfig" + dest: "~{{ item }}/.kube/config" + remote_src: yes + force: "{{ openshift_certificates_redeploy | default(false) }}" + with_items: "{{ client_users }}" + +- name: Update the permissions on the admin client config(s) + file: + path: "~{{ item }}/.kube/config" + state: file + mode: 0700 + owner: "{{ item }}" + group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout }}" + with_items: "{{ client_users }}" + +# Ensure ca-bundle exists for 3.2+ configuration +- name: Check for ca-bundle.crt + stat: + path: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + register: ca_bundle_stat + failed_when: false + +- name: Check for ca.crt + stat: + path: "{{ openshift.common.config_base }}/master/ca.crt" + register: ca_crt_stat + failed_when: false + +- name: Migrate ca.crt to ca-bundle.crt + command: mv ca.crt ca-bundle.crt + args: + chdir: "{{ openshift.common.config_base }}/master" + when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists + +- name: Link ca.crt to ca-bundle.crt + file: + src: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + path: "{{ openshift.common.config_base }}/master/ca.crt" + state: link + when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index 17c31ec05..e0c0fc644 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -17,7 +17,6 @@ console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" public_console_url: "{{ openshift_master_public_console_url | default(None) }}" logging_public_url: "{{ openshift_master_logging_public_url | default(None) }}" - metrics_public_url: "{{ openshift_master_metrics_public_url | default(None) }}" logout_url: "{{ openshift_master_logout_url | default(None) }}" extension_scripts: "{{ openshift_master_extension_scripts | default(None) }}" extension_stylesheets: "{{ openshift_master_extension_stylesheets | default(None) }}" @@ -80,3 +79,4 @@ api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}" controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}" audit_config: "{{ openshift_master_audit_config | default(None) }}" + metrics_public_url: "{% if openshift_hosted_metrics_deploy | default(false) %}https://{{ metrics_hostname }}/hawkular/metrics{% endif %}" diff --git a/roles/openshift_master_facts/vars/main.yml b/roles/openshift_master_facts/vars/main.yml index 086d8340c..406d50c24 100644 --- a/roles/openshift_master_facts/vars/main.yml +++ b/roles/openshift_master_facts/vars/main.yml @@ -17,4 +17,9 @@ builddefaults_yaml: - name: https_proxy value: "{{ openshift.master.builddefaults_https_proxy | default(omit, true) }}" - name: no_proxy - value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}"
\ No newline at end of file + value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}" + +metrics_hostname: "{{ openshift_hosted_metrics_public_url + | default('hawkular-metrics.' ~ (openshift.master.default_subdomain + | default(openshift_master_default_subdomain ))) + | oo_hostname_from_url }}" diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index 7f95a2a40..30a0a608d 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -16,6 +16,7 @@ From this role: | Name | Default value | | |-------------------------------------------------|-----------------------|-------------------------------------------------------------| | openshift_hosted_metrics_deploy | `False` | If metrics should be deployed | +| openshift_hosted_metrics_public_url | null | Hawkular metrics public url | | openshift_hosted_metrics_storage_nfs_directory | `/exports` | Root export directory. | | openshift_hosted_metrics_storage_volume_name | `metrics` | Metrics volume within openshift_hosted_metrics_volume_dir | | openshift_hosted_metrics_storage_volume_size | `10Gi` | Metrics volume size | diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml new file mode 100644 index 000000000..edb7369de --- /dev/null +++ b/roles/openshift_metrics/handlers/main.yml @@ -0,0 +1,31 @@ +--- +- name: restart master + service: name={{ openshift.common.service_type }}-master state=restarted + when: (openshift.master.ha is not defined or not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool)) + notify: Verify API Server + +- name: restart master api + service: name={{ openshift.common.service_type }}-master-api state=restarted + when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + notify: Verify API Server + +- name: restart master controllers + service: name={{ openshift.common.service_type }}-master-controllers state=restarted + when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' + +- name: Verify API Server + # Using curl here since the uri module requires python-httplib2 and + # wait_for port doesn't provide health information. + command: > + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} + {{ openshift.master.api_url }}/healthz/ready + register: api_available_output + until: api_available_output.stdout == 'ok' + retries: 120 + delay: 1 + changed_when: false diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_metrics/tasks/install.yml new file mode 100644 index 000000000..9c4eb22d7 --- /dev/null +++ b/roles/openshift_metrics/tasks/install.yml @@ -0,0 +1,114 @@ +--- + +- name: Test if metrics-deployer service account exists + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace=openshift-infra + get serviceaccount metrics-deployer -o json + register: serviceaccount + changed_when: false + failed_when: false + +- name: Create metrics-deployer Service Account + shell: > + echo {{ metrics_deployer_sa | to_json | quote }} | + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + create -f - + when: serviceaccount.rc == 1 + +- name: Test edit permissions + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}' + register: edit_rolebindings + changed_when: false + +- name: Add edit permission to the openshift-infra project to metrics-deployer SA + command: > + {{ openshift.common.admin_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-role-to-user edit + system:serviceaccount:openshift-infra:metrics-deployer + when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" + +- name: Test cluster-reader permissions + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}' + register: cluster_reader_clusterrolebindings + changed_when: false + +- name: Add cluster-reader permission to the openshift-infra project to heapster SA + command: > + {{ openshift.common.admin_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + policy add-cluster-role-to-user cluster-reader + system:serviceaccount:openshift-infra:heapster + when: "'system:serviceaccount:openshift-infra:heapster' not in cluster_reader_clusterrolebindings.stdout" + +- name: Create metrics-deployer secret + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + secrets new metrics-deployer nothing=/dev/null + register: metrics_deployer_secret + changed_when: metrics_deployer_secret.rc == 0 + failed_when: "metrics_deployer_secret.rc == 1 and 'already exists' not in metrics_deployer_secret.stderr" + +# TODO: extend this to allow user passed in certs or generating cert with +# OpenShift CA +- name: Build metrics deployer command + set_fact: + deployer_cmd: "{{ openshift.common.client_binary }} process -f \ + {{ metrics_template_dir }}/metrics-deployer.yaml -v \ + HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},DYNAMICALLY_PROVISION_STORAGE={{metrics_dynamic_vol | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}{{ image_prefix }}{{ image_version }},MODE={{ deployment_mode }} \ + | {{ openshift.common.client_binary }} --namespace openshift-infra \ + --config={{ openshift_metrics_kubeconfig }} \ + create -o name -f -" + +- name: Deploy Metrics + shell: "{{ deployer_cmd }}" + register: deploy_metrics + failed_when: "'already exists' not in deploy_metrics.stderr and deploy_metrics.rc != 0" + changed_when: deploy_metrics.rc == 0 + +- set_fact: + deployer_pod: "{{ deploy_metrics.stdout[1:2] }}" + +# TODO: re-enable this once the metrics deployer validation issue is fixed +# when using dynamically provisioned volumes +- name: "Wait for image pull and deployer pod" + shell: > + {{ openshift.common.client_binary }} + --namespace openshift-infra + --config={{ openshift_metrics_kubeconfig }} + get {{ deploy_metrics.stdout }} + register: deploy_result + until: "{{ 'Completed' in deploy_result.stdout }}" + failed_when: False + retries: 60 + delay: 10 + +- name: Configure master for metrics + modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: assetConfig.metricsPublicURL + yaml_value: "https://{{ metrics_hostname }}/hawkular/metrics" + notify: restart master + +- name: Store metrics public_url + openshift_facts: + role: master + local_facts: + metrics_public_url: "https://{{ metrics_hostname }}/hawkular/metrics" + when: deploy_result | changed diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 43b85204a..88432a9f8 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -1,64 +1,87 @@ --- -- name: Copy Configuration to temporary conf - command: > - cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{hawkular_tmp_conf}} - changed_when: false +- fail: + msg: This role required openshift_master_default_subdomain or openshift_hosted_metrics_public_url be set + when: openshift.master.metrics_public_url | default(openshift_hosted_metrics_public_url | default(openshift.master.default_subdomain | default(openshift_master_default_subdomain | default(none)))) is none -- name: Create metrics-deployer Service Account - shell: > - echo {{ deployer_service_account | to_json | quote }} | - {{ openshift.common.client_binary }} create - -n openshift-infra - --config={{hawkular_tmp_conf}} - -f - - register: deployer_create_service_account - failed_when: "'already exists' not in deployer_create_service_account.stderr and deployer_create_service_account.rc != 0" - changed_when: deployer_create_service_account.rc == 0 +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False -- name: Create metrics-deployer Secret - command: > - {{ openshift.common.client_binary }} - secrets new metrics-deployer - nothing=/dev/null - --config={{hawkular_tmp_conf}} - -n openshift-infra - register: deployer_create_secret - failed_when: "'already exists' not in deployer_create_secret.stderr and deployer_create_secret.rc !=0" - changed_when: deployer_create_secret.rc == 0 +- name: Record kubeconfig tmp dir + set_fact: + openshift_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" -- name: Configure role/user permissions +- name: Copy the admin client config(s) command: > - {{ openshift.common.admin_binary }} {{item}} - --config={{hawkular_tmp_conf}} - with_items: "{{hawkular_permission_oc_commands}}" - register: hawkular_perm_task - failed_when: "'already exists' not in hawkular_perm_task.stderr and hawkular_perm_task.rc != 0" - changed_when: hawkular_perm_task.rc == 0 + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_metrics_kubeconfig }} + changed_when: False + +- name: Set hosted metrics facts + openshift_facts: + role: hosted + openshift_env: "{{ hostvars + | oo_merge_hostvars(vars, inventory_hostname) + | oo_openshift_env }}" + openshift_env_structures: + - 'openshift.hosted.metrics.*' + +- set_fact: + # Prefer the master facts over bare variables if present, prefer + # metrics_public_url over creating a default using default_subdomain + metrics_hostname: "{{ openshift.hosted.metrics.public_url + | default('hawkular-metrics.' ~ (openshift.master.default_subdomain + | default(openshift_master_default_subdomain ))) + | oo_hostname_from_url }}" + metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" + metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}" + metrics_template_dir: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" + cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}" + cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}" + image_prefix: "{{ ',IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer_prefix if 'deployer_prefix' in openshift.hosted.metrics else '' }}" + image_version: "{{ ',IMAGE_VERSION=' ~ openshift.hosted.metrics.deployer_version if 'deployer_version' in openshift.hosted.metrics else '' }}" -- name: Check openshift_master_default_subdomain - fail: - msg: "Default subdomain should be defined" - when: openshift.master.default_subdomain is not defined -- name: Create Heapster and Hawkular/Cassandra Services +- name: Check for existing metrics pods shell: > - {{ openshift.common.client_binary }} process -f \ - /usr/share/openshift/examples/infrastructure-templates/{{ hawkular_type }}/metrics-deployer.yaml -v \ - HAWKULAR_METRICS_HOSTNAME=hawkular-metrics.{{ openshift.master.default_subdomain }},USE_PERSISTENT_STORAGE={{ hawkular_persistence }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} \ - | {{ openshift.common.client_binary }} create -n openshift-infra --config={{hawkular_tmp_conf}} -f - - register: oex_heapster_services - failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get pods -l {{ item }} | grep -q Running + register: metrics_pods_status + with_items: + - metrics-infra=hawkular-metrics + - metrics-infra=heapster + - metrics-infra=hawkular-cassandra + failed_when: false changed_when: false -- name: Clean temporary config file - command: > - rm -rf {{hawkular_tmp_conf}} +- name: Check for previous deployer + shell: > + {{ openshift.common.client_binary }} + --config={{ openshift_metrics_kubeconfig }} + --namespace openshift-infra + get pods -l metrics-infra=deployer --sort-by='{.metadata.creationTimestamp}' | tail -1 | grep metrics-deployer- + register: metrics_deployer_status + failed_when: false changed_when: false -- name: "Wait for image pull and deployer pod" - shell: "{{ openshift.common.client_binary }} get pods -n openshift-infra | grep metrics-deployer.*Completed" - register: result - until: result.rc == 0 - retries: 60 - delay: 10 +- name: Record current deployment status + set_fact: + greenfield: "{{ not metrics_deployer_status.rc == 0 }}" + failed_error: "{{ True if 'Error' in metrics_deployer_status.stdout else False }}" + metrics_running: "{{ metrics_pods_status.results | oo_collect(attribute='rc') == [0,0,0] }}" + +- name: Set deployment mode + set_fact: + deployment_mode: "{{ 'refresh' if (failed_error | bool or metrics_upgrade | bool) else 'deploy' }}" + +# TODO: handle non greenfield deployments in the future +- include: install.yml + when: greenfield +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_metrics/vars/main.yaml b/roles/openshift_metrics/vars/main.yaml index 82d9d29f7..0331bcb89 100644 --- a/roles/openshift_metrics/vars/main.yaml +++ b/roles/openshift_metrics/vars/main.yaml @@ -2,13 +2,13 @@ hawkular_permission_oc_commands: - policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer -n openshift-infra - policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:heapster -deployer_service_account: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: metrics-deployer - secrets: - - name: metrics-deployer +metrics_deployer_sa: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: metrics-deployer + secrets: + - name: metrics-deployer hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig @@ -17,3 +17,4 @@ hawkular_persistence: "{% if openshift.hosted.metrics.storage.kind != None %}tru hawkular_type: "{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" +metrics_upgrade: openshift.hosted.metrics.upgrade | default(False) diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index df3f6ee65..34071964a 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,9 +1,14 @@ --- - name: restart openvswitch service: name=openvswitch state=restarted - when: not (ovs_service_status_changed | default(false) | bool) + when: not (ovs_service_status_changed | default(false) | bool) and openshift.common.use_openshift_sdn | bool + notify: + - restart openvswitch pause + +- name: restart openvswitch pause + pause: seconds=15 + when: openshift.common.is_containerized | bool - name: restart node service: name={{ openshift.common.service_type }}-node state=restarted when: not (node_service_status_changed | default(false) | bool) - diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 889541e25..995169dd6 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -34,6 +34,10 @@ action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: not openshift.common.is_containerized | bool +- name: Set atomic-guest tuned profile + command: "tuned-adm profile atomic-guest" + when: openshift.common.is_atomic | bool + - name: Install sdn-ovs package action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool @@ -55,11 +59,11 @@ - name: Install the systemd units include: systemd_units.yml -- name: Reload systemd units - command: systemctl daemon-reload - when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed) - notify: - - restart node +# The atomic-openshift-node service will set this parameter on +# startup, but if the network service is restarted this setting is +# lost. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1372388 +- name: Persist net.ipv4.ip_forward sysctl entry + sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes - name: Start and enable openvswitch docker service service: name=openvswitch.service enabled=yes state=started @@ -89,10 +93,10 @@ create: true with_items: - regex: '^AWS_ACCESS_KEY_ID=' - line: "AWS_ACCESS_KEY_ID={{ openshift.cloudprovider.aws.access_key }}" + line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }}" - regex: '^AWS_SECRET_ACCESS_KEY=' - line: "AWS_SECRET_ACCESS_KEY={{ openshift.cloudprovider.aws.secret_key }}" - when: "'cloudprovider' in openshift and 'aws' in openshift.cloudprovider and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind == 'aws' and 'access_key' in openshift.cloudprovider.aws and 'secret_key' in openshift.cloudprovider.aws" + line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }}" + when: "openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined" notify: - restart node @@ -106,8 +110,20 @@ notify: - restart node -- name: Additional storage plugin configuration - include: storage_plugins/main.yml +- name: NFS storage plugin configuration + include: storage_plugins/nfs.yml + +- name: GlusterFS storage plugin configuration + include: storage_plugins/glusterfs.yml + when: "'glusterfs' in openshift.node.storage_plugin_deps" + +- name: Ceph storage plugin configuration + include: storage_plugins/ceph.yml + when: "'ceph' in openshift.node.storage_plugin_deps" + +- name: iSCSI storage plugin configuration + include: storage_plugins/iscsi.yml + when: "'iscsi' in openshift.node.storage_plugin_deps" # Necessary because when you're on a node that's also a master the master will be # restarted after the node restarts docker and it will take up to 60 seconds for diff --git a/roles/openshift_node/tasks/storage_plugins/main.yml b/roles/openshift_node/tasks/storage_plugins/main.yml deleted file mode 100644 index fe638718d..000000000 --- a/roles/openshift_node/tasks/storage_plugins/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# The NFS storage plugin is always enabled since it doesn't require any -# additional package dependencies -- name: NFS storage plugin configuration - include: nfs.yml - -- name: GlusterFS storage plugin configuration - include: glusterfs.yml - when: "'glusterfs' in openshift.node.storage_plugin_deps" - -- name: Ceph storage plugin configuration - include: ceph.yml - when: "'ceph' in openshift.node.storage_plugin_deps" - -- name: iSCSI storage plugin configuration - include: iscsi.yml - when: "'iscsi' in openshift.node.storage_plugin_deps" diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index e384c1bd7..22b539d16 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -17,16 +17,16 @@ persistent: yes when: ansible_selinux and ansible_selinux.status == "enabled" and virt_use_nfs_output.rc == 0 -- name: Check for existence of virt_sandbox_use_nfs seboolean +- name: Check for existence of virt_sandbox_use_nfs seboolean (RHEL) command: getsebool virt_sandbox_use_nfs register: virt_sandbox_use_nfs_output - when: ansible_selinux and ansible_selinux.status == "enabled" + when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled" failed_when: false changed_when: false -- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) +- name: Set seboolean to allow nfs storage plugin access from containers(sandbox) (RHEL) seboolean: name: virt_sandbox_use_nfs state: yes persistent: yes - when: ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0 + when: ansible_distribution != "Fedora" and ansible_selinux and ansible_selinux.status == "enabled" and virt_sandbox_use_nfs_output.rc == 0 diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 39e5386d4..98ef1ffd4 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -47,3 +47,26 @@ line: "IMAGE_VERSION={{ openshift_image_tag }}" notify: - restart node + +- name: Configure Proxy Settings + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + create: true + with_items: + - regex: '^HTTP_PROXY=' + line: "HTTP_PROXY={{ openshift.common.http_proxy }}" + - regex: '^HTTPS_PROXY=' + line: "HTTPS_PROXY={{ openshift.common.https_proxy }}" + - regex: '^NO_PROXY=' + line: "NO_PROXY={{ openshift.common.no_proxy | join(',') }},{{ openshift.common.portal_net }},{{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }}" + when: "{{ openshift.common.http_proxy is defined and openshift.common.http_proxy != '' }}" + notify: + - restart node + +- name: Reload systemd units + command: systemctl daemon-reload + when: openshift.common.is_containerized | bool and (install_node_result | changed or install_ovs_sysconfig | changed or install_node_dep_result | changed) + notify: + - restart node diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 701dffa69..68d153052 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -12,15 +12,22 @@ imageConfig: latest: false kind: NodeConfig kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }} +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} +masterClientConnectionOverrides: + acceptContentTypes: application/vnd.kubernetes.protobuf,application/json + contentType: application/vnd.kubernetes.protobuf + burst: 200 + qps: 100 +{% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig -{% if openshift.common.use_openshift_sdn | bool and not openshift.common.version_gte_3_3_or_1_3 | bool %} +{% if openshift.common.use_openshift_sdn | bool %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} # networkConfig struct introduced in origin 1.0.6 and OSE 3.0.2 which # deprecates networkPluginName above. The two should match. networkConfig: mtu: {{ openshift.node.sdn_mtu }} -{% if ( openshift.common.use_openshift_sdn | bool or openshift.common.use_nuage | bool ) and not openshift.common.version_gte_3_3_or_1_3 | bool%} +{% if openshift.common.use_openshift_sdn | bool or openshift.common.use_nuage | bool %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} {% if openshift.node.set_node_ip | bool %} diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index f5b6f501d..3b5865a50 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -15,7 +15,7 @@ After={{ openshift.common.service_type }}-node-dep.service EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if 'cloudprovider' in openshift and 'kind' in openshift.cloudprovider and openshift.cloudprovider.kind != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:ro -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION} +ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node -v /:/rootfs:ro -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e HOST=/rootfs -e HOST_ETC=/host-etc -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro -v /run:/run -v /sys:/sys:rw -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch -v /etc/origin/sdn:/etc/openshift-sdn -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS {{ openshift.node.node_image }}:${IMAGE_VERSION} ExecStartPost=/usr/bin/sleep 10 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node SyslogIdentifier={{ openshift.common.service_type }}-node diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 8768fb0c2..fef7caab8 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -25,11 +25,14 @@ - server.key - server.crt register: g_node_cert_stat_result + when: not openshift_certificates_redeploy | default(false) | bool - set_fact: - node_certs_missing: "{{ False in (g_node_cert_stat_result.results - | oo_collect(attribute='stat.exists') - | list) }}" + node_certs_missing: "{{ true if openshift_certificates_redeploy | default(false) | bool + else (False in (g_node_cert_stat_result.results + | default({}) + | oo_collect(attribute='stat.exists') + | list)) }}" - name: Create openshift_generated_configs_dir if it does not exist file: diff --git a/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo b/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo deleted file mode 100644 index bc0435d82..000000000 --- a/roles/openshift_repos/files/fedora-origin/repos/maxamillion-fedora-openshift-fedora.repo +++ /dev/null @@ -1,8 +0,0 @@ -[maxamillion-fedora-openshift] -name=Copr repo for fedora-openshift owned by maxamillion -baseurl=https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/fedora-$releasever-$basearch/ -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/maxamillion/fedora-openshift/pubkey.gpg -enabled=1 -enabled_metadata=1
\ No newline at end of file diff --git a/roles/openshift_repos/files/online/repos/enterprise-v3.repo b/roles/openshift_repos/files/online/repos/enterprise-v3.repo deleted file mode 100644 index 92bd35834..000000000 --- a/roles/openshift_repos/files/online/repos/enterprise-v3.repo +++ /dev/null @@ -1,10 +0,0 @@ -[enterprise-v3] -name=OpenShift Enterprise -baseurl=https://mirror.ops.rhcloud.com/libra/rhui-rhel-server-7-ose/ - https://gce-mirror1.ops.rhcloud.com/libra/rhui-rhel-server-7-ose/ -enabled=1 -gpgcheck=0 -failovermethod=priority -sslverify=False -sslclientcert=/var/lib/yum/client-cert.pem -sslclientkey=/var/lib/yum/client-key.pem diff --git a/roles/openshift_repos/files/online/repos/rhel-7-libra-candidate.repo b/roles/openshift_repos/files/online/repos/rhel-7-libra-candidate.repo deleted file mode 100644 index b4215679f..000000000 --- a/roles/openshift_repos/files/online/repos/rhel-7-libra-candidate.repo +++ /dev/null @@ -1,11 +0,0 @@ -[rhel-7-libra-candidate] -name=rhel-7-libra-candidate - \$basearch -baseurl=https://gce-mirror1.ops.rhcloud.com/libra/rhel-7-libra-candidate/\$basearch/ - https://mirror.ops.rhcloud.com/libra/rhel-7-libra-candidate/\$basearch/ -gpgkey=https://mirror.ops.rhcloud.com/libra/RPM-GPG-KEY-redhat-openshifthosted -skip_if_unavailable=True -gpgcheck=0 -enabled=1 -sslclientcert=/var/lib/yum/client-cert.pem -sslclientkey=/var/lib/yum/client-key.pem -sslverify=False diff --git a/roles/openshift_repos/files/removed/repos/epel7-openshift.repo b/roles/openshift_repos/files/removed/repos/epel7-openshift.repo deleted file mode 100644 index e69de29bb..000000000 --- a/roles/openshift_repos/files/removed/repos/epel7-openshift.repo +++ /dev/null diff --git a/roles/openshift_repos/files/removed/repos/maxamillion-origin-next-epel-7.repo b/roles/openshift_repos/files/removed/repos/maxamillion-origin-next-epel-7.repo deleted file mode 100644 index 0b21e0a65..000000000 --- a/roles/openshift_repos/files/removed/repos/maxamillion-origin-next-epel-7.repo +++ /dev/null @@ -1,7 +0,0 @@ -[maxamillion-origin-next] -name=Copr repo for origin-next owned by maxamillion -baseurl=https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/ -skip_if_unavailable=True -gpgcheck=1 -gpgkey=https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg -enabled=1 diff --git a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-extras.repo b/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-extras.repo deleted file mode 100644 index e69de29bb..000000000 --- a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-extras.repo +++ /dev/null diff --git a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-server.repo b/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-server.repo deleted file mode 100644 index e69de29bb..000000000 --- a/roles/openshift_repos/files/removed/repos/oso-rhui-rhel-7-server.repo +++ /dev/null diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index d8e43438a..9be168611 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -29,52 +29,20 @@ when: openshift_additional_repos | length == 0 and not openshift.common.is_containerized | bool notify: refresh cache -- name: Remove any yum repo files for other deployment types RHEL/CentOS - file: - path: "/etc/yum.repos.d/{{ item | basename }}" - state: absent - with_fileglob: - - '*/repos/*' - when: not openshift.common.is_containerized | bool - and not (item | search("/files/" ~ openshift_deployment_type ~ "/repos")) - and (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") - notify: refresh cache - -- name: Remove any yum repo files for other deployment types Fedora - file: - path: "/etc/yum.repos.d/{{ item | basename }}" - state: absent - with_fileglob: - - '*/repos/*' - when: not openshift.common.is_containerized | bool - and not (item | search("/files/fedora-" ~ openshift_deployment_type ~ "/repos")) - and (ansible_distribution == "Fedora") - notify: refresh cache - -- name: Configure gpg keys if needed +- name: Configure origin gpg keys if needed copy: - src: "{{ item }}" + src: origin/gpg_keys/openshift-ansible-CentOS-SIG-PaaS dest: /etc/pki/rpm-gpg/ - with_fileglob: - - "{{ openshift_deployment_type }}/gpg_keys/*" - notify: refresh cache - when: not openshift.common.is_containerized | bool - -- name: Configure yum repositories RHEL/CentOS - copy: - src: "{{ item }}" - dest: /etc/yum.repos.d/ - with_fileglob: - - "{{ openshift_deployment_type }}/repos/*" notify: refresh cache - when: (ansible_os_family == "RedHat" and ansible_distribution != "Fedora") + when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora" + and openshift_deployment_type == 'origin' and not openshift.common.is_containerized | bool -- name: Configure yum repositories Fedora +- name: Configure origin yum repositories RHEL/CentOS copy: - src: "{{ item }}" + src: origin/repos/openshift-ansible-centos-paas-sig.repo dest: /etc/yum.repos.d/ - with_fileglob: - - "fedora-{{ openshift_deployment_type }}/repos/*" notify: refresh cache - when: (ansible_distribution == "Fedora") and not openshift.common.is_containerized | bool + when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora" + and openshift_deployment_type == 'origin' + and not openshift.common.is_containerized | bool diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml index 1efab9466..8715fc64e 100644 --- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml +++ b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml @@ -15,7 +15,7 @@ template: src: serviceaccount.j2 dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml" - with_items: openshift_serviceaccounts_names + with_items: '{{ openshift_serviceaccounts_names }}' - name: Get current security context constraints shell: > @@ -30,8 +30,8 @@ insertafter: "^users:$" when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" with_nested: - - openshift_serviceaccounts_names - - scc_test.results + - '{{ openshift_serviceaccounts_names }}' + - '{{ scc_test.results }}' - name: Apply new scc rules for service accounts command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index fe7f83cbb..08d0b8540 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -20,21 +20,37 @@ - name: Ensure export directories exist file: - path: "{{ openshift.hosted.registry.storage.nfs.directory }}/{{ item }}" + path: "{{ item.storage.nfs.directory }}/{{ item.storage.volume.name }}" state: directory mode: 0777 owner: nfsnobody group: nfsnobody with_items: - - "{{ openshift.hosted.registry.storage.volume.name }}" + - "{{ openshift.hosted.registry }}" + - "{{ openshift.hosted.metrics }}" - name: Configure exports template: - dest: /etc/exports + dest: /etc/exports.d/openshift-ansible.exports src: exports.j2 notify: - restart nfs-server +# Now that we're putting our exports in our own file clean up the old ones +- name: register exports + command: cat /etc/exports.d/openshift-ansible.exports + register: exports_out + +- name: remove exports from /etc/exports + lineinfile: + dest: /etc/exports + line: "{{ item }}" + state: absent + with_items: "{{ exports_out.stdout_lines | default([]) }}" + when: exports_out.rc == 0 + notify: + - restart nfs-server + - name: Enable and start services service: name: "{{ item }}" diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2 index c1e1994b0..d6d936b72 100644 --- a/roles/openshift_storage_nfs/templates/exports.j2 +++ b/roles/openshift_storage_nfs/templates/exports.j2 @@ -1 +1,2 @@ {{ openshift.hosted.registry.storage.nfs.directory }}/{{ openshift.hosted.registry.storage.volume.name }} {{ openshift.hosted.registry.storage.nfs.options }} +{{ openshift.hosted.metrics.storage.nfs.directory }}/{{ openshift.hosted.metrics.storage.volume.name }} {{ openshift.hosted.metrics.storage.nfs.options }} diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index 6e5d2b22c..a3a99d248 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -73,6 +73,10 @@ msg: openshift_version role was unable to set openshift_pkg_version when: openshift_pkg_version is not defined +- fail: + msg: "No OpenShift version available, please ensure your systems are fully registered and have access to appropriate yum repositories." + when: not is_containerized | bool and openshift_version == '0.0' + # We can't map an openshift_release to full rpm version like we can with containers, make sure # the rpm version we looked up matches the release requested and error out if not. - fail: diff --git a/test/modify_yaml_tests.py b/test/modify_yaml_tests.py new file mode 100644 index 000000000..24cce4855 --- /dev/null +++ b/test/modify_yaml_tests.py @@ -0,0 +1,37 @@ +""" Tests for the modify_yaml Ansible module. """ +# pylint: disable=missing-docstring,invalid-name + +import os +import sys +import unittest + +sys.path = [os.path.abspath(os.path.dirname(__file__) + "/../library/")] + sys.path + +# pylint: disable=import-error +from modify_yaml import set_key + +class ModifyYamlTests(unittest.TestCase): + + def test_simple_nested_value(self): + cfg = {"section": {"a": 1, "b": 2}} + changes = set_key(cfg, 'section.c', 3) + self.assertEquals(1, len(changes)) + self.assertEquals(3, cfg['section']['c']) + + # Tests a previous bug where property would land in section above where it should, + # if the destination section did not yet exist: + def test_nested_property_in_new_section(self): + cfg = { + "masterClients": { + "externalKubernetesKubeConfig": "", + "openshiftLoopbackKubeConfig": "openshift-master.kubeconfig", + }, + } + + yaml_key = 'masterClients.externalKubernetesClientConnectionOverrides.acceptContentTypes' + yaml_value = 'application/vnd.kubernetes.protobuf,application/json' + set_key(cfg, yaml_key, yaml_value) + self.assertEquals(yaml_value, cfg['masterClients'] + ['externalKubernetesClientConnectionOverrides'] + ['acceptContentTypes']) + diff --git a/utils/.gitignore b/utils/.gitignore index 68759c0ba..facfeee54 100644 --- a/utils/.gitignore +++ b/utils/.gitignore @@ -43,3 +43,6 @@ coverage.xml # Sphinx documentation docs/_build/ +oo-install +oo-installenv +cover diff --git a/utils/Makefile b/utils/Makefile new file mode 100644 index 000000000..79c27626a --- /dev/null +++ b/utils/Makefile @@ -0,0 +1,83 @@ +######################################################## + +# Makefile for OpenShift: Atomic Quick Installer +# +# useful targets (not all implemented yet!): +# make clean -- Clean up garbage +# make ci ------------------- Execute CI steps (for travis or jenkins) + +######################################################## + +# > VARIABLE = value +# +# Normal setting of a variable - values within it are recursively +# expanded when the variable is USED, not when it's declared. +# +# > VARIABLE := value +# +# Setting of a variable with simple expansion of the values inside - +# values within it are expanded at DECLARATION time. + +######################################################## + + +NAME := oo-install +TESTPACKAGE := oo-install +SHORTNAME := ooinstall + +sdist: clean + python setup.py sdist + rm -fR $(SHORTNAME).egg-info + +clean: + @find . -type f -regex ".*\.py[co]$$" -delete + @find . -type f \( -name "*~" -or -name "#*" \) -delete + @rm -fR build dist rpm-build MANIFEST htmlcov .coverage cover ooinstall.egg-info oo-install + @rm -fR $(NAME)env + +viewcover: + xdg-open cover/index.html + +virtualenv: + @echo "#############################################" + @echo "# Creating a virtualenv" + @echo "#############################################" + virtualenv $(NAME)env + . $(NAME)env/bin/activate && pip install setuptools==17.1.1 + . $(NAME)env/bin/activate && pip install -r test-requirements.txt +# If there are any special things to install do it here +# . $(NAME)env/bin/activate && INSTALL STUFF + +ci-unittests: + @echo "#############################################" + @echo "# Running Unit Tests in virtualenv" + @echo "#############################################" + . $(NAME)env/bin/activate && nosetests -v --with-coverage --cover-html --cover-min-percentage=70 --cover-package=$(SHORTNAME) test/ + @echo "VIEW CODE COVERAGE REPORT WITH 'xdg-open cover/index.html' or run 'make viewcover'" + +ci-pylint: + @echo "#############################################" + @echo "# Running PyLint Tests in virtualenv" + @echo "#############################################" + . $(NAME)env/bin/activate && python -m pylint --rcfile ../git/.pylintrc src/ooinstall/cli_installer.py src/ooinstall/oo_config.py src/ooinstall/openshift_ansible.py src/ooinstall/variants.py + +ci-list-deps: + @echo "#############################################" + @echo "# Listing all pip deps" + @echo "#############################################" + . $(NAME)env/bin/activate && pip freeze + +ci-pyflakes: + @echo "#################################################" + @echo "# Running Pyflakes Compliance Tests in virtualenv" + @echo "#################################################" + . $(NAME)env/bin/activate && pyflakes src/ooinstall/*.py + +ci-pep8: + @echo "#############################################" + @echo "# Running PEP8 Compliance Tests in virtualenv" + @echo "#############################################" + . $(NAME)env/bin/activate && pep8 --ignore=E501,E121,E124 src/$(SHORTNAME)/ + +ci: clean virtualenv ci-list-deps ci-pep8 ci-pylint ci-pyflakes ci-unittests + : diff --git a/utils/README.md b/utils/README.md new file mode 100644 index 000000000..2abf2705e --- /dev/null +++ b/utils/README.md @@ -0,0 +1,41 @@ +# Running Tests (NEW) + +Run the command: + + make ci + +to run an array of unittests locally. + +You will get errors if the log files already exist and can not be +written to by the current user (`/tmp/ansible.log` and +`/tmp/installer.txt`). *We're working on it.* + +# Running From Source + +You will need to setup a **virtualenv** to run from source: + + $ virtualenv oo-install + $ source ./oo-install/bin/activate + $ virtualenv --relocatable ./oo-install/ + $ python setup.py install + +The virtualenv `bin` directory should now be at the start of your +`$PATH`, and `oo-install` is ready to use from your shell. + +You can exit the virtualenv with: + + $ deactivate + +# Testing (OLD) + +*This section is deprecated, but still works* + +First, run the **virtualenv setup steps** described above. + +Install some testing libraries: (we cannot do this via setuptools due to the version virtualenv bundles) + +$ pip install mock nose + +Then run the tests with: + +$ oo-install/bin/nosetests diff --git a/utils/README.txt b/utils/README.txt deleted file mode 100644 index 6a6a1d24d..000000000 --- a/utils/README.txt +++ /dev/null @@ -1,24 +0,0 @@ -## Running From Source - -You will need to setup a virtualenv to run from source and execute the unit tests. - -$ virtualenv oo-install -$ source ./oo-install/bin/activate -$ virtualenv --relocatable ./oo-install/ -$ python setup.py install - -The virtualenv bin directory should now be at the start of your $PATH, and oo-install is ready to use from your shell. - -You can exit the virtualenv with: - -$ deactivate - -## Testing - -Install some testing libraries: (we cannot do this via setuptools due to the version virtualenv bundles) - -$ pip install mock nose - -Then run the tests with: - -$ oo-install/bin/nosetests diff --git a/utils/docs/config.md b/utils/docs/config.md index 2729f8d37..3677ffe2e 100644 --- a/utils/docs/config.md +++ b/utils/docs/config.md @@ -7,31 +7,38 @@ The default location this config file will be written to ~/.config/openshift/ins ## Example ``` -version: v1 +version: v2 variant: openshift-enterprise -variant_version: 3.0 -ansible_ssh_user: root -hosts: -- ip: 10.0.0.1 - hostname: master-private.example.com - public_ip: 24.222.0.1 - public_hostname: master.example.com - master: true - node: true - containerized: true - connect_to: 24.222.0.1 -- ip: 10.0.0.2 - hostname: node1-private.example.com - public_ip: 24.222.0.2 - public_hostname: node1.example.com - node: true - connect_to: 10.0.0.2 -- ip: 10.0.0.3 - hostname: node2-private.example.com - public_ip: 24.222.0.3 - public_hostname: node2.example.com - node: true - connect_to: 10.0.0.3 +variant_version: 3.3 +deployment: + ansible_ssh_user: root + hosts: + - connect_to: 24.222.0.1 + ip: 10.0.0.1 + hostname: master-private.example.com + public_ip: 24.222.0.1 + public_hostname: master.example.com + roles: + - master + - node + containerized: true + - connect_to: 10.0.0.2 + ip: 10.0.0.2 + hostname: node1-private.example.com + public_ip: 24.222.0.2 + public_hostname: node1.example.com + roles: + - node + - connect_to: 10.0.0.3 + ip: 10.0.0.3 + hostname: node2-private.example.com + public_ip: 24.222.0.3 + public_hostname: node2.example.com + roles: + - node + roles: + master: + node: ``` ## Primary Settings @@ -76,5 +83,3 @@ Defines the user ansible will use to ssh to remote systems for gathering facts a ### ansible_log_path Default: /tmp/ansible.log - - diff --git a/utils/etc/ansible.cfg b/utils/etc/ansible.cfg index b7376ddfc..a53ab6cb1 100644 --- a/utils/etc/ansible.cfg +++ b/utils/etc/ansible.cfg @@ -16,6 +16,9 @@ log_path = /tmp/ansible.log forks = 10 host_key_checking = False nocows = 1 + +retry_files_enabled = False + # Need to handle: # inventory - derive from OO_ANSIBLE_DIRECTORY env var # callback_plugins - derive from pkg_resource.resource_filename diff --git a/utils/src/ooinstall/__init__.py b/utils/src/ooinstall/__init__.py index 944dea3b5..96e495e19 100644 --- a/utils/src/ooinstall/__init__.py +++ b/utils/src/ooinstall/__init__.py @@ -1,5 +1 @@ -# TODO: Temporarily disabled due to importing old code into openshift-ansible -# repo. We will work on these over time. # pylint: disable=missing-docstring - -from .oo_config import OOConfig diff --git a/utils/src/ooinstall/ansible_plugins/facts_callback.py b/utils/src/ooinstall/ansible_plugins/facts_callback.py index ea6ed6574..e51890a22 100644 --- a/utils/src/ooinstall/ansible_plugins/facts_callback.py +++ b/utils/src/ooinstall/ansible_plugins/facts_callback.py @@ -4,8 +4,11 @@ import os import yaml +from ansible.plugins.callback import CallbackBase -class CallbackModule(object): + +# pylint: disable=super-init-not-called +class CallbackModule(CallbackBase): def __init__(self): ###################### @@ -17,72 +20,75 @@ class CallbackModule(object): self.hosts_yaml_name = os.environ['OO_INSTALL_CALLBACK_FACTS_YAML'] except KeyError: raise ValueError('The OO_INSTALL_CALLBACK_FACTS_YAML environment ' - 'variable must be set.') + 'variable must be set.') self.hosts_yaml = os.open(self.hosts_yaml_name, os.O_CREAT | - os.O_WRONLY) + os.O_WRONLY) - def on_any(self, *args, **kwargs): + def v2_on_any(self, *args, **kwargs): pass - def runner_on_failed(self, host, res, ignore_errors=False): + def v2_runner_on_failed(self, res, ignore_errors=False): pass - def runner_on_ok(self, host, res): - if res['invocation']['module_args'] == 'var=result': - facts = res['var']['result']['ansible_facts']['openshift'] + # pylint: disable=protected-access + def v2_runner_on_ok(self, res): + abridged_result = res._result.copy() + # Collect facts result from playbooks/byo/openshift_facts.yml + if 'result' in abridged_result: + facts = abridged_result['result']['ansible_facts']['openshift'] hosts_yaml = {} - hosts_yaml[host] = facts + hosts_yaml[res._host.get_name()] = facts os.write(self.hosts_yaml, yaml.safe_dump(hosts_yaml)) - def runner_on_skipped(self, host, item=None): + def v2_runner_on_skipped(self, res): pass - def runner_on_unreachable(self, host, res): + def v2_runner_on_unreachable(self, res): pass - def runner_on_no_hosts(self): + def v2_runner_on_no_hosts(self, task): pass - def runner_on_async_poll(self, host, res): + def v2_runner_on_async_poll(self, res): pass - def runner_on_async_ok(self, host, res): + def v2_runner_on_async_ok(self, res): pass - def runner_on_async_failed(self, host, res): + def v2_runner_on_async_failed(self, res): pass - def playbook_on_start(self): + def v2_playbook_on_start(self, playbook): pass - def playbook_on_notify(self, host, handler): + def v2_playbook_on_notify(self, res, handler): pass - def playbook_on_no_hosts_matched(self): + def v2_playbook_on_no_hosts_matched(self): pass - def playbook_on_no_hosts_remaining(self): + def v2_playbook_on_no_hosts_remaining(self): pass - def playbook_on_task_start(self, name, is_conditional): + def v2_playbook_on_task_start(self, name, is_conditional): pass - #pylint: disable=too-many-arguments - def playbook_on_vars_prompt(self, varname, private=True, prompt=None, - encrypt=None, confirm=False, salt_size=None, salt=None, default=None): + # pylint: disable=too-many-arguments + def v2_playbook_on_vars_prompt(self, varname, private=True, prompt=None, + encrypt=None, confirm=False, salt_size=None, salt=None, default=None): pass - def playbook_on_setup(self): + def v2_playbook_on_setup(self): pass - def playbook_on_import_for_host(self, host, imported_file): + def v2_playbook_on_import_for_host(self, res, imported_file): pass - def playbook_on_not_import_for_host(self, host, missing_file): + def v2_playbook_on_not_import_for_host(self, res, missing_file): pass - def playbook_on_play_start(self, name): + def v2_playbook_on_play_start(self, play): pass - def playbook_on_stats(self, stats): + def v2_playbook_on_stats(self, stats): pass diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index 51c4c2def..85b4d29cb 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -5,24 +5,58 @@ import os import re import sys -from distutils.version import LooseVersion +import logging import click +from pkg_resources import parse_version from ooinstall import openshift_ansible -from ooinstall import OOConfig +from ooinstall.oo_config import OOConfig from ooinstall.oo_config import OOConfigInvalidHostError from ooinstall.oo_config import Host, Role from ooinstall.variants import find_variant, get_variant_version_combos +installer_log = logging.getLogger('installer') +installer_log.setLevel(logging.CRITICAL) +installer_file_handler = logging.FileHandler('/tmp/installer.txt') +installer_file_handler.setFormatter( + logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')) +# Example output: +# 2016-08-23 07:34:58,480 - installer - DEBUG - Going to 'load_system_facts' +installer_file_handler.setLevel(logging.DEBUG) +installer_log.addHandler(installer_file_handler) + DEFAULT_ANSIBLE_CONFIG = '/usr/share/atomic-openshift-utils/ansible.cfg' DEFAULT_PLAYBOOK_DIR = '/usr/share/ansible/openshift-ansible/' +UPGRADE_MAPPINGS = { + '3.0': { + 'minor_version': '3.0', + 'minor_playbook': 'v3_0_minor/upgrade.yml', + 'major_version': '3.1', + 'major_playbook': 'v3_0_to_v3_1/upgrade.yml', + }, + '3.1': { + 'minor_version': '3.1', + 'minor_playbook': 'v3_1_minor/upgrade.yml', + 'major_playbook': 'v3_1_to_v3_2/upgrade.yml', + 'major_version': '3.2', + }, + '3.2': { + 'minor_version': '3.2', + 'minor_playbook': 'v3_2/upgrade.yml', + 'major_playbook': 'v3_2/upgrade.yml', + 'major_version': '3.3', + } +} + + def validate_ansible_dir(path): if not path: - raise click.BadParameter('An ansible path must be provided') + raise click.BadParameter('An Ansible path must be provided') return path # if not os.path.exists(path)): # raise click.BadParameter("Path \"{}\" doesn't exist".format(path)) + def is_valid_hostname(hostname): if not hostname or len(hostname) > 255: return False @@ -31,59 +65,43 @@ def is_valid_hostname(hostname): allowed = re.compile(r"(?!-)[A-Z\d-]{1,63}(?<!-)$", re.IGNORECASE) return all(allowed.match(x) for x in hostname.split(".")) + def validate_prompt_hostname(hostname): if hostname == '' or is_valid_hostname(hostname): return hostname raise click.BadParameter('Invalid hostname. Please double-check this value and re-enter it.') + def get_ansible_ssh_user(): click.clear() message = """ -This installation process will involve connecting to remote hosts via ssh. Any -account may be used however if a non-root account is used it must have +This installation process involves connecting to remote hosts via ssh. Any +account may be used. However, if a non-root account is used, then it must have passwordless sudo access. """ click.echo(message) return click.prompt('User for ssh access', default='root') + def get_master_routingconfig_subdomain(): click.clear() message = """ -You might want to override the default subdomain uses for exposed routes. If you don't know what -this is, use the default value. +You might want to override the default subdomain used for exposed routes. If you don't know what this is, use the default value. """ click.echo(message) return click.prompt('New default subdomain (ENTER for none)', default='') + def list_hosts(hosts): hosts_idx = range(len(hosts)) for idx in hosts_idx: click.echo(' {}: {}'.format(idx, hosts[idx])) -def delete_hosts(hosts): - while True: - list_hosts(hosts) - del_idx = click.prompt('Select host to delete, y/Y to confirm, ' \ - 'or n/N to add more hosts', default='n') - try: - del_idx = int(del_idx) - hosts.remove(hosts[del_idx]) - except IndexError: - click.echo("\"{}\" doesn't match any hosts listed.".format(del_idx)) - except ValueError: - try: - response = del_idx.lower() - if response in ['y', 'n']: - return hosts, response - click.echo("\"{}\" doesn't coorespond to any valid input.".format(del_idx)) - except AttributeError: - click.echo("\"{}\" doesn't coorespond to any valid input.".format(del_idx)) - return hosts, None def collect_hosts(oo_cfg, existing_env=False, masters_set=False, print_summary=True): """ Collect host information from user. This will later be filled in using - ansible. + Ansible. Returns: a list of host information collected from the user """ @@ -92,28 +110,28 @@ def collect_hosts(oo_cfg, existing_env=False, masters_set=False, print_summary=T message = """ You must now specify the hosts that will compose your OpenShift cluster. -Please enter an IP or hostname to connect to for each system in the cluster. -You will then be prompted to identify what role you would like this system to +Please enter an IP address or hostname to connect to for each system in the +cluster. You will then be prompted to identify what role you want this system to serve in the cluster. -OpenShift Masters serve the API and web console and coordinate the jobs to run -across the environment. If desired you can specify multiple Master systems for -an HA deployment, in which case you will be prompted to identify a *separate* -system to act as the load balancer for your cluster after all Masters and Nodes -are defined. +OpenShift masters serve the API and web console and coordinate the jobs to run +across the environment. Optionally, you can specify multiple master systems for +a high-availability (HA) deployment. If you choose an HA deployment, then you +are prompted to identify a *separate* system to act as the load balancer for +your cluster once you define all masters and nodes. -If only one Master is specified, an etcd instance embedded within the OpenShift -Master service will be used as the datastore. This can be later replaced with a -separate etcd instance if desired. If multiple Masters are specified, a -separate etcd cluster will be configured with each Master serving as a member. +If only one master is specified, an etcd instance is embedded within the +OpenShift master service to use as the datastore. This can be later replaced +with a separate etcd instance, if required. If multiple masters are specified, +then a separate etcd cluster is configured with each master serving as a member. -Any Masters configured as part of this installation process will also be -configured as Nodes. This is so that the Master will be able to proxy to Pods -from the API. By default this Node will be unschedulable but this can be changed -after installation with 'oadm manage-node'. +Any masters configured as part of this installation process are also +configured as nodes. This enables the master to proxy to pods +from the API. By default, this node is unschedulable, but this can be changed +after installation with the 'oadm manage-node' command. -OpenShift Nodes provide the runtime environments for containers. They will -host the required services to be managed by the Master. +OpenShift nodes provide the runtime environments for containers. They host the +required services to be managed by the master. http://docs.openshift.com/enterprise/latest/architecture/infrastructure_components/kubernetes_infrastructure.html#master http://docs.openshift.com/enterprise/latest/architecture/infrastructure_components/kubernetes_infrastructure.html#node @@ -131,7 +149,7 @@ http://docs.openshift.com/enterprise/latest/architecture/infrastructure_componen value_proc=validate_prompt_hostname) if not masters_set: - if click.confirm('Will this host be an OpenShift Master?'): + if click.confirm('Will this host be an OpenShift master?'): host_props['roles'].append('master') host_props['roles'].append('etcd') num_masters += 1 @@ -155,12 +173,11 @@ http://docs.openshift.com/enterprise/latest/architecture/infrastructure_componen hosts.append(host) - if print_summary: print_installation_summary(hosts, oo_cfg.settings['variant_version']) # If we have one master, this is enough for an all-in-one deployment, - # thus we can start asking if you wish to proceed. Otherwise we assume + # thus we can start asking if you want to proceed. Otherwise we assume # you must. if masters_set or num_masters != 2: more_hosts = click.confirm('Do you want to add additional hosts?') @@ -193,12 +210,12 @@ def print_installation_summary(hosts, version=None): nodes = [host for host in hosts if host.is_node()] dedicated_nodes = [host for host in hosts if host.is_node() and not host.is_master()] click.echo('') - click.echo('Total OpenShift Masters: %s' % len(masters)) - click.echo('Total OpenShift Nodes: %s' % len(nodes)) + click.echo('Total OpenShift masters: %s' % len(masters)) + click.echo('Total OpenShift nodes: %s' % len(nodes)) if len(masters) == 1 and version != '3.0': ha_hint_message = """ -NOTE: Add a total of 3 or more Masters to perform an HA installation.""" +NOTE: Add a total of 3 or more masters to perform an HA installation.""" click.echo(ha_hint_message) elif len(masters) == 2: min_masters_message = """ @@ -207,19 +224,19 @@ Please add one more to proceed.""" click.echo(min_masters_message) elif len(masters) >= 3: ha_message = """ -NOTE: Multiple Masters specified, this will be an HA deployment with a separate +NOTE: Multiple masters specified, this will be an HA deployment with a separate etcd cluster. You will be prompted to provide the FQDN of a load balancer and a host for storage once finished entering hosts. """ click.echo(ha_message) dedicated_nodes_message = """ -WARNING: Dedicated Nodes are recommended for an HA deployment. If no dedicated -Nodes are specified, each configured Master will be marked as a schedulable -Node.""" +WARNING: Dedicated nodes are recommended for an HA deployment. If no dedicated +nodes are specified, each configured master will be marked as a schedulable +node.""" min_ha_nodes_message = """ -WARNING: A minimum of 3 dedicated Nodes are recommended for an HA +WARNING: A minimum of 3 dedicated nodes are recommended for an HA deployment.""" if len(dedicated_nodes) == 0: click.echo(dedicated_nodes_message) @@ -232,14 +249,14 @@ deployment.""" def print_host_summary(all_hosts, host): click.echo("- %s" % host.connect_to) if host.is_master(): - click.echo(" - OpenShift Master") + click.echo(" - OpenShift master") if host.is_node(): if host.is_dedicated_node(): - click.echo(" - OpenShift Node (Dedicated)") + click.echo(" - OpenShift node (Dedicated)") elif host.is_schedulable_node(all_hosts): - click.echo(" - OpenShift Node") + click.echo(" - OpenShift node") else: - click.echo(" - OpenShift Node (Unscheduled)") + click.echo(" - OpenShift node (Unscheduled)") if host.is_master_lb(): if host.preconfigured: click.echo(" - Load Balancer (Preconfigured)") @@ -263,14 +280,14 @@ def collect_master_lb(hosts): this is an invalid configuration. """ message = """ -Setting up High Availability Masters requires a load balancing solution. -Please provide a the FQDN of a host that will be configured as a proxy. This +Setting up high-availability masters requires a load balancing solution. +Please provide the FQDN of a host that will be configured as a proxy. This can be either an existing load balancer configured to balance all masters on port 8443 or a new host that will have HAProxy installed on it. -If the host provided does is not yet configured, a reference haproxy load -balancer will be installed. It's important to note that while the rest of the -environment will be fault tolerant this reference load balancer will not be. +If the host provided is not yet configured, a reference HAProxy load +balancer will be installed. It's important to note that while the rest of the +environment will be fault-tolerant, this reference load balancer will not be. It can be replaced post-installation with a load balancer with the same hostname. """ @@ -292,19 +309,20 @@ hostname. host_props['connect_to'] = click.prompt('Enter hostname or IP address', value_proc=validate_prompt_lb) install_haproxy = \ - click.confirm('Should the reference haproxy load balancer be installed on this host?') + click.confirm('Should the reference HAProxy load balancer be installed on this host?') host_props['preconfigured'] = not install_haproxy host_props['roles'] = ['master_lb'] master_lb = Host(**host_props) hosts.append(master_lb) + def collect_storage_host(hosts): """ Get a valid host for storage from the user and append it to the list of hosts. """ message = """ -Setting up High Availability Masters requires a storage host. Please provide a +Setting up high-availability masters requires a storage host. Please provide a host that will be configured as a Registry Storage. Note: Containerized storage hosts are not currently supported. @@ -315,8 +333,8 @@ Note: Containerized storage hosts are not currently supported. first_master = next(host for host in hosts if host.is_master()) hostname_or_ip = click.prompt('Enter hostname or IP address', - value_proc=validate_prompt_hostname, - default=first_master.connect_to) + value_proc=validate_prompt_hostname, + default=first_master.connect_to) existing, existing_host = is_host_already_node_or_master(hostname_or_ip, hosts) if existing and existing_host.is_node(): existing_host.roles.append('storage') @@ -327,6 +345,7 @@ Note: Containerized storage hosts are not currently supported. storage = Host(**host_props) hosts.append(storage) + def is_host_already_node_or_master(hostname, hosts): is_existing = False existing_host = None @@ -338,19 +357,20 @@ def is_host_already_node_or_master(hostname, hosts): return is_existing, existing_host + def confirm_hosts_facts(oo_cfg, callback_facts): hosts = oo_cfg.deployment.hosts click.clear() message = """ -A list of the facts gathered from the provided hosts follows. Because it is -often the case that the hostname for a system inside the cluster is different -from the hostname that is resolveable from command line or web clients -these settings cannot be validated automatically. +The following is a list of the facts gathered from the provided hosts. The +hostname for a system inside the cluster is often different from the hostname +that is resolveable from command-line or web clients, therefore these settings +cannot be validated automatically. -For some cloud providers the installer is able to gather metadata exposed in -the instance so reasonable defaults will be provided. +For some cloud providers, the installer is able to gather metadata exposed in +the instance, so reasonable defaults will be provided. -Plese confirm that they are correct before moving forward. +Please confirm that they are correct before moving forward. """ notes = """ @@ -364,7 +384,7 @@ Notes: * The public IP should be the externally accessible IP associated with the instance * The hostname should resolve to the internal IP from the instances themselves. - * The public hostname should resolve to the external ip from hosts outside of + * The public hostname should resolve to the external IP from hosts outside of the cloud. """ @@ -412,42 +432,41 @@ Edit %s with the desired values and run `atomic-openshift-installer --unattended return default_facts - def check_hosts_config(oo_cfg, unattended): click.clear() masters = [host for host in oo_cfg.deployment.hosts if host.is_master()] if len(masters) == 2: - click.echo("A minimum of 3 Masters are required for HA deployments.") + click.echo("A minimum of 3 masters are required for HA deployments.") sys.exit(1) if len(masters) > 1: master_lb = [host for host in oo_cfg.deployment.hosts if host.is_master_lb()] if len(master_lb) > 1: - click.echo('ERROR: More than one Master load balancer specified. Only one is allowed.') + click.echo('ERROR: More than one master load balancer specified. Only one is allowed.') sys.exit(1) elif len(master_lb) == 1: if master_lb[0].is_master() or master_lb[0].is_node(): - click.echo('ERROR: The Master load balancer is configured as a master or node. ' \ + click.echo('ERROR: The master load balancer is configured as a master or node. ' 'Please correct this.') sys.exit(1) else: message = """ ERROR: No master load balancer specified in config. You must provide the FQDN -of a load balancer to balance the API (port 8443) on all Master hosts. +of a load balancer to balance the API (port 8443) on all master hosts. https://docs.openshift.org/latest/install_config/install/advanced_install.html#multiple-masters """ click.echo(message) sys.exit(1) - dedicated_nodes = [host for host in oo_cfg.deployment.hosts \ - if host.is_node() and not host.is_master()] + dedicated_nodes = [host for host in oo_cfg.deployment.hosts + if host.is_node() and not host.is_master()] if len(dedicated_nodes) == 0: message = """ -WARNING: No dedicated Nodes specified. By default, colocated Masters have -their Nodes set to unschedulable. If you proceed all nodes will be labelled +WARNING: No dedicated nodes specified. By default, colocated masters have +their nodes set to unschedulable. If you proceed all nodes will be labelled as schedulable. """ if unattended: @@ -457,14 +476,14 @@ as schedulable. return + def get_variant_and_version(multi_master=False): message = "\nWhich variant would you like to install?\n\n" i = 1 combos = get_variant_version_combos() for (variant, version) in combos: - message = "%s\n(%s) %s %s" % (message, i, variant.description, - version.name) + message = "%s\n(%s) %s" % (message, i, variant.description) i = i + 1 message = "%s\n" % message @@ -476,12 +495,14 @@ def get_variant_and_version(multi_master=False): return product, version + def confirm_continue(message): if message: click.echo(message) click.confirm("Are you ready to continue?", default=False, abort=True) return + def error_if_missing_info(oo_cfg): missing_info = False if not oo_cfg.deployment.hosts: @@ -490,7 +511,7 @@ def error_if_missing_info(oo_cfg): 'command line or in the config file: %s' % oo_cfg.config_path) sys.exit(1) - if 'ansible_ssh_user' not in oo_cfg.settings: + if 'ansible_ssh_user' not in oo_cfg.deployment.variables: click.echo("Must specify ansible_ssh_user in configuration file.") sys.exit(1) @@ -521,6 +542,7 @@ def error_if_missing_info(oo_cfg): if missing_info: sys.exit(1) + def get_host_roles_set(oo_cfg): roles_set = set() for host in oo_cfg.deployment.hosts: @@ -529,13 +551,17 @@ def get_host_roles_set(oo_cfg): return roles_set + def get_proxy_hostnames_and_excludes(): message = """ -If a proxy is needed to reach HTTP and HTTPS traffic please enter the name below. -This proxy will be configured by default for all processes needing to reach systems outside -the cluster. +If a proxy is needed to reach HTTP and HTTPS traffic, please enter the +name below. This proxy will be configured by default for all processes +that need to reach systems outside the cluster. An example proxy value +would be: + + http://proxy.example.com:8080/ -More advanced configuration is possible if using ansible directly: +More advanced configuration is possible if using Ansible directly: https://docs.openshift.com/enterprise/latest/install_config/http_proxies.html """ @@ -544,12 +570,14 @@ https://docs.openshift.com/enterprise/latest/install_config/http_proxies.html message = "Specify your http proxy ? (ENTER for none)" http_proxy_hostname = click.prompt(message, default='') + # TODO: Fix this prompt message and behavior. 'ENTER' will default + # to the http_proxy_hostname if one was provided message = "Specify your https proxy ? (ENTER for none)" https_proxy_hostname = click.prompt(message, default=http_proxy_hostname) if http_proxy_hostname or https_proxy_hostname: message = """ -All hosts in your openshift inventory will automatically be added to the NO_PROXY value. +All hosts in your OpenShift inventory will automatically be added to the NO_PROXY value. Please provide any additional hosts to be added to NO_PROXY. (ENTER for none) """ proxy_excludes = click.prompt(message, default='') @@ -558,6 +586,7 @@ Please provide any additional hosts to be added to NO_PROXY. (ENTER for none) return http_proxy_hostname, https_proxy_hostname, proxy_excludes + def get_missing_info_from_user(oo_cfg): """ Prompts the user for any information missing from the given configuration. """ click.clear() @@ -573,10 +602,10 @@ Please confirm that following prerequisites have been met: repositories. * All systems have run docker-storage-setup (part of the Red Hat docker RPM). * All systems have working DNS that resolves not only from the perspective of - the installer but also from within the cluster. + the installer, but also from within the cluster. -When the process completes you will have a default configuration for Masters -and Nodes. For ongoing environment maintenance it's recommended that the +When the process completes you will have a default configuration for masters +and nodes. For ongoing environment maintenance it's recommended that the official Ansible playbooks be used. For more information on installation prerequisites please see: @@ -585,30 +614,46 @@ https://docs.openshift.com/enterprise/latest/admin_guide/install/prerequisites.h confirm_continue(message) click.clear() - if not oo_cfg.settings.get('ansible_ssh_user', ''): - oo_cfg.settings['ansible_ssh_user'] = get_ansible_ssh_user() + if not oo_cfg.deployment.variables.get('ansible_ssh_user', False): + oo_cfg.deployment.variables['ansible_ssh_user'] = get_ansible_ssh_user() click.clear() if not oo_cfg.settings.get('variant', ''): variant, version = get_variant_and_version() oo_cfg.settings['variant'] = variant.name oo_cfg.settings['variant_version'] = version.name + oo_cfg.settings['variant_subtype'] = version.subtype click.clear() if not oo_cfg.deployment.hosts: oo_cfg.deployment.hosts, roles = collect_hosts(oo_cfg) + set_infra_nodes(oo_cfg.deployment.hosts) for role in roles: oo_cfg.deployment.roles[role] = Role(name=role, variables={}) click.clear() - if not 'master_routingconfig_subdomain' in oo_cfg.deployment.variables: - oo_cfg.deployment.variables['master_routingconfig_subdomain'] = \ - get_master_routingconfig_subdomain() + if 'master_routingconfig_subdomain' not in oo_cfg.deployment.variables: + oo_cfg.deployment.variables['master_routingconfig_subdomain'] = get_master_routingconfig_subdomain() click.clear() - if not oo_cfg.settings.get('openshift_http_proxy', None) and \ - LooseVersion(oo_cfg.settings.get('variant_version', '0.0')) >= LooseVersion('3.2'): + # Are any proxy vars already presisted? + proxy_vars = ['proxy_exclude_hosts', 'proxy_https', 'proxy_http'] + # Empty list if NO proxy vars were presisted + saved_proxy_vars = [pv for pv in proxy_vars + if oo_cfg.deployment.variables.get(pv, 'UNSET') is not 'UNSET'] + + installer_log.debug("Evaluated proxy settings, found %s presisted values", + len(saved_proxy_vars)) + current_version = parse_version( + oo_cfg.settings.get('variant_version', '0.0')) + min_version = parse_version('3.2') + + # No proxy vars were saved and we are running a version which + # recognizes proxy parameters. We must prompt the user for values + # if this conditional is true. + if not saved_proxy_vars and current_version >= min_version: + installer_log.debug("Prompting user to enter proxy values") http_proxy, https_proxy, proxy_excludes = get_proxy_hostnames_and_excludes() oo_cfg.deployment.variables['proxy_http'] = http_proxy oo_cfg.deployment.variables['proxy_https'] = https_proxy @@ -626,10 +671,12 @@ def get_role_variable(oo_cfg, role_name, variable_name): except (StopIteration, KeyError): return None + def set_role_variable(oo_cfg, role_name, variable_name, variable_value): target_role = next(role for role in oo_cfg.deployment.roles if role.name is role_name) target_role[variable_name] = variable_value + def collect_new_nodes(oo_cfg): click.clear() click.echo('*** New Node Configuration ***') @@ -640,32 +687,27 @@ Add new nodes here new_nodes, _ = collect_hosts(oo_cfg, existing_env=True, masters_set=True, print_summary=False) return new_nodes + def get_installed_hosts(hosts, callback_facts): installed_hosts = [] + uninstalled_hosts = [] + for host in [h for h in hosts if h.is_master() or h.is_node()]: + if host.connect_to in callback_facts.keys(): + if is_installed_host(host, callback_facts): + installed_hosts.append(host) + else: + uninstalled_hosts.append(host) + return installed_hosts, uninstalled_hosts - # count nativeha lb as an installed host - try: - first_master = next(host for host in hosts if host.is_master()) - lb_hostname = callback_facts[first_master.connect_to]['master'].get('cluster_hostname', '') - lb_host = \ - next(host for host in hosts if host.ip == callback_facts[lb_hostname]['common']['ip']) - - installed_hosts.append(lb_host) - except (KeyError, StopIteration): - pass - - for host in hosts: - if host.connect_to in callback_facts.keys() and is_installed_host(host, callback_facts): - installed_hosts.append(host) - return installed_hosts def is_installed_host(host, callback_facts): version_found = 'common' in callback_facts[host.connect_to].keys() and \ - callback_facts[host.connect_to]['common'].get('version', '') and \ - callback_facts[host.connect_to]['common'].get('version', '') != 'None' + callback_facts[host.connect_to]['common'].get('version', '') and \ + callback_facts[host.connect_to]['common'].get('version', '') != 'None' return version_found + # pylint: disable=too-many-branches # This pylint error will be corrected shortly in separate PR. def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose): @@ -674,16 +716,16 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose): hosts_to_run_on = list(oo_cfg.deployment.hosts) # Check if master or nodes already have something installed - installed_hosts = get_installed_hosts(oo_cfg.deployment.hosts, callback_facts) + installed_hosts, uninstalled_hosts = get_installed_hosts(oo_cfg.deployment.hosts, callback_facts) if len(installed_hosts) > 0: click.echo('Installed environment detected.') # This check has to happen before we start removing hosts later in this method if not force: if not unattended: - click.echo('By default the installer only adds new nodes ' \ + click.echo('By default the installer only adds new nodes ' 'to an installed environment.') - response = click.prompt('Do you want to (1) only add additional nodes or ' \ - '(2) reinstall the existing hosts ' \ + response = click.prompt('Do you want to (1) only add additional nodes or ' + '(2) reinstall the existing hosts ' 'potentially erasing any custom changes?', type=int) # TODO: this should be reworked with error handling. @@ -697,29 +739,31 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose): # present a message listing already installed hosts and remove hosts if needed for host in installed_hosts: if host.is_master(): - click.echo("{} is already an OpenShift Master".format(host)) + click.echo("{} is already an OpenShift master".format(host)) # Masters stay in the list, we need to run against them when adding # new nodes. elif host.is_node(): - click.echo("{} is already an OpenShift Node".format(host)) + click.echo("{} is already an OpenShift node".format(host)) # force is only used for reinstalls so we don't want to remove # anything. if not force: hosts_to_run_on.remove(host) # Handle the cases where we know about uninstalled systems - new_hosts = set(hosts_to_run_on) - set(installed_hosts) - if len(new_hosts) > 0: - for new_host in new_hosts: - click.echo("{} is currently uninstalled".format(new_host)) - + if len(uninstalled_hosts) > 0: + for uninstalled_host in uninstalled_hosts: + click.echo("{} is currently uninstalled".format(uninstalled_host)) # Fall through - click.echo('Adding additional nodes...') + click.echo('\nUninstalled hosts have been detected in your environment. ' + 'Please make sure your environment was installed successfully ' + 'before adding new nodes. If you want a fresh install, use ' + '`atomic-openshift-installer install --force`') + sys.exit(1) else: if unattended: if not force: - click.echo('Installed environment detected and no additional ' \ - 'nodes specified: aborting. If you want a fresh install, use ' \ + click.echo('Installed environment detected and no additional ' + 'nodes specified: aborting. If you want a fresh install, use ' '`atomic-openshift-installer install --force`') sys.exit(1) else: @@ -733,24 +777,35 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose): click.echo('Gathering information from hosts...') callback_facts, error = openshift_ansible.default_facts(oo_cfg.deployment.hosts, verbose) if error or callback_facts is None: - click.echo("There was a problem fetching the required information. See " \ + click.echo("There was a problem fetching the required information. See " "{} for details.".format(oo_cfg.settings['ansible_log_path'])) sys.exit(1) else: - pass # proceeding as normal should do a clean install + pass # proceeding as normal should do a clean install return hosts_to_run_on, callback_facts +def set_infra_nodes(hosts): + if all(host.is_master() for host in hosts): + infra_list = hosts + else: + nodes_list = [host for host in hosts if host.is_schedulable_node(hosts)] + infra_list = nodes_list[:2] + + for host in infra_list: + host.node_labels = "{'region': 'infra'}" + + @click.group() @click.pass_context @click.option('--unattended', '-u', is_flag=True, default=False) @click.option('--configuration', '-c', - type=click.Path(file_okay=True, - dir_okay=False, - writable=True, - readable=True), - default=None) + type=click.Path(file_okay=True, + dir_okay=False, + writable=True, + readable=True), + default=None) @click.option('--ansible-playbook-directory', '-a', type=click.Path(exists=True, @@ -761,23 +816,27 @@ def get_hosts_to_run_on(oo_cfg, callback_facts, unattended, force, verbose): default=DEFAULT_PLAYBOOK_DIR, envvar='OO_ANSIBLE_PLAYBOOK_DIRECTORY') @click.option('--ansible-config', - type=click.Path(file_okay=True, - dir_okay=False, - writable=True, - readable=True), - default=None) + type=click.Path(file_okay=True, + dir_okay=False, + writable=True, + readable=True), + default=None) @click.option('--ansible-log-path', - type=click.Path(file_okay=True, - dir_okay=False, - writable=True, - readable=True), - default="/tmp/ansible.log") + type=click.Path(file_okay=True, + dir_okay=False, + writable=True, + readable=True), + default="/tmp/ansible.log") @click.option('-v', '--verbose', - is_flag=True, default=False) -#pylint: disable=too-many-arguments -#pylint: disable=line-too-long + is_flag=True, default=False) +@click.option('-d', '--debug', + help="Enable installer debugging (/tmp/installer.log)", + is_flag=True, default=False) +@click.help_option('--help', '-h') +# pylint: disable=too-many-arguments +# pylint: disable=line-too-long # Main CLI entrypoint, not much we can do about too many arguments. -def cli(ctx, unattended, configuration, ansible_playbook_directory, ansible_config, ansible_log_path, verbose): +def cli(ctx, unattended, configuration, ansible_playbook_directory, ansible_config, ansible_log_path, verbose, debug): """ atomic-openshift-installer makes the process for installing OSE or AEP easier by interactively gathering the data needed to run on each host. @@ -785,6 +844,14 @@ def cli(ctx, unattended, configuration, ansible_playbook_directory, ansible_conf Further reading: https://docs.openshift.com/enterprise/latest/install_config/install/quick_install.html """ + if debug: + # DEFAULT log level threshold is set to CRITICAL (the + # highest), anything below that (we only use debug/warning + # presently) is not logged. If '-d' is given though, we'll + # lower the threshold to debug (almost everything gets through) + installer_log.setLevel(logging.DEBUG) + installer_log.debug("Quick Installer debugging initialized") + ctx.obj = {} ctx.obj['unattended'] = unattended ctx.obj['configuration'] = configuration @@ -812,7 +879,7 @@ def cli(ctx, unattended, configuration, ansible_playbook_directory, ansible_conf if ctx.obj['ansible_config']: oo_cfg.settings['ansible_config'] = ctx.obj['ansible_config'] elif 'ansible_config' not in oo_cfg.settings and \ - os.path.exists(DEFAULT_ANSIBLE_CONFIG): + os.path.exists(DEFAULT_ANSIBLE_CONFIG): # If we're installed by RPM this file should exist and we can use it as our default: oo_cfg.settings['ansible_config'] = DEFAULT_ANSIBLE_CONFIG @@ -841,7 +908,7 @@ def uninstall(ctx): # Prompt interactively to confirm: for host in hosts: click.echo(" * %s" % host.connect_to) - proceed = click.confirm("\nDo you wish to proceed?") + proceed = click.confirm("\nDo you want to proceed?") if not proceed: click.echo("Uninstall cancelled.") sys.exit(0) @@ -853,25 +920,9 @@ def uninstall(ctx): @click.option('--latest-minor', '-l', is_flag=True, default=False) @click.option('--next-major', '-n', is_flag=True, default=False) @click.pass_context -#pylint: disable=bad-builtin,too-many-statements +# pylint: disable=too-many-statements def upgrade(ctx, latest_minor, next_major): oo_cfg = ctx.obj['oo_cfg'] - verbose = ctx.obj['verbose'] - - # major/minor fields are optional, as we don't always support minor/major - # upgrade for what you're currently running. - upgrade_mappings = { - '3.1':{ - 'major_playbook':'v3_2/upgrade.yml', - 'major_version' :'3.2', - }, - '3.2':{ - 'minor_playbook':'v3_2/upgrade.yml', -# Uncomment these when we're ready to support 3.3. -# 'major_version' :'3.3', -# 'major_playbook':'v3_1_to_v3_2/upgrade.yml', - }, - } if len(oo_cfg.deployment.hosts) == 0: click.echo("No hosts defined in: %s" % oo_cfg.config_path) @@ -883,7 +934,7 @@ def upgrade(ctx, latest_minor, next_major): sys.exit(0) old_version = oo_cfg.settings['variant_version'] - mapping = upgrade_mappings.get(old_version) + mapping = UPGRADE_MAPPINGS.get(old_version) message = """ This tool will help you upgrade your existing OpenShift installation. @@ -912,41 +963,42 @@ def upgrade(ctx, latest_minor, next_major): if next_major: if 'major_playbook' not in mapping: - click.echo("No major upgrade supported for %s %s with this version "\ + click.echo("No major upgrade supported for %s %s with this version " "of atomic-openshift-utils." % (variant, old_version)) sys.exit(0) playbook = mapping['major_playbook'] new_version = mapping['major_version'] # Update config to reflect the version we're targetting, we'll write - # to disk once ansible completes successfully, not before. + # to disk once Ansible completes successfully, not before. oo_cfg.settings['variant_version'] = new_version if oo_cfg.settings['variant'] == 'enterprise': oo_cfg.settings['variant'] = 'openshift-enterprise' if latest_minor: if 'minor_playbook' not in mapping: - click.echo("No minor upgrade supported for %s %s with this version "\ + click.echo("No minor upgrade supported for %s %s with this version " "of atomic-openshift-utils." % (variant, old_version)) sys.exit(0) playbook = mapping['minor_playbook'] new_version = old_version - click.echo("Openshift will be upgraded from %s %s to latest %s %s on the following hosts:\n" % ( + click.echo("OpenShift will be upgraded from %s %s to latest %s %s on the following hosts:\n" % ( variant, old_version, oo_cfg.settings['variant'], new_version)) for host in oo_cfg.deployment.hosts: click.echo(" * %s" % host.connect_to) if not ctx.obj['unattended']: # Prompt interactively to confirm: - proceed = click.confirm("\nDo you wish to proceed?") - if not proceed: + if not click.confirm("\nDo you want to proceed?"): click.echo("Upgrade cancelled.") sys.exit(0) - retcode = openshift_ansible.run_upgrade_playbook(playbook, verbose) + retcode = openshift_ansible.run_upgrade_playbook(oo_cfg.deployment.hosts, + playbook, + ctx.obj['verbose']) if retcode > 0: click.echo("Errors encountered during upgrade, please check %s." % - oo_cfg.settings['ansible_log_path']) + oo_cfg.settings['ansible_log_path']) else: oo_cfg.save_to_disk() click.echo("Upgrade completed! Rebooting all hosts is recommended.") @@ -955,7 +1007,7 @@ def upgrade(ctx, latest_minor, next_major): @click.command() @click.option('--force', '-f', is_flag=True, default=False) @click.option('--gen-inventory', is_flag=True, default=False, - help="Generate an ansible inventory file and exit.") + help="Generate an Ansible inventory file and exit.") @click.pass_context def install(ctx, force, gen_inventory): oo_cfg = ctx.obj['oo_cfg'] @@ -971,17 +1023,16 @@ def install(ctx, force, gen_inventory): print_installation_summary(oo_cfg.deployment.hosts, oo_cfg.settings.get('variant_version', None)) click.echo('Gathering information from hosts...') callback_facts, error = openshift_ansible.default_facts(oo_cfg.deployment.hosts, - verbose) + verbose) if error or callback_facts is None: - click.echo("There was a problem fetching the required information. " \ + click.echo("There was a problem fetching the required information. " "Please see {} for details.".format(oo_cfg.settings['ansible_log_path'])) sys.exit(1) hosts_to_run_on, callback_facts = get_hosts_to_run_on( oo_cfg, callback_facts, ctx.obj['unattended'], force, verbose) - # We already verified this is not the case for unattended installs, so this can # only trigger for live CLI users: # TODO: if there are *new* nodes and this is a live install, we may need the user @@ -993,12 +1044,12 @@ def install(ctx, force, gen_inventory): # Write quick installer config file to disk: oo_cfg.save_to_disk() - # Write ansible inventory file to disk: + # Write Ansible inventory file to disk: inventory_file = openshift_ansible.generate_inventory(hosts_to_run_on) click.echo() click.echo('Wrote atomic-openshift-installer config: %s' % oo_cfg.config_path) - click.echo("Wrote ansible inventory: %s" % inventory_file) + click.echo("Wrote Ansible inventory: %s" % inventory_file) click.echo() if gen_inventory: @@ -1017,7 +1068,7 @@ If changes are needed please edit the config file above and re-run. if error: # The bootstrap script will print out the log location. message = """ -An error was detected. After resolving the problem please relaunch the +An error was detected. After resolving the problem please relaunch the installation process. """ click.echo(message) @@ -1027,7 +1078,7 @@ installation process. The installation was successful! If this is your first time installing please take a look at the Administrator -Guide for advanced options related to routing, storage, authentication and much +Guide for advanced options related to routing, storage, authentication, and more: http://docs.openshift.com/enterprise/latest/admin_guide/overview.html diff --git a/utils/src/ooinstall/oo_config.py b/utils/src/ooinstall/oo_config.py index 69ad2b4c5..393b36f6f 100644 --- a/utils/src/ooinstall/oo_config.py +++ b/utils/src/ooinstall/oo_config.py @@ -2,9 +2,13 @@ import os import sys +import logging import yaml from pkg_resources import resource_filename + +installer_log = logging.getLogger('installer') + CONFIG_PERSIST_SETTINGS = [ 'ansible_ssh_user', 'ansible_callback_facts_yaml', @@ -14,8 +18,9 @@ CONFIG_PERSIST_SETTINGS = [ 'deployment', 'version', 'variant', + 'variant_subtype', 'variant_version', - ] +] DEPLOYMENT_VARIABLES_BLACKLIST = [ 'hosts', @@ -25,6 +30,17 @@ DEPLOYMENT_VARIABLES_BLACKLIST = [ DEFAULT_REQUIRED_FACTS = ['ip', 'public_ip', 'hostname', 'public_hostname'] PRECONFIGURED_REQUIRED_FACTS = ['hostname', 'public_hostname'] + +def print_read_config_error(error, path='the configuration file'): + message = """ +Error loading config. {}. + +See https://docs.openshift.com/enterprise/latest/install_config/install/quick_install.html#defining-an-installation-configuration-file +for information on creating a configuration file or delete {} and re-run the installer. +""" + print message.format(error, path) + + class OOConfigFileError(Exception): """The provided config file path can't be read/written """ @@ -90,7 +106,6 @@ class Host(object): def is_storage(self): return 'storage' in self.roles - def is_etcd_member(self, all_hosts): """ Will this host be a member of a standalone etcd cluster. """ if not self.is_master(): @@ -164,30 +179,54 @@ class OOConfig(object): self._read_config() self._set_defaults() - + # pylint: disable=too-many-branches + # Lots of different checks ran in a single method, could + # use a little refactoring-love some time def _read_config(self): + installer_log.debug("Attempting to read the OO Config") try: + installer_log.debug("Attempting to see if the provided config file exists: %s", self.config_path) if os.path.exists(self.config_path): + installer_log.debug("We think the config file exists: %s", self.config_path) with open(self.config_path, 'r') as cfgfile: loaded_config = yaml.safe_load(cfgfile.read()) - # Use the presence of a Description as an indicator this is - # a legacy config file: - if 'Description' in self.settings: - self._upgrade_legacy_config() + if 'version' not in loaded_config: + print_read_config_error('Legacy configuration file found', self.config_path) + sys.exit(0) + + if loaded_config.get('version', '') == 'v1': + loaded_config = self._upgrade_v1_config(loaded_config) try: host_list = loaded_config['deployment']['hosts'] role_list = loaded_config['deployment']['roles'] except KeyError as e: - print "Error loading config, no such key: {}".format(e) + print_read_config_error("No such key: {}".format(e), self.config_path) + print "Error loading config, required key missing: {}".format(e) sys.exit(0) for setting in CONFIG_PERSIST_SETTINGS: - try: - self.settings[setting] = str(loaded_config[setting]) - except KeyError: - continue + persisted_value = loaded_config.get(setting) + if persisted_value is not None: + self.settings[setting] = str(persisted_value) + + # We've loaded any persisted configs, let's verify any + # paths which are required for a correct and complete + # install + + # - ansible_callback_facts_yaml - Settings from a + # pervious run. If the file doesn't exist then we + # will just warn about it for now and recollect the + # facts. + if self.settings.get('ansible_callback_facts_yaml', None) is not None: + if not os.path.exists(self.settings['ansible_callback_facts_yaml']): + # Cached callback facts file does not exist + installer_log.warning("The specified 'ansible_callback_facts_yaml'" + "file does not exist (%s)", + self.settings['ansible_callback_facts_yaml']) + installer_log.debug("Remote system facts will be collected again later") + self.settings.pop('ansible_callback_facts_yaml') for setting in loaded_config['deployment']: try: @@ -205,47 +244,67 @@ class OOConfig(object): for name, variables in role_list.iteritems(): self.deployment.roles.update({name: Role(name, variables)}) - except IOError, ferr: raise OOConfigFileError('Cannot open config file "{}": {}'.format(ferr.filename, ferr.strerror)) except yaml.scanner.ScannerError: raise OOConfigFileError( 'Config file "{}" is not a valid YAML document'.format(self.config_path)) + installer_log.debug("Parsed the config file") + + def _upgrade_v1_config(self, config): + new_config_data = {} + new_config_data['deployment'] = {} + new_config_data['deployment']['hosts'] = [] + new_config_data['deployment']['roles'] = {} + new_config_data['deployment']['variables'] = {} - def _upgrade_legacy_config(self): - new_hosts = [] - remove_settings = ['validated_facts', 'Description', 'Name', - 'Subscription', 'Vendor', 'Version', 'masters', 'nodes'] - - if 'validated_facts' in self.settings: - for key, value in self.settings['validated_facts'].iteritems(): - value['connect_to'] = key - if 'masters' in self.settings and key in self.settings['masters']: - value['master'] = True - if 'nodes' in self.settings and key in self.settings['nodes']: - value['node'] = True - new_hosts.append(value) - self.settings['hosts'] = new_hosts - - for s in remove_settings: - if s in self.settings: - del self.settings[s] - - # A legacy config implies openshift-enterprise 3.0: - self.settings['variant'] = 'openshift-enterprise' - self.settings['variant_version'] = '3.0' - - def _upgrade_v1_config(self): - #TODO write code to upgrade old config - return + role_list = {} + + if config.get('ansible_ssh_user', False): + new_config_data['deployment']['ansible_ssh_user'] = config['ansible_ssh_user'] + + if config.get('variant', False): + new_config_data['variant'] = config['variant'] + + if config.get('variant_version', False): + new_config_data['variant_version'] = config['variant_version'] + + for host in config['hosts']: + host_props = {} + host_props['roles'] = [] + host_props['connect_to'] = host['connect_to'] + + for prop in ['ip', 'public_ip', 'hostname', 'public_hostname', 'containerized', 'preconfigured']: + host_props[prop] = host.get(prop, None) + + for role in ['master', 'node', 'master_lb', 'storage', 'etcd']: + if host.get(role, False): + host_props['roles'].append(role) + role_list[role] = '' + + new_config_data['deployment']['hosts'].append(host_props) + + new_config_data['deployment']['roles'] = role_list + + return new_config_data def _set_defaults(self): + installer_log.debug("Setting defaults, current OOConfig settings: %s", self.settings) if 'ansible_inventory_directory' not in self.settings: self.settings['ansible_inventory_directory'] = self._default_ansible_inv_dir() + if not os.path.exists(self.settings['ansible_inventory_directory']): + installer_log.debug("'ansible_inventory_directory' does not exist, " + "creating it now (%s)", + self.settings['ansible_inventory_directory']) os.makedirs(self.settings['ansible_inventory_directory']) + else: + installer_log.debug("We think this 'ansible_inventory_directory' " + "is OK: %s", + self.settings['ansible_inventory_directory']) + if 'ansible_plugins_directory' not in self.settings: self.settings['ansible_plugins_directory'] = \ resource_filename(__name__, 'ansible_plugins') @@ -253,8 +312,14 @@ class OOConfig(object): self.settings['version'] = 'v2' if 'ansible_callback_facts_yaml' not in self.settings: + installer_log.debug("No 'ansible_callback_facts_yaml' in self.settings") self.settings['ansible_callback_facts_yaml'] = '%s/callback_facts.yaml' % \ self.settings['ansible_inventory_directory'] + installer_log.debug("Value: %s", self.settings['ansible_callback_facts_yaml']) + else: + installer_log.debug("'ansible_callback_facts_yaml' already set " + "in self.settings: %s", + self.settings['ansible_callback_facts_yaml']) if 'ansible_ssh_user' not in self.settings: self.settings['ansible_ssh_user'] = '' @@ -262,11 +327,17 @@ class OOConfig(object): self.settings['ansible_inventory_path'] = \ '{}/hosts'.format(os.path.dirname(self.config_path)) + # pylint: disable=consider-iterating-dictionary + # Disabled because we shouldn't alter the container we're + # iterating over + # # clean up any empty sets for setting in self.settings.keys(): if not self.settings[setting]: self.settings.pop(setting) + installer_log.debug("Updated OOConfig settings: %s", self.settings) + def _default_ansible_inv_dir(self): return os.path.normpath( os.path.dirname(self.config_path) + "/.ansible") @@ -329,7 +400,6 @@ class OOConfig(object): print "Error persisting settings: {}".format(e) sys.exit(0) - return p_settings def yaml(self): diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py index f1e03f8f2..75d26c10a 100644 --- a/utils/src/ooinstall/openshift_ansible.py +++ b/utils/src/ooinstall/openshift_ansible.py @@ -4,9 +4,12 @@ import socket import subprocess import sys import os +import logging import yaml from ooinstall.variants import find_variant +installer_log = logging.getLogger('installer') + CFG = None ROLES_TO_GROUPS_MAP = { @@ -19,19 +22,20 @@ ROLES_TO_GROUPS_MAP = { VARIABLES_MAP = { 'ansible_ssh_user': 'ansible_ssh_user', - 'ansible_config': 'ansible_config', - 'ansible_log_path': 'ansible_log_path', 'deployment_type': 'deployment_type', - 'master_routingconfig_subdomain':'openshift_master_default_subdomain', - 'proxy_http':'openshift_http_proxy', + 'variant_subtype': 'deployment_subtype', + 'master_routingconfig_subdomain': 'openshift_master_default_subdomain', + 'proxy_http': 'openshift_http_proxy', 'proxy_https': 'openshift_https_proxy', 'proxy_exclude_hosts': 'openshift_no_proxy', } + def set_config(cfg): global CFG CFG = cfg + def generate_inventory(hosts): global CFG @@ -50,8 +54,7 @@ def generate_inventory(hosts): write_inventory_vars(base_inventory, multiple_masters, lb) - - #write_inventory_hosts + # write_inventory_hosts for role in CFG.deployment.roles: # write group block group = ROLES_TO_GROUPS_MAP.get(role, role) @@ -70,15 +73,17 @@ def generate_inventory(hosts): base_inventory.close() return base_inventory_path + def determine_lb_configuration(hosts): lb = next((host for host in hosts if host.is_master_lb()), None) if lb: - if lb.hostname == None: + if lb.hostname is None: lb.hostname = lb.connect_to lb.public_hostname = lb.connect_to return lb + def write_inventory_children(base_inventory, scaleup): global CFG @@ -106,7 +111,7 @@ def write_inventory_vars(base_inventory, multiple_masters, lb): if value: base_inventory.write('{}={}\n'.format(inventory_var, value)) - if CFG.settings['ansible_ssh_user'] != 'root': + if CFG.deployment.variables['ansible_ssh_user'] != 'root': base_inventory.write('ansible_become=yes\n') if multiple_masters and lb is not None: @@ -116,28 +121,30 @@ def write_inventory_vars(base_inventory, multiple_masters, lb): "openshift_master_cluster_public_hostname={}\n".format(lb.public_hostname)) if CFG.settings.get('variant_version', None) == '3.1': - #base_inventory.write('openshift_image_tag=v{}\n'.format(CFG.settings.get('variant_version'))) + # base_inventory.write('openshift_image_tag=v{}\n'.format(CFG.settings.get('variant_version'))) base_inventory.write('openshift_image_tag=v{}\n'.format('3.1.1.6')) write_proxy_settings(base_inventory) # Find the correct deployment type for ansible: ver = find_variant(CFG.settings['variant'], - version=CFG.settings.get('variant_version', None))[1] + version=CFG.settings.get('variant_version', None))[1] base_inventory.write('deployment_type={}\n'.format(ver.ansible_key)) + if getattr(ver, 'variant_subtype', False): + base_inventory.write('deployment_subtype={}\n'.format(ver.deployment_subtype)) if 'OO_INSTALL_ADDITIONAL_REGISTRIES' in os.environ: - base_inventory.write('openshift_docker_additional_registries={}\n' - .format(os.environ['OO_INSTALL_ADDITIONAL_REGISTRIES'])) + base_inventory.write('openshift_docker_additional_registries={}\n'.format( + os.environ['OO_INSTALL_ADDITIONAL_REGISTRIES'])) if 'OO_INSTALL_INSECURE_REGISTRIES' in os.environ: - base_inventory.write('openshift_docker_insecure_registries={}\n' - .format(os.environ['OO_INSTALL_INSECURE_REGISTRIES'])) + base_inventory.write('openshift_docker_insecure_registries={}\n'.format( + os.environ['OO_INSTALL_INSECURE_REGISTRIES'])) if 'OO_INSTALL_PUDDLE_REPO' in os.environ: # We have to double the '{' here for literals base_inventory.write("openshift_additional_repos=[{{'id': 'ose-devel', " - "'name': 'ose-devel', " - "'baseurl': '{}', " - "'enabled': 1, 'gpgcheck': 0}}]\n".format(os.environ['OO_INSTALL_PUDDLE_REPO'])) + "'name': 'ose-devel', " + "'baseurl': '{}', " + "'enabled': 1, 'gpgcheck': 0}}]\n".format(os.environ['OO_INSTALL_PUDDLE_REPO'])) for name, role_obj in CFG.deployment.roles.iteritems(): if role_obj.variables: @@ -153,17 +160,17 @@ def write_inventory_vars(base_inventory, multiple_masters, lb): def write_proxy_settings(base_inventory): try: base_inventory.write("openshift_http_proxy={}\n".format( - CFG.settings['openshift_http_proxy'])) + CFG.settings['openshift_http_proxy'])) except KeyError: pass try: base_inventory.write("openshift_https_proxy={}\n".format( - CFG.settings['openshift_https_proxy'])) + CFG.settings['openshift_https_proxy'])) except KeyError: pass try: base_inventory.write("openshift_no_proxy={}\n".format( - CFG.settings['openshift_no_proxy'])) + CFG.settings['openshift_no_proxy'])) except KeyError: pass @@ -190,8 +197,8 @@ def write_host(host, role, inventory, schedulable=None): for variable, value in host.other_variables.iteritems(): facts += " {}={}".format(variable, value) if host.node_labels: - facts += ' openshift_node_labels="{}"'.format(host.node_labels) - + if role == 'node': + facts += ' openshift_node_labels="{}"'.format(host.node_labels) # Distinguish between three states, no schedulability specified (use default), # explicitly set to True, or explicitly set to False: @@ -217,17 +224,21 @@ def load_system_facts(inventory_file, os_facts_path, env_vars, verbose=False): """ Retrieves system facts from the remote systems. """ + installer_log.debug("Inside load_system_facts") FNULL = open(os.devnull, 'w') args = ['ansible-playbook', '-v'] if verbose \ else ['ansible-playbook'] args.extend([ '--inventory-file={}'.format(inventory_file), os_facts_path]) + installer_log.debug("Going to subprocess out to ansible now with these args: %s", ' '.join(args)) status = subprocess.call(args, env=env_vars, stdout=FNULL) - if not status == 0: + if status != 0: + installer_log.debug("Exit status from subprocess was not 0") return [], 1 with open(CFG.settings['ansible_callback_facts_yaml'], 'r') as callback_facts_file: + installer_log.debug("Going to try to read this file: %s", CFG.settings['ansible_callback_facts_yaml']) try: callback_facts = yaml.safe_load(callback_facts_file) except yaml.YAMLError, exc: @@ -240,6 +251,7 @@ def load_system_facts(inventory_file, os_facts_path, env_vars, verbose=False): def default_facts(hosts, verbose=False): global CFG + installer_log.debug("Current global CFG vars here: %s", CFG) inventory_file = generate_inventory(hosts) os_facts_path = '{}/playbooks/byo/openshift_facts.yml'.format(CFG.ansible_playbook_directory) @@ -251,6 +263,9 @@ def default_facts(hosts, verbose=False): facts_env["ANSIBLE_LOG_PATH"] = CFG.settings['ansible_log_path'] if 'ansible_config' in CFG.settings: facts_env['ANSIBLE_CONFIG'] = CFG.settings['ansible_config'] + + installer_log.debug("facts_env: %s", facts_env) + installer_log.debug("Going to 'load_system_facts' next") return load_system_facts(inventory_file, os_facts_path, facts_env, verbose) @@ -281,7 +296,7 @@ def run_ansible(playbook, inventory, env_vars, verbose=False): def run_uninstall_playbook(hosts, verbose=False): playbook = os.path.join(CFG.settings['ansible_playbook_directory'], - 'playbooks/adhoc/uninstall.yml') + 'playbooks/adhoc/uninstall.yml') inventory_file = generate_inventory(hosts) facts_env = os.environ.copy() if 'ansible_log_path' in CFG.settings: @@ -291,12 +306,12 @@ def run_uninstall_playbook(hosts, verbose=False): return run_ansible(playbook, inventory_file, facts_env, verbose) -def run_upgrade_playbook(playbook, verbose=False): +def run_upgrade_playbook(hosts, playbook, verbose=False): playbook = os.path.join(CFG.settings['ansible_playbook_directory'], - 'playbooks/byo/openshift-cluster/upgrades/{}'.format(playbook)) + 'playbooks/byo/openshift-cluster/upgrades/{}'.format(playbook)) # TODO: Upgrade inventory for upgrade? - inventory_file = generate_inventory(CFG.hosts) + inventory_file = generate_inventory(hosts) facts_env = os.environ.copy() if 'ansible_log_path' in CFG.settings: facts_env['ANSIBLE_LOG_PATH'] = CFG.settings['ansible_log_path'] diff --git a/utils/src/ooinstall/variants.py b/utils/src/ooinstall/variants.py index 1706b4165..6993794fe 100644 --- a/utils/src/ooinstall/variants.py +++ b/utils/src/ooinstall/variants.py @@ -11,12 +11,16 @@ to be specified by the user, and to point the generic variants to the latest version. """ +import logging +installer_log = logging.getLogger('installer') + class Version(object): - def __init__(self, name, ansible_key): + def __init__(self, name, ansible_key, subtype=''): self.name = name # i.e. 3.0, 3.1 self.ansible_key = ansible_key + self.subtype = subtype class Variant(object): @@ -35,20 +39,35 @@ class Variant(object): # WARNING: Keep the versions ordered, most recent first: OSE = Variant('openshift-enterprise', 'OpenShift Container Platform', - [ - Version('3.2', 'openshift-enterprise'), - ] + [ + Version('3.3', 'openshift-enterprise'), + ] +) + +REG = Variant('openshift-enterprise', 'Registry', + [ + Version('3.3', 'openshift-enterprise', 'registry'), + ] ) origin = Variant('origin', 'OpenShift Origin', - [ - Version('1.2', 'origin'), - ] + [ + Version('1.2', 'origin'), + ] +) + +LEGACY = Variant('openshift-enterprise', 'OpenShift Container Platform', + [ + Version('3.2', 'openshift-enterprise'), + Version('3.1', 'openshift-enterprise'), + Version('3.0', 'openshift-enterprise'), + ] ) # Ordered list of variants we can install, first is the default. -SUPPORTED_VARIANTS = (OSE, origin) -DISPLAY_VARIANTS = (OSE, ) +SUPPORTED_VARIANTS = (OSE, REG, origin, LEGACY) +DISPLAY_VARIANTS = (OSE, REG,) + def find_variant(name, version=None): """ @@ -67,6 +86,7 @@ def find_variant(name, version=None): return (None, None) + def get_variant_version_combos(): combos = [] for variant in DISPLAY_VARIANTS: diff --git a/utils/test-requirements.txt b/utils/test-requirements.txt new file mode 100644 index 000000000..f2216a177 --- /dev/null +++ b/utils/test-requirements.txt @@ -0,0 +1,11 @@ +enum +configparser +pylint +pep8 +nose +coverage +mock +flake8 +PyYAML +click +backports.functools_lru_cache diff --git a/utils/test/cli_installer_tests.py b/utils/test/cli_installer_tests.py index 3044a2449..6d9d443ff 100644 --- a/utils/test/cli_installer_tests.py +++ b/utils/test/cli_installer_tests.py @@ -101,8 +101,9 @@ MOCK_FACTS_QUICKHA = { # Missing connect_to on some hosts: BAD_CONFIG = """ variant: %s -ansible_ssh_user: root +version: v2 deployment: + ansible_ssh_user: root hosts: - connect_to: 10.0.0.1 ip: 10.0.0.1 @@ -132,8 +133,9 @@ deployment: QUICKHA_CONFIG = """ variant: %s -ansible_ssh_user: root +version: v2 deployment: + ansible_ssh_user: root hosts: - connect_to: 10.0.0.1 ip: 10.0.0.1 @@ -189,8 +191,9 @@ deployment: QUICKHA_2_MASTER_CONFIG = """ variant: %s -ansible_ssh_user: root +version: v2 deployment: + ansible_ssh_user: root hosts: - connect_to: 10.0.0.1 ip: 10.0.0.1 @@ -238,8 +241,9 @@ deployment: QUICKHA_CONFIG_REUSED_LB = """ variant: %s -ansible_ssh_user: root +version: v2 deployment: + ansible_ssh_user: root hosts: - connect_to: 10.0.0.1 ip: 10.0.0.1 @@ -281,8 +285,9 @@ deployment: QUICKHA_CONFIG_NO_LB = """ variant: %s -ansible_ssh_user: root +version: v2 deployment: + ansible_ssh_user: root hosts: - connect_to: 10.0.0.1 ip: 10.0.0.1 @@ -323,8 +328,9 @@ deployment: QUICKHA_CONFIG_PRECONFIGURED_LB = """ variant: %s -ansible_ssh_user: root +version: v2 deployment: + ansible_ssh_user: root hosts: - connect_to: 10.0.0.1 ip: 10.0.0.1 @@ -557,7 +563,7 @@ class UnattendedCliTests(OOCliFixture): self.assertEquals('openshift-enterprise', written_config['variant']) # We didn't specify a version so the latest should have been assumed, # and written to disk: - self.assertEquals('3.2', written_config['variant_version']) + self.assertEquals('3.3', written_config['variant_version']) # Make sure the correct value was passed to ansible: inventory = ConfigParser.ConfigParser(allow_no_value=True) @@ -573,7 +579,7 @@ class UnattendedCliTests(OOCliFixture): run_playbook_mock.return_value = 0 config = SAMPLE_CONFIG % 'openshift-enterprise' - config = '%s\n%s' % (config, 'variant_version: 3.2') + config = '%s\n%s' % (config, 'variant_version: 3.3') config_file = self.write_config(os.path.join(self.work_dir, 'ooinstall.conf'), config) @@ -586,7 +592,7 @@ class UnattendedCliTests(OOCliFixture): self.assertEquals('openshift-enterprise', written_config['variant']) # Make sure our older version was preserved: # and written to disk: - self.assertEquals('3.2', written_config['variant_version']) + self.assertEquals('3.3', written_config['variant_version']) inventory = ConfigParser.ConfigParser(allow_no_value=True) inventory.read(os.path.join(self.work_dir, 'hosts')) @@ -722,7 +728,7 @@ class UnattendedCliTests(OOCliFixture): # This is an invalid config: self.assert_result(result, 1) - self.assertTrue("A minimum of 3 Masters are required" in result.output) + self.assertTrue("A minimum of 3 masters are required" in result.output) #unattended with three masters, one node, but no load balancer specified: @patch('ooinstall.openshift_ansible.run_main_playbook') diff --git a/utils/test/fixture.py b/utils/test/fixture.py index 006df739b..a883e5c56 100644 --- a/utils/test/fixture.py +++ b/utils/test/fixture.py @@ -10,10 +10,11 @@ from click.testing import CliRunner # Substitute in a product name before use: SAMPLE_CONFIG = """ variant: %s -variant_version: 3.2 -ansible_ssh_user: root +variant_version: 3.3 master_routingconfig_subdomain: example.com +version: v2 deployment: + ansible_ssh_user: root hosts: - connect_to: 10.0.0.1 ip: 10.0.0.1 @@ -137,15 +138,19 @@ class OOCliFixture(OOInstallFixture): written_config = read_yaml(config_file) self._verify_config_hosts(written_config, exp_hosts_len) - self.assert_result(result, 0) - self._verify_load_facts(load_facts_mock) - self._verify_run_playbook(run_playbook_mock, exp_hosts_len, exp_hosts_to_run_on_len) - - # Make sure we ran on the expected masters and nodes: - hosts = run_playbook_mock.call_args[0][1] - hosts_to_run_on = run_playbook_mock.call_args[0][2] - self.assertEquals(exp_hosts_len, len(hosts)) - self.assertEquals(exp_hosts_to_run_on_len, len(hosts_to_run_on)) + if "Uninstalled" in result.output: + # verify we exited on seeing uninstalled hosts + self.assertEqual(result.exit_code, 1) + else: + self.assert_result(result, 0) + self._verify_load_facts(load_facts_mock) + self._verify_run_playbook(run_playbook_mock, exp_hosts_len, exp_hosts_to_run_on_len) + + # Make sure we ran on the expected masters and nodes: + hosts = run_playbook_mock.call_args[0][1] + hosts_to_run_on = run_playbook_mock.call_args[0][2] + self.assertEquals(exp_hosts_len, len(hosts)) + self.assertEquals(exp_hosts_to_run_on_len, len(hosts_to_run_on)) #pylint: disable=too-many-arguments,too-many-branches,too-many-statements diff --git a/utils/test/oo_config_tests.py b/utils/test/oo_config_tests.py index c19fe9e0d..b5068cc14 100644 --- a/utils/test/oo_config_tests.py +++ b/utils/test/oo_config_tests.py @@ -12,9 +12,10 @@ from ooinstall.oo_config import OOConfig, Host, OOConfigInvalidHostError SAMPLE_CONFIG = """ variant: openshift-enterprise -variant_version: 3.2 -ansible_ssh_user: root +variant_version: 3.3 +version: v2 deployment: + ansible_ssh_user: root hosts: - connect_to: master-private.example.com ip: 10.0.0.1 @@ -43,28 +44,11 @@ deployment: node: """ -# Used to test automatic upgrading of config: -LEGACY_CONFIG = """ -Description: This is the configuration file for the OpenShift Ansible-Based Installer. -Name: OpenShift Ansible-Based Installer Configuration -Subscription: {type: none} -Vendor: OpenShift Community -Version: 0.0.1 -ansible_config: /tmp/notreal/ansible.cfg -ansible_inventory_directory: /tmp/notreal/.config/openshift/.ansible -ansible_log_path: /tmp/ansible.log -ansible_plugins_directory: /tmp/notreal/.python-eggs/ooinstall-3.0.0-py2.7.egg-tmp/ooinstall/ansible_plugins -masters: [10.0.0.1] -nodes: [10.0.0.2, 10.0.0.3] -validated_facts: - 10.0.0.1: {hostname: master-private.example.com, ip: 10.0.0.1, public_hostname: master.example.com, public_ip: 24.222.0.1} - 10.0.0.2: {hostname: node1-private.example.com, ip: 10.0.0.2, public_hostname: node1.example.com, public_ip: 24.222.0.2} - 10.0.0.3: {hostname: node2-private.example.com, ip: 10.0.0.3, public_hostname: node2.example.com, public_ip: 24.222.0.3} -""" - CONFIG_INCOMPLETE_FACTS = """ +version: v2 deployment: + ansible_ssh_user: root hosts: - connect_to: 10.0.0.1 ip: 10.0.0.1 @@ -90,8 +74,9 @@ deployment: CONFIG_BAD = """ variant: openshift-enterprise -ansible_ssh_user: root +version: v2 deployment: + ansible_ssh_user: root hosts: - connect_to: master-private.example.com ip: 10.0.0.1 @@ -212,7 +197,7 @@ class OOConfigTests(OOInstallFixture): self.assertTrue('hostname' in h) self.assertTrue('public_hostname' in h) - self.assertTrue('ansible_ssh_user' in written_config) + self.assertTrue('ansible_ssh_user' in written_config['deployment']) self.assertTrue('variant' in written_config) self.assertEquals('v2', written_config['version']) |