diff options
Diffstat (limited to 'roles')
383 files changed, 68842 insertions, 1651 deletions
diff --git a/roles/cockpit/meta/main.yml b/roles/cockpit/meta/main.yml index 43047902d..0f507e75e 100644 --- a/roles/cockpit/meta/main.yml +++ b/roles/cockpit/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: Deploy and Enable cockpit-ws plus optional plugins company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.7 + min_ansible_version: 2.2 platforms: - name: EL versions: diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml index 681029332..bddad778f 100644 --- a/roles/cockpit/tasks/main.yml +++ b/roles/cockpit/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install cockpit-ws - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + package: name={{ item }} state=present with_items: - cockpit-ws - cockpit-shell @@ -10,7 +10,7 @@ when: not openshift.common.is_containerized | bool - name: Enable cockpit-ws - service: + systemd: name: cockpit.socket enabled: true state: started diff --git a/roles/dns/README.md b/roles/dns/README.md index 7e0140772..9a88ce97c 100644 --- a/roles/dns/README.md +++ b/roles/dns/README.md @@ -6,7 +6,7 @@ Configure a DNS server serving IPs of all the nodes of the cluster Requirements ------------ -None +Ansible 2.2 Role Variables -------------- diff --git a/roles/dns/handlers/main.yml b/roles/dns/handlers/main.yml index ef101785e..61fd7a10e 100644 --- a/roles/dns/handlers/main.yml +++ b/roles/dns/handlers/main.yml @@ -1,4 +1,5 @@ +--- - name: restart bind - service: + systemd: name: named state: restarted diff --git a/roles/dns/meta/main.yml b/roles/dns/meta/main.yml index 048274c49..64d56114e 100644 --- a/roles/dns/meta/main.yml +++ b/roles/dns/meta/main.yml @@ -4,5 +4,6 @@ galaxy_info: description: Deploy and configure a DNS server company: Amadeus SAS license: ASL 2.0 + min_ansible_version: 2.2 dependencies: - { role: openshift_facts } diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index 57a7e6269..c5ab53b4d 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -1,5 +1,6 @@ +--- - name: Install Bind - action: "{{ ansible_pkg_mgr }} name=bind" + package: name=bind state=present when: not openshift.common.is_containerized | bool - name: Create docker build dir @@ -10,7 +11,6 @@ template: dest: "/tmp/dockerbuild/Dockerfile" src: Dockerfile - register: install_result when: openshift.common.is_containerized | bool - name: Build Bind image @@ -21,13 +21,8 @@ template: dest: "/etc/systemd/system/named.service" src: named.service.j2 - register: install_result when: openshift.common.is_containerized | bool -- name: reload systemd - command: /usr/bin/systemctl --system daemon-reload - when: openshift.common.is_containerized | bool and install_result | changed - - name: Create bind zone dir file: path=/var/named state=directory when: openshift.common.is_containerized | bool @@ -44,7 +39,8 @@ notify: restart bind - name: Enable Bind - service: + systemd: name: named state: started enabled: yes + daemon_reload: yes diff --git a/roles/docker/README.md b/roles/docker/README.md index 6b5ee4421..ea06fd41a 100644 --- a/roles/docker/README.md +++ b/roles/docker/README.md @@ -6,7 +6,7 @@ Ensures docker package is installed, and optionally raises timeout for systemd-u Requirements ------------ -None +Ansible 2.2 Role Variables -------------- @@ -17,7 +17,7 @@ docker_udev_workaround: raises udevd timeout to 5 minutes (https://bugzilla.redh Dependencies ------------ -None +Depends on the os_firewall role. Example Playbook ---------------- diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index aff905bc8..9ccb306fc 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,12 +1,13 @@ --- - name: restart docker - service: + systemd: name: docker state: restarted when: not docker_service_status_changed | default(false) | bool - name: restart udev - service: + systemd: name: systemd-udevd state: restarted + daemon_reload: yes diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml index 6e2c98601..ad28cece9 100644 --- a/roles/docker/meta/main.yml +++ b/roles/docker/meta/main.yml @@ -4,9 +4,10 @@ galaxy_info: description: docker package install company: Red Hat, Inc license: ASL 2.0 - min_ansible_version: 1.2 + min_ansible_version: 2.2 platforms: - name: EL versions: - 7 -dependencies: [] +dependencies: +- role: os_firewall diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 7147aa2d4..a8935370a 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,7 +1,4 @@ --- -- stat: path=/etc/sysconfig/docker-storage - register: docker_storage_check - - name: Get current installed Docker version command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker" when: not openshift.common.is_atomic | bool @@ -18,14 +15,6 @@ msg: "Docker {{ docker_version }} requested, but >= 1.9.1 is required." when: docker_version is defined and docker_version | version_compare('1.9.1', '<') -- name: Get latest available version of Docker - command: > - {{ repoquery_cmd }} --qf '%{version}' "docker" - register: avail_docker_version - failed_when: false - changed_when: false - when: docker_version is defined and not openshift.common.is_atomic | bool - # If a docker_version was requested, sanity check that we can install or upgrade to it, and # no downgrade is required. - name: Fail if Docker version requested but downgrade is required @@ -43,18 +32,21 @@ # Make sure Docker is installed, but does not update a running version. # Docker upgrades are handled by a separate playbook. - name: Install Docker - action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present" + package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present when: not openshift.common.is_atomic | bool -- name: Start the Docker service - service: - name: docker - enabled: yes - state: started - register: start_result +- block: + # Extend the default Docker service unit file when using iptables-services + - name: Ensure docker.service.d directory exists + file: + path: "{{ docker_systemd_dir }}" + state: directory -- set_fact: - docker_service_status_changed: start_result | changed + - name: Configure Docker service unit file + template: + dest: "{{ docker_systemd_dir }}/custom.conf" + src: custom.conf.j2 + when: not os_firewall_use_firewalld | default(True) | bool - include: udev_workaround.yml when: docker_udev_workaround | default(False) | bool @@ -88,16 +80,16 @@ line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val }}'" state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}" with_items: - - reg_conf_var: HTTP_PROXY - reg_fact_val: "{{ docker_http_proxy | default('') }}" - - reg_conf_var: HTTPS_PROXY - reg_fact_val: "{{ docker_https_proxy | default('') }}" - - reg_conf_var: NO_PROXY - reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}" + - reg_conf_var: HTTP_PROXY + reg_fact_val: "{{ docker_http_proxy | default('') }}" + - reg_conf_var: HTTPS_PROXY + reg_fact_val: "{{ docker_https_proxy | default('') }}" + - reg_conf_var: NO_PROXY + reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}" notify: - - restart docker + - restart docker when: - - docker_check.stat.isreg is defined and docker_check.stat.isreg and '"http_proxy" in openshift.common or "https_proxy" in openshift.common' + - docker_check.stat.isreg is defined and docker_check.stat.isreg and '"http_proxy" in openshift.common or "https_proxy" in openshift.common' - name: Set various Docker options lineinfile: @@ -111,6 +103,17 @@ {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'" when: docker_check.stat.isreg is defined and docker_check.stat.isreg notify: - - restart docker + - restart docker + +- name: Start the Docker service + systemd: + name: docker + enabled: yes + state: started + daemon_reload: yes + register: start_result + +- set_fact: + docker_service_status_changed: start_result | changed - meta: flush_handlers diff --git a/roles/docker/tasks/udev_workaround.yml b/roles/docker/tasks/udev_workaround.yml index aa7af0cb3..257c3123d 100644 --- a/roles/docker/tasks/udev_workaround.yml +++ b/roles/docker/tasks/udev_workaround.yml @@ -21,10 +21,4 @@ owner: root mode: "0644" notify: - - restart udev - register: udevw_override_conf - -- name: reload systemd config files - command: systemctl daemon-reload - when: udevw_override_conf | changed - + - restart udev diff --git a/roles/docker/templates/custom.conf.j2 b/roles/docker/templates/custom.conf.j2 new file mode 100644 index 000000000..53ed56abc --- /dev/null +++ b/roles/docker/templates/custom.conf.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +[Unit] +Requires=iptables.service +After=iptables.service diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml index f81f99e2b..5237ed8f2 100644 --- a/roles/docker/vars/main.yml +++ b/roles/docker/vars/main.yml @@ -1,2 +1,3 @@ --- udevw_udevd_dir: /etc/systemd/system/systemd-udevd.service.d +docker_systemd_dir: /etc/systemd/system/docker.service.d diff --git a/roles/etcd/README.md b/roles/etcd/README.md index 329a926c0..c936dbabc 100644 --- a/roles/etcd/README.md +++ b/roles/etcd/README.md @@ -6,7 +6,8 @@ Configures an etcd cluster for an arbitrary number of hosts Requirements ------------ -This role assumes it's being deployed on a RHEL/Fedora based host with package +* Ansible 2.2 +* This role assumes it's being deployed on a RHEL/Fedora based host with package named 'etcd' available via yum or dnf (conditionally). Role Variables diff --git a/roles/etcd/etcdctl.sh b/roles/etcd/etcdctl.sh new file mode 100644 index 000000000..0e324a8a9 --- /dev/null +++ b/roles/etcd/etcdctl.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Sets up handy aliases for etcd, need etcdctl2 and etcdctl3 because +# command flags are different between the two. Should work on stand +# alone etcd hosts and master + etcd hosts too because we use the peer keys. +etcdctl2() { + /usr/bin/etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt -C https://`hostname`:2379 ${@} +} + +etcdctl3() { + ETCDCTL_API=3 /usr/bin/etcdctl --cert /etc/etcd/peer.crt --key /etc/etcd/peer.key --cacert /etc/etcd/ca.crt --endpoints https://`hostname`:2379 ${@} +} diff --git a/roles/etcd/files/etcdctl.sh b/roles/etcd/files/etcdctl.sh new file mode 100644 index 000000000..0e324a8a9 --- /dev/null +++ b/roles/etcd/files/etcdctl.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Sets up handy aliases for etcd, need etcdctl2 and etcdctl3 because +# command flags are different between the two. Should work on stand +# alone etcd hosts and master + etcd hosts too because we use the peer keys. +etcdctl2() { + /usr/bin/etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt -C https://`hostname`:2379 ${@} +} + +etcdctl3() { + ETCDCTL_API=3 /usr/bin/etcdctl --cert /etc/etcd/peer.crt --key /etc/etcd/peer.key --cacert /etc/etcd/ca.crt --endpoints https://`hostname`:2379 ${@} +} diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml index e00e1cac4..95076b19e 100644 --- a/roles/etcd/handlers/main.yml +++ b/roles/etcd/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: restart etcd - service: name={{ etcd_service }} state=restarted + systemd: name={{ etcd_service }} state=restarted when: not (etcd_service_status_changed | default(false) | bool) diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml index cfd72dfbc..532f9e313 100644 --- a/roles/etcd/meta/main.yml +++ b/roles/etcd/meta/main.yml @@ -7,7 +7,7 @@ galaxy_info: description: etcd management company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 2.1 + min_ansible_version: 2.2 platforms: - name: EL versions: diff --git a/roles/etcd/tasks/etcdctl.yml b/roles/etcd/tasks/etcdctl.yml new file mode 100644 index 000000000..bb6fabf64 --- /dev/null +++ b/roles/etcd/tasks/etcdctl.yml @@ -0,0 +1,12 @@ +--- +- name: Install etcd for etcdctl + package: name=etcd state=present + when: not openshift.common.is_atomic | bool + +- name: Configure etcd profile.d alises + copy: + src: etcdctl.sh + dest: /etc/profile.d/etcdctl.sh + mode: 0755 + owner: root + group: root diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 2bc6a8678..41f25be70 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -7,7 +7,7 @@ etcd_ip: "{{ etcd_ip }}" - name: Install etcd - action: "{{ ansible_pkg_mgr }} name=etcd state=present" + package: name=etcd state=present when: not etcd_is_containerized | bool - name: Pull etcd container @@ -20,36 +20,25 @@ template: dest: "/etc/systemd/system/etcd_container.service" src: etcd.docker.service - register: install_etcd_result when: etcd_is_containerized | bool -- name: Ensure etcd datadir exists - when: etcd_is_containerized | bool +- name: Ensure etcd datadir exists when containerized file: path: "{{ etcd_data_dir }}" state: directory mode: 0700 - -- name: Check for etcd service presence - command: systemctl show etcd.service - register: etcd_show - changed_when: false - failed_when: false + when: etcd_is_containerized | bool - name: Disable system etcd when containerized - when: etcd_is_containerized | bool and etcd_show.rc == 0 and 'LoadState=not-found' not in etcd_show.stdout - service: + systemd: name: etcd state: stopped enabled: no - -- name: Mask system etcd when containerized - when: etcd_is_containerized | bool and etcd_show.rc == 0 and 'LoadState=not-found' not in etcd_show.stdout - command: systemctl mask etcd - -- name: Reload systemd units - command: systemctl daemon-reload - when: etcd_is_containerized | bool and ( install_etcd_result | changed ) + masked: yes + daemon_reload: yes + when: etcd_is_containerized | bool + register: task_result + failed_when: "task_result|failed and 'could not' not in task_result.msg|lower" - name: Validate permissions on the config dir file: @@ -68,11 +57,15 @@ - restart etcd - name: Enable etcd - service: + systemd: name: "{{ etcd_service }}" state: started enabled: yes register: start_result -- set_fact: +- include: etcdctl.yml + when: openshift_etcd_etcdctl_profile | default(true) | bool + +- name: Set fact etcd_service_status_changed + set_fact: etcd_service_status_changed: "{{ start_result | changed }}" diff --git a/roles/etcd/templates/etcd.docker.service b/roles/etcd/templates/etcd.docker.service index cf957ede8..ae059b549 100644 --- a/roles/etcd/templates/etcd.docker.service +++ b/roles/etcd/templates/etcd.docker.service @@ -7,7 +7,7 @@ PartOf=docker.service [Service] EnvironmentFile=/etc/etcd/etcd.conf ExecStartPre=-/usr/bin/docker rm -f {{ etcd_service }} -ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:z --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} +ExecStart=/usr/bin/docker run --name {{ etcd_service }} --rm -v /var/lib/etcd:/var/lib/etcd:z -v /etc/etcd:/etc/etcd:ro --env-file=/etc/etcd/etcd.conf --net=host --entrypoint=/usr/bin/etcd {{ openshift.etcd.etcd_image }} ExecStop=/usr/bin/docker stop {{ etcd_service }} SyslogIdentifier=etcd_container Restart=always diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd_ca/tasks/main.yml index 4e68bc962..c4d5efa14 100644 --- a/roles/etcd_ca/tasks/main.yml +++ b/roles/etcd_ca/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install openssl - action: "{{ ansible_pkg_mgr }} name=openssl state=present" + package: name=openssl state=present when: not etcd_is_atomic | bool delegate_to: "{{ etcd_ca_host }}" run_once: true diff --git a/roles/etcd_common/library/delegated_serial_command.py b/roles/etcd_common/library/delegated_serial_command.py index 84d4f97c2..0cab1ca88 100755 --- a/roles/etcd_common/library/delegated_serial_command.py +++ b/roles/etcd_common/library/delegated_serial_command.py @@ -24,12 +24,9 @@ ''' delegated_serial_command ''' -import copy -import sys import datetime +import errno import glob -import traceback -import re import shlex import os import fcntl @@ -133,6 +130,7 @@ OPTIONS = {'chdir': None, 'lockfile': None, 'timeout': None} + def check_command(commandline): ''' Check provided command ''' arguments = {'chown': 'owner', 'chmod': 'mode', 'chgrp': 'group', @@ -160,7 +158,7 @@ def check_command(commandline): # pylint: disable=too-many-statements,too-many-branches,too-many-locals def main(): ''' Main module function ''' - module = AnsibleModule( + module = AnsibleModule( # noqa: F405 argument_spec=dict( _uses_shell=dict(type='bool', default=False), command=dict(required=True), @@ -220,9 +218,9 @@ def main(): ) if removes: - # do not run the command if the line contains removes=filename - # and the filename does not exist. This allows idempotence - # of command executions. + # do not run the command if the line contains removes=filename + # and the filename does not exist. This allows idempotence + # of command executions. path = os.path.expanduser(removes) if not glob.glob(path): module.exit_json( @@ -268,7 +266,9 @@ def main(): iterated=iterated ) + # import module snippets -from ansible.module_utils.basic import * +# pylint: disable=wrong-import-position +from ansible.module_utils.basic import * # noqa: F402,F403 main() diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml index d66a0a7bf..b0fd117ed 100644 --- a/roles/etcd_server_certificates/tasks/main.yml +++ b/roles/etcd_server_certificates/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install etcd - action: "{{ ansible_pkg_mgr }} name=etcd state=present" + package: name=etcd state=present when: not etcd_is_containerized | bool - name: Check status of etcd certificates diff --git a/roles/flannel/README.md b/roles/flannel/README.md index 84e2c5c49..0c7347603 100644 --- a/roles/flannel/README.md +++ b/roles/flannel/README.md @@ -6,7 +6,8 @@ Configure flannel on openshift nodes Requirements ------------ -This role assumes it's being deployed on a RHEL/Fedora based host with package +* Ansible 2.2 +* This role assumes it's being deployed on a RHEL/Fedora based host with package named 'flannel' available via yum or dnf (conditionally), in version superior to 0.3. diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml index 981ea5c7a..94d1d18fb 100644 --- a/roles/flannel/handlers/main.yml +++ b/roles/flannel/handlers/main.yml @@ -1,8 +1,8 @@ --- - name: restart flanneld become: yes - service: name=flanneld state=restarted + systemd: name=flanneld state=restarted - name: restart docker become: yes - service: name=docker state=restarted + systemd: name=docker state=restarted diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml index 616ae61d2..35f825586 100644 --- a/roles/flannel/meta/main.yml +++ b/roles/flannel/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: flannel management company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 2.1 + min_ansible_version: 2.2 platforms: - name: EL versions: diff --git a/roles/flannel/tasks/main.yml b/roles/flannel/tasks/main.yml index bf400cfe8..3a8945a82 100644 --- a/roles/flannel/tasks/main.yml +++ b/roles/flannel/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Install flannel become: yes - action: "{{ ansible_pkg_mgr }} name=flannel state=present" + package: name=flannel state=present when: not openshift.common.is_atomic | bool - name: Set flannel etcd options @@ -27,7 +27,7 @@ - name: Enable flanneld become: yes - service: + systemd: name: flanneld state: started enabled: yes diff --git a/roles/flannel_register/defaults/main.yaml b/roles/flannel_register/defaults/main.yaml index b1279aa88..ddf8230ec 100644 --- a/roles/flannel_register/defaults/main.yaml +++ b/roles/flannel_register/defaults/main.yaml @@ -8,4 +8,3 @@ etcd_conf_dir: "{{ openshift.common.config_base }}/master" etcd_peer_ca_file: "{{ etcd_conf_dir + '/ca.crt' if (openshift.master.embedded_etcd | bool) else etcd_conf_dir + '/master.etcd-ca.crt' }}" etcd_peer_cert_file: "{{ etcd_conf_dir }}/master.etcd-client.crt" etcd_peer_key_file: "{{ etcd_conf_dir }}/master.etcd-client.key" - diff --git a/roles/kube_nfs_volumes/README.md b/roles/kube_nfs_volumes/README.md index dd91ad8b1..8cf7c0cd4 100644 --- a/roles/kube_nfs_volumes/README.md +++ b/roles/kube_nfs_volumes/README.md @@ -11,8 +11,8 @@ system) on the disks! ## Requirements +* Ansible 2.2 * Running Kubernetes with NFS persistent volume support (on a remote machine). - * Works only on RHEL/Fedora-like distros. ## Role Variables diff --git a/roles/kube_nfs_volumes/handlers/main.yml b/roles/kube_nfs_volumes/handlers/main.yml index 52f3ceffe..9ce8b783d 100644 --- a/roles/kube_nfs_volumes/handlers/main.yml +++ b/roles/kube_nfs_volumes/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: restart nfs - service: name=nfs-server state=restarted + systemd: name=nfs-server state=restarted diff --git a/roles/kube_nfs_volumes/library/partitionpool.py b/roles/kube_nfs_volumes/library/partitionpool.py index 9bd3228c1..1857433c7 100644 --- a/roles/kube_nfs_volumes/library/partitionpool.py +++ b/roles/kube_nfs_volumes/library/partitionpool.py @@ -3,6 +3,8 @@ Ansible module for partitioning. """ +from __future__ import print_function + # There is no pyparted on our Jenkins worker # pylint: disable=import-error import parted @@ -52,7 +54,7 @@ options: partitions. On 1 TiB disk, 10 partitions will be created. - Example 2: size=100G:1,10G:1 says that ratio of space occupied by 100 GiB - partitions and 10 GiB partitions is 1:1. Therefore, on 1 TiB disk, 500 GiB + partitions and 10 GiB partitions is 1:1. Therefore, on 1 TiB disk, 500 GiB will be split into five 100 GiB partition and 500 GiB will be split into fifty 10GiB partitions. - size=100G:1,10G:1 = 5x 100 GiB and 50x 10 GiB partitions (on 1 TiB disk). @@ -73,7 +75,7 @@ options: and eight 50 GiB partitions (again, 400 GiB). - size=200G:1,100G:1,50G:1 = 1x 200 GiB, 4x 100 GiB and 8x 50 GiB partitions (on 1 TiB disk). - + force: description: - If True, it will always overwite partition table on the disk and create new one. @@ -81,6 +83,7 @@ options: """ + # It's not class, it's more a simple struct with almost no functionality. # pylint: disable=too-few-public-methods class PartitionSpec(object): @@ -98,6 +101,7 @@ class PartitionSpec(object): """ Set count of parititions of this specification. """ self.count = count + def assign_space(total_size, specs): """ Satisfy all the PartitionSpecs according to their weight. @@ -113,6 +117,7 @@ def assign_space(total_size, specs): total_size -= num_blocks * spec.size total_weight -= spec.weight + def partition(diskname, specs, force=False, check_mode=False): """ Create requested partitions. @@ -128,7 +133,7 @@ def partition(diskname, specs, force=False, check_mode=False): disk = None if disk and len(disk.partitions) > 0 and not force: - print "skipping", diskname + print("skipping", diskname) return 0 # create new partition table, wiping all existing data @@ -161,16 +166,17 @@ def partition(diskname, specs, force=False, check_mode=False): pass return count + def parse_spec(text): """ Parse string with partition specification. """ tokens = text.split(",") specs = [] for token in tokens: - if not ":" in token: + if ":" not in token: token += ":1" (sizespec, weight) = token.split(':') - weight = float(weight) # throws exception with reasonable error string + weight = float(weight) # throws exception with reasonable error string units = {"m": 1, "g": 1 << 10, "t": 1 << 20, "p": 1 << 30} unit = units.get(sizespec[-1].lower(), None) @@ -184,6 +190,7 @@ def parse_spec(text): specs.append(spec) return specs + def get_partitions(diskpath): """ Return array of partition names for given disk """ dev = parted.getDevice(diskpath) @@ -198,7 +205,7 @@ def get_partitions(diskpath): def main(): """ Ansible module main method. """ - module = AnsibleModule( + module = AnsibleModule( # noqa: F405 argument_spec=dict( disks=dict(required=True, type='str'), force=dict(required=False, default="no", type='bool'), @@ -215,7 +222,7 @@ def main(): try: specs = parse_spec(sizes) - except ValueError, ex: + except ValueError as ex: err = "Error parsing sizes=" + sizes + ": " + str(ex) module.fail_json(msg=err) @@ -224,17 +231,17 @@ def main(): for disk in disks.split(","): try: changed_count += partition(disk, specs, force, module.check_mode) - except Exception, ex: + except Exception as ex: err = "Error creating partitions on " + disk + ": " + str(ex) raise - #module.fail_json(msg=err) + # module.fail_json(msg=err) partitions += get_partitions(disk) module.exit_json(changed=(changed_count > 0), ansible_facts={"partition_pool": partitions}) + # ignore pylint errors related to the module_utils import -# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, wrong-import-order, wrong-import-position # import module snippets -from ansible.module_utils.basic import * +from ansible.module_utils.basic import * # noqa: E402,F403 main() - diff --git a/roles/kube_nfs_volumes/meta/main.yml b/roles/kube_nfs_volumes/meta/main.yml index dc4ccdfee..7ed028138 100644 --- a/roles/kube_nfs_volumes/meta/main.yml +++ b/roles/kube_nfs_volumes/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: Partition disks and use them as Kubernetes NFS physical volumes. company: Red Hat, Inc. license: license (Apache) - min_ansible_version: 1.4 + min_ansible_version: 2.2 platforms: - name: EL versions: @@ -13,5 +13,5 @@ galaxy_info: versions: - all categories: - - cloud + - cloud dependencies: [] diff --git a/roles/kube_nfs_volumes/tasks/main.yml b/roles/kube_nfs_volumes/tasks/main.yml index 5eff30f6f..67f709c8c 100644 --- a/roles/kube_nfs_volumes/tasks/main.yml +++ b/roles/kube_nfs_volumes/tasks/main.yml @@ -4,7 +4,10 @@ when: openshift.common.is_atomic | bool - name: Install pyparted (RedHat/Fedora) - action: "{{ ansible_pkg_mgr }} name=pyparted,python-httplib2 state=present" + package: name={{ item }} state=present + with_items: + - pyparted + - python-httplib2 when: not openshift.common.is_containerized | bool - name: partition the drives diff --git a/roles/kube_nfs_volumes/tasks/nfs.yml b/roles/kube_nfs_volumes/tasks/nfs.yml index 474ec69e5..9eeff9260 100644 --- a/roles/kube_nfs_volumes/tasks/nfs.yml +++ b/roles/kube_nfs_volumes/tasks/nfs.yml @@ -1,13 +1,19 @@ --- - name: Install NFS server - action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" + package: name=nfs-utils state=present when: not openshift.common.is_containerized | bool - name: Start rpcbind on Fedora/Red Hat - service: name=rpcbind state=started enabled=yes + systemd: + name: rpcbind + state: started + enabled: yes - name: Start nfs on Fedora/Red Hat - service: name=nfs-server state=started enabled=yes + systemd: + name: nfs-server + state: started + enabled: yes - name: Export the directories lineinfile: dest=/etc/exports diff --git a/roles/lib_utils/library/yedit.py b/roles/lib_utils/library/yedit.py new file mode 100644 index 000000000..fb545c7c8 --- /dev/null +++ b/roles/lib_utils/library/yedit.py @@ -0,0 +1,766 @@ +#!/usr/bin/env python +# pylint: disable=missing-docstring +# ___ ___ _ _ ___ ___ _ _____ ___ ___ +# / __| __| \| | __| _ \ /_\_ _| __| \ +# | (_ | _|| .` | _|| / / _ \| | | _|| |) | +# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ +# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _| +# | |) | (_) | | .` | (_) || | | _|| |) | | | | +# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_| +# +# Copyright 2016 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +# pylint: disable=wrong-import-order +import json +import os +import re +# pylint: disable=import-error +import ruamel.yaml as yaml +import shutil +from ansible.module_utils.basic import AnsibleModule + +DOCUMENTATION = ''' +--- +module: yedit +short_description: Create, modify, and idempotently manage yaml files. +description: + - Modify yaml files programmatically. +options: + state: + description: + - State represents whether to create, modify, delete, or list yaml + required: true + default: present + choices: ["present", "absent", "list"] + aliases: [] + debug: + description: + - Turn on debug information. + required: false + default: false + aliases: [] + src: + description: + - The file that is the target of the modifications. + required: false + default: None + aliases: [] + content: + description: + - Content represents the yaml content you desire to work with. This + - could be the file contents to write or the inmemory data to modify. + required: false + default: None + aliases: [] + content_type: + description: + - The python type of the content parameter. + required: false + default: 'dict' + aliases: [] + key: + description: + - The path to the value you wish to modify. Emtpy string means the top of + - the document. + required: false + default: '' + aliases: [] + value: + description: + - The incoming value of parameter 'key'. + required: false + default: + aliases: [] + value_type: + description: + - The python type of the incoming value. + required: false + default: '' + aliases: [] + update: + description: + - Whether the update should be performed on a dict/hash or list/array + - object. + required: false + default: false + aliases: [] + append: + description: + - Whether to append to an array/list. When the key does not exist or is + - null, a new array is created. When the key is of a non-list type, + - nothing is done. + required: false + default: false + aliases: [] + index: + description: + - Used in conjunction with the update parameter. This will update a + - specific index in an array/list. + required: false + default: false + aliases: [] + curr_value: + description: + - Used in conjunction with the update parameter. This is the current + - value of 'key' in the yaml file. + required: false + default: false + aliases: [] + curr_value_format: + description: + - Format of the incoming current value. + choices: ["yaml", "json", "str"] + required: false + default: false + aliases: [] + backup: + description: + - Whether to make a backup copy of the current file when performing an + - edit. + required: false + default: true + aliases: [] +author: +- "Kenny Woodson <kwoodson@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +# Simple insert of key, value +- name: insert simple key, value + yedit: + src: somefile.yml + key: test + value: somevalue + state: present +# Results: +# test: somevalue + +# Multilevel insert of key, value +- name: insert simple key, value + yedit: + src: somefile.yml + key: a#b#c + value: d + state: present +# Results: +# a: +# b: +# c: d +''' + + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + + +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)" + com_sep = set(['.', '#', '|', ':']) + + # pylint: disable=too-many-arguments + def __init__(self, + filename=None, + content=None, + content_type='yaml', + separator='.', + backup=False): + self.content = content + self._separator = separator + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + self.backup = backup + self.load(content_type=self.content_type) + if self.__yaml_dict is None: + self.__yaml_dict = {} + + @property + def separator(self): + ''' getter method for yaml_dict ''' + return self._separator + + @separator.setter + def separator(self): + ''' getter method for yaml_dict ''' + return self._separator + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def parse_key(key, sep='.'): + '''parse the key allowing the appropriate separator''' + common_separators = list(Yedit.com_sep - set([sep])) + return re.findall(Yedit.re_key % ''.join(common_separators), key) + + @staticmethod + def valid_key(key, sep='.'): + '''validate the incoming key''' + common_separators = list(Yedit.com_sep - set([sep])) + if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + return False + + return True + + @staticmethod + def remove_entry(data, key, sep='.'): + ''' remove data at location key ''' + if key == '' and isinstance(data, dict): + data.clear() + return True + elif key == '' and isinstance(data, list): + del data[:] + return True + + if not (key and Yedit.valid_key(key, sep)) and \ + isinstance(data, (list, dict)): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a#b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501 + data = data[dict_key] + continue + + elif data and not isinstance(data, dict): + return None + + data[dict_key] = {} + data = data[dict_key] + + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + if key == '': + data = item + + # process last index for add + # expected list entry + elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + return data + + @staticmethod + def get_entry(data, key, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + return data + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + if self.backup and self.file_exists(): + shutil.copy(self.filename, self.filename + '.orig') + + tmp_filename = self.filename + '.yedit' + with open(tmp_filename, 'w') as yfd: + # pylint: disable=no-member + if hasattr(self.yaml_dict, 'fa'): + self.yaml_dict.fa.set_block_style() + + yfd.write(yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper)) + + os.rename(tmp_filename, self.filename) + + return (True, self.yaml_dict) + + def read(self): + ''' read from file ''' + # check if it exists + if self.filename is None or not self.file_exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def file_exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents and not self.content: + return None + + if self.content: + if isinstance(self.content, dict): + self.yaml_dict = self.content + return self.yaml_dict + elif isinstance(self.content, str): + contents = self.content + + # check if it is yaml + try: + if content_type == 'yaml' and contents: + self.yaml_dict = yaml.load(contents, yaml.RoundTripLoader) + # pylint: disable=no-member + if hasattr(self.yaml_dict, 'fa'): + self.yaml_dict.fa.set_block_style() + elif content_type == 'json' and contents: + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as err: + # Error loading yaml or json + raise YeditException('Problem with loading yaml file. %s' % err) + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key, self.separator) + except KeyError: + entry = None + + return entry + + def pop(self, path, key_or_item): + ''' remove a key, value pair from a dict or an item for a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + if isinstance(entry, dict): + # pylint: disable=no-member,maybe-no-member + if key_or_item in entry: + entry.pop(key_or_item) + return (True, self.yaml_dict) + return (False, self.yaml_dict) + + elif isinstance(entry, list): + # pylint: disable=no-member,maybe-no-member + ind = None + try: + ind = entry.index(key_or_item) + except ValueError: + return (False, self.yaml_dict) + + entry.pop(ind) + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + def delete(self, path): + ''' remove path from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, path, self.separator) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def exists(self, path, value): + ''' check if value exists at path''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, list): + if value in entry: + return True + return False + + elif isinstance(entry, dict): + if isinstance(value, dict): + rval = False + for key, val in value.items(): + if entry[key] != val: + rval = False + break + else: + rval = True + return rval + + return value in entry + + return entry == value + + def append(self, path, value): + '''append value to a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + self.put(path, []) + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + if not isinstance(entry, list): + return (False, self.yaml_dict) + + # pylint: disable=no-member,maybe-no-member + entry.append(value) + return (True, self.yaml_dict) + + # pylint: disable=too-many-arguments + def update(self, path, value, index=None, curr_value=None): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, dict): + # pylint: disable=no-member,maybe-no-member + if not isinstance(value, dict): + raise YeditException('Cannot replace key, value entry in ' + + 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + + entry.update(value) + return (True, self.yaml_dict) + + elif isinstance(entry, list): + # pylint: disable=no-member,maybe-no-member + ind = None + if curr_value: + try: + ind = entry.index(curr_value) + except ValueError: + return (False, self.yaml_dict) + + elif index is not None: + ind = index + + if ind is not None and entry[ind] != value: + entry[ind] = value + return (True, self.yaml_dict) + + # see if it exists in the list + try: + ind = entry.index(value) + except ValueError: + # doesn't exist, append it + entry.append(value) + return (True, self.yaml_dict) + + # already exists, return + if ind is not None: + return (False, self.yaml_dict) + return (False, self.yaml_dict) + + def put(self, path, value): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + # deepcopy didn't work + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, + default_flow_style=False), + yaml.RoundTripLoader) + # pylint: disable=no-member + if hasattr(self.yaml_dict, 'fa'): + tmp_copy.fa.set_block_style() + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if not result: + return (False, self.yaml_dict) + + self.yaml_dict = tmp_copy + + return (True, self.yaml_dict) + + def create(self, path, value): + ''' create a yaml file ''' + if not self.file_exists(): + # deepcopy didn't work + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, default_flow_style=False), # noqa: E501 + yaml.RoundTripLoader) + # pylint: disable=no-member + if hasattr(self.yaml_dict, 'fa'): + tmp_copy.fa.set_block_style() + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if result: + self.yaml_dict = tmp_copy + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + # pylint: disable=too-many-return-statements,too-many-branches + @staticmethod + def run_ansible(module): + '''perform the idempotent crud operations''' + yamlfile = Yedit(filename=module.params['src'], + backup=module.params['backup'], + separator=module.params['separator']) + + if module.params['src']: + rval = yamlfile.load() + + if yamlfile.yaml_dict is None and \ + module.params['state'] != 'present': + return {'failed': True, + 'msg': 'Error opening file [%s]. Verify that the ' + + 'file exists, that it is has correct' + + ' permissions, and is valid yaml.'} + + if module.params['state'] == 'list': + if module.params['content']: + content = parse_value(module.params['content'], + module.params['content_type']) + yamlfile.yaml_dict = content + + if module.params['key']: + rval = yamlfile.get(module.params['key']) or {} + + return {'changed': False, 'result': rval, 'state': "list"} + + elif module.params['state'] == 'absent': + if module.params['content']: + content = parse_value(module.params['content'], + module.params['content_type']) + yamlfile.yaml_dict = content + + if module.params['update']: + rval = yamlfile.pop(module.params['key'], + module.params['value']) + else: + rval = yamlfile.delete(module.params['key']) + + if rval[0] and module.params['src']: + yamlfile.write() + + return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + + elif module.params['state'] == 'present': + # check if content is different than what is in the file + if module.params['content']: + content = parse_value(module.params['content'], + module.params['content_type']) + + # We had no edits to make and the contents are the same + if yamlfile.yaml_dict == content and \ + module.params['value'] is None: + return {'changed': False, + 'result': yamlfile.yaml_dict, + 'state': "present"} + + yamlfile.yaml_dict = content + + # we were passed a value; parse it + if module.params['value']: + value = parse_value(module.params['value'], + module.params['value_type']) + key = module.params['key'] + if module.params['update']: + # pylint: disable=line-too-long + curr_value = get_curr_value(parse_value(module.params['curr_value']), module.params['curr_value_format']) # noqa: #501 + + rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + + elif module.params['append']: + rval = yamlfile.append(key, value) + else: + rval = yamlfile.put(key, value) + + if rval[0] and module.params['src']: + yamlfile.write() + + return {'changed': rval[0], + 'result': rval[1], 'state': "present"} + + # no edits to make + if module.params['src']: + # pylint: disable=redefined-variable-type + rval = yamlfile.write() + return {'changed': rval[0], + 'result': rval[1], + 'state': "present"} + + return {'failed': True, 'msg': 'Unkown state passed'} + + +def get_curr_value(invalue, val_type): + '''return the current value''' + if invalue is None: + return None + + curr_value = invalue + if val_type == 'yaml': + curr_value = yaml.load(invalue) + elif val_type == 'json': + curr_value = json.loads(invalue) + + return curr_value + + +def parse_value(inc_value, vtype=''): + '''determine value type passed''' + true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE', + 'on', 'On', 'ON', ] + false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE', + 'off', 'Off', 'OFF'] + + # It came in as a string but you didn't specify value_type as string + # we will convert to bool if it matches any of the above cases + if isinstance(inc_value, str) and 'bool' in vtype: + if inc_value not in true_bools and inc_value not in false_bools: + raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' + % (inc_value, vtype)) + elif isinstance(inc_value, bool) and 'str' in vtype: + inc_value = str(inc_value) + + # If vtype is not str then go ahead and attempt to yaml load it. + if isinstance(inc_value, str) and 'str' not in vtype: + try: + inc_value = yaml.load(inc_value) + except Exception: + raise YeditException('Could not determine type of incoming ' + + 'value. value=[%s] vtype=[%s]' + % (type(inc_value), vtype)) + + return inc_value + + +# pylint: disable=too-many-branches +def main(): + ''' ansible oc module for secrets ''' + + module = AnsibleModule( + argument_spec=dict( + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + src=dict(default=None, type='str'), + content=dict(default=None), + content_type=dict(default='dict', choices=['dict']), + key=dict(default='', type='str'), + value=dict(), + value_type=dict(default='', type='str'), + update=dict(default=False, type='bool'), + append=dict(default=False, type='bool'), + index=dict(default=None, type='int'), + curr_value=dict(default=None, type='str'), + curr_value_format=dict(default='yaml', + choices=['yaml', 'json', 'str'], + type='str'), + backup=dict(default=True, type='bool'), + separator=dict(default='.', type='str'), + ), + mutually_exclusive=[["curr_value", "index"], ['update', "append"]], + required_one_of=[["content", "src"]], + ) + + rval = Yedit.run_ansible(module) + if 'failed' in rval and rval['failed']: + module.fail_json(msg=rval['msg']) + + module.exit_json(**rval) + + +if __name__ == '__main__': + main() diff --git a/roles/lib_utils/src/ansible/yedit.py b/roles/lib_utils/src/ansible/yedit.py new file mode 100644 index 000000000..a80cd520c --- /dev/null +++ b/roles/lib_utils/src/ansible/yedit.py @@ -0,0 +1,84 @@ +# flake8: noqa +# pylint: skip-file + + +def get_curr_value(invalue, val_type): + '''return the current value''' + if invalue is None: + return None + + curr_value = invalue + if val_type == 'yaml': + curr_value = yaml.load(invalue) + elif val_type == 'json': + curr_value = json.loads(invalue) + + return curr_value + + +def parse_value(inc_value, vtype=''): + '''determine value type passed''' + true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE', + 'on', 'On', 'ON', ] + false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE', + 'off', 'Off', 'OFF'] + + # It came in as a string but you didn't specify value_type as string + # we will convert to bool if it matches any of the above cases + if isinstance(inc_value, str) and 'bool' in vtype: + if inc_value not in true_bools and inc_value not in false_bools: + raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' + % (inc_value, vtype)) + elif isinstance(inc_value, bool) and 'str' in vtype: + inc_value = str(inc_value) + + # If vtype is not str then go ahead and attempt to yaml load it. + if isinstance(inc_value, str) and 'str' not in vtype: + try: + inc_value = yaml.load(inc_value) + except Exception: + raise YeditException('Could not determine type of incoming ' + + 'value. value=[%s] vtype=[%s]' + % (type(inc_value), vtype)) + + return inc_value + + +# pylint: disable=too-many-branches +def main(): + ''' ansible oc module for secrets ''' + + module = AnsibleModule( + argument_spec=dict( + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + src=dict(default=None, type='str'), + content=dict(default=None), + content_type=dict(default='dict', choices=['dict']), + key=dict(default='', type='str'), + value=dict(), + value_type=dict(default='', type='str'), + update=dict(default=False, type='bool'), + append=dict(default=False, type='bool'), + index=dict(default=None, type='int'), + curr_value=dict(default=None, type='str'), + curr_value_format=dict(default='yaml', + choices=['yaml', 'json', 'str'], + type='str'), + backup=dict(default=True, type='bool'), + separator=dict(default='.', type='str'), + ), + mutually_exclusive=[["curr_value", "index"], ['update', "append"]], + required_one_of=[["content", "src"]], + ) + + rval = Yedit.run_ansible(module) + if 'failed' in rval and rval['failed']: + module.fail_json(msg=rval['msg']) + + module.exit_json(**rval) + + +if __name__ == '__main__': + main() diff --git a/roles/lib_utils/src/class/import.py b/roles/lib_utils/src/class/import.py new file mode 100644 index 000000000..249e07228 --- /dev/null +++ b/roles/lib_utils/src/class/import.py @@ -0,0 +1,11 @@ +# flake8: noqa +# pylint: skip-file + +# pylint: disable=wrong-import-order +import json +import os +import re +# pylint: disable=import-error +import ruamel.yaml as yaml +import shutil +from ansible.module_utils.basic import AnsibleModule diff --git a/roles/lib_utils/src/class/yedit.py b/roles/lib_utils/src/class/yedit.py new file mode 100644 index 000000000..e110bc11e --- /dev/null +++ b/roles/lib_utils/src/class/yedit.py @@ -0,0 +1,520 @@ +# flake8: noqa +# pylint: skip-file + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + + +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)" + com_sep = set(['.', '#', '|', ':']) + + # pylint: disable=too-many-arguments + def __init__(self, + filename=None, + content=None, + content_type='yaml', + separator='.', + backup=False): + self.content = content + self._separator = separator + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + self.backup = backup + self.load(content_type=self.content_type) + if self.__yaml_dict is None: + self.__yaml_dict = {} + + @property + def separator(self): + ''' getter method for yaml_dict ''' + return self._separator + + @separator.setter + def separator(self): + ''' getter method for yaml_dict ''' + return self._separator + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def parse_key(key, sep='.'): + '''parse the key allowing the appropriate separator''' + common_separators = list(Yedit.com_sep - set([sep])) + return re.findall(Yedit.re_key % ''.join(common_separators), key) + + @staticmethod + def valid_key(key, sep='.'): + '''validate the incoming key''' + common_separators = list(Yedit.com_sep - set([sep])) + if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + return False + + return True + + @staticmethod + def remove_entry(data, key, sep='.'): + ''' remove data at location key ''' + if key == '' and isinstance(data, dict): + data.clear() + return True + elif key == '' and isinstance(data, list): + del data[:] + return True + + if not (key and Yedit.valid_key(key, sep)) and \ + isinstance(data, (list, dict)): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a#b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501 + data = data[dict_key] + continue + + elif data and not isinstance(data, dict): + return None + + data[dict_key] = {} + data = data[dict_key] + + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + if key == '': + data = item + + # process last index for add + # expected list entry + elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + return data + + @staticmethod + def get_entry(data, key, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key, None) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + return data + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + if self.backup and self.file_exists(): + shutil.copy(self.filename, self.filename + '.orig') + + tmp_filename = self.filename + '.yedit' + with open(tmp_filename, 'w') as yfd: + # pylint: disable=no-member + if hasattr(self.yaml_dict, 'fa'): + self.yaml_dict.fa.set_block_style() + + yfd.write(yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper)) + + os.rename(tmp_filename, self.filename) + + return (True, self.yaml_dict) + + def read(self): + ''' read from file ''' + # check if it exists + if self.filename is None or not self.file_exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def file_exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents and not self.content: + return None + + if self.content: + if isinstance(self.content, dict): + self.yaml_dict = self.content + return self.yaml_dict + elif isinstance(self.content, str): + contents = self.content + + # check if it is yaml + try: + if content_type == 'yaml' and contents: + self.yaml_dict = yaml.load(contents, yaml.RoundTripLoader) + # pylint: disable=no-member + if hasattr(self.yaml_dict, 'fa'): + self.yaml_dict.fa.set_block_style() + elif content_type == 'json' and contents: + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as err: + # Error loading yaml or json + raise YeditException('Problem with loading yaml file. %s' % err) + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key, self.separator) + except KeyError: + entry = None + + return entry + + def pop(self, path, key_or_item): + ''' remove a key, value pair from a dict or an item for a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + if isinstance(entry, dict): + # pylint: disable=no-member,maybe-no-member + if key_or_item in entry: + entry.pop(key_or_item) + return (True, self.yaml_dict) + return (False, self.yaml_dict) + + elif isinstance(entry, list): + # pylint: disable=no-member,maybe-no-member + ind = None + try: + ind = entry.index(key_or_item) + except ValueError: + return (False, self.yaml_dict) + + entry.pop(ind) + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + def delete(self, path): + ''' remove path from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, path, self.separator) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def exists(self, path, value): + ''' check if value exists at path''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, list): + if value in entry: + return True + return False + + elif isinstance(entry, dict): + if isinstance(value, dict): + rval = False + for key, val in value.items(): + if entry[key] != val: + rval = False + break + else: + rval = True + return rval + + return value in entry + + return entry == value + + def append(self, path, value): + '''append value to a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + self.put(path, []) + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + if not isinstance(entry, list): + return (False, self.yaml_dict) + + # pylint: disable=no-member,maybe-no-member + entry.append(value) + return (True, self.yaml_dict) + + # pylint: disable=too-many-arguments + def update(self, path, value, index=None, curr_value=None): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, dict): + # pylint: disable=no-member,maybe-no-member + if not isinstance(value, dict): + raise YeditException('Cannot replace key, value entry in ' + + 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + + entry.update(value) + return (True, self.yaml_dict) + + elif isinstance(entry, list): + # pylint: disable=no-member,maybe-no-member + ind = None + if curr_value: + try: + ind = entry.index(curr_value) + except ValueError: + return (False, self.yaml_dict) + + elif index is not None: + ind = index + + if ind is not None and entry[ind] != value: + entry[ind] = value + return (True, self.yaml_dict) + + # see if it exists in the list + try: + ind = entry.index(value) + except ValueError: + # doesn't exist, append it + entry.append(value) + return (True, self.yaml_dict) + + # already exists, return + if ind is not None: + return (False, self.yaml_dict) + return (False, self.yaml_dict) + + def put(self, path, value): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + # deepcopy didn't work + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, + default_flow_style=False), + yaml.RoundTripLoader) + # pylint: disable=no-member + if hasattr(self.yaml_dict, 'fa'): + tmp_copy.fa.set_block_style() + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if not result: + return (False, self.yaml_dict) + + self.yaml_dict = tmp_copy + + return (True, self.yaml_dict) + + def create(self, path, value): + ''' create a yaml file ''' + if not self.file_exists(): + # deepcopy didn't work + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, default_flow_style=False), # noqa: E501 + yaml.RoundTripLoader) + # pylint: disable=no-member + if hasattr(self.yaml_dict, 'fa'): + tmp_copy.fa.set_block_style() + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if result: + self.yaml_dict = tmp_copy + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + # pylint: disable=too-many-return-statements,too-many-branches + @staticmethod + def run_ansible(module): + '''perform the idempotent crud operations''' + yamlfile = Yedit(filename=module.params['src'], + backup=module.params['backup'], + separator=module.params['separator']) + + if module.params['src']: + rval = yamlfile.load() + + if yamlfile.yaml_dict is None and \ + module.params['state'] != 'present': + return {'failed': True, + 'msg': 'Error opening file [%s]. Verify that the ' + + 'file exists, that it is has correct' + + ' permissions, and is valid yaml.'} + + if module.params['state'] == 'list': + if module.params['content']: + content = parse_value(module.params['content'], + module.params['content_type']) + yamlfile.yaml_dict = content + + if module.params['key']: + rval = yamlfile.get(module.params['key']) or {} + + return {'changed': False, 'result': rval, 'state': "list"} + + elif module.params['state'] == 'absent': + if module.params['content']: + content = parse_value(module.params['content'], + module.params['content_type']) + yamlfile.yaml_dict = content + + if module.params['update']: + rval = yamlfile.pop(module.params['key'], + module.params['value']) + else: + rval = yamlfile.delete(module.params['key']) + + if rval[0] and module.params['src']: + yamlfile.write() + + return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + + elif module.params['state'] == 'present': + # check if content is different than what is in the file + if module.params['content']: + content = parse_value(module.params['content'], + module.params['content_type']) + + # We had no edits to make and the contents are the same + if yamlfile.yaml_dict == content and \ + module.params['value'] is None: + return {'changed': False, + 'result': yamlfile.yaml_dict, + 'state': "present"} + + yamlfile.yaml_dict = content + + # we were passed a value; parse it + if module.params['value']: + value = parse_value(module.params['value'], + module.params['value_type']) + key = module.params['key'] + if module.params['update']: + # pylint: disable=line-too-long + curr_value = get_curr_value(parse_value(module.params['curr_value']), module.params['curr_value_format']) # noqa: #501 + + rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + + elif module.params['append']: + rval = yamlfile.append(key, value) + else: + rval = yamlfile.put(key, value) + + if rval[0] and module.params['src']: + yamlfile.write() + + return {'changed': rval[0], + 'result': rval[1], 'state': "present"} + + # no edits to make + if module.params['src']: + # pylint: disable=redefined-variable-type + rval = yamlfile.write() + return {'changed': rval[0], + 'result': rval[1], + 'state': "present"} + + return {'failed': True, 'msg': 'Unkown state passed'} diff --git a/roles/lib_utils/src/doc/license b/roles/lib_utils/src/doc/license new file mode 100644 index 000000000..717bb7f17 --- /dev/null +++ b/roles/lib_utils/src/doc/license @@ -0,0 +1,16 @@ +# +# Copyright 2016 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/roles/lib_utils/src/doc/yedit b/roles/lib_utils/src/doc/yedit new file mode 100644 index 000000000..e367a389e --- /dev/null +++ b/roles/lib_utils/src/doc/yedit @@ -0,0 +1,132 @@ +# flake8: noqa +# pylint: skip-file + +DOCUMENTATION = ''' +--- +module: yedit +short_description: Create, modify, and idempotently manage yaml files. +description: + - Modify yaml files programmatically. +options: + state: + description: + - State represents whether to create, modify, delete, or list yaml + required: true + default: present + choices: ["present", "absent", "list"] + aliases: [] + debug: + description: + - Turn on debug information. + required: false + default: false + aliases: [] + src: + description: + - The file that is the target of the modifications. + required: false + default: None + aliases: [] + content: + description: + - Content represents the yaml content you desire to work with. This + - could be the file contents to write or the inmemory data to modify. + required: false + default: None + aliases: [] + content_type: + description: + - The python type of the content parameter. + required: false + default: 'dict' + aliases: [] + key: + description: + - The path to the value you wish to modify. Emtpy string means the top of + - the document. + required: false + default: '' + aliases: [] + value: + description: + - The incoming value of parameter 'key'. + required: false + default: + aliases: [] + value_type: + description: + - The python type of the incoming value. + required: false + default: '' + aliases: [] + update: + description: + - Whether the update should be performed on a dict/hash or list/array + - object. + required: false + default: false + aliases: [] + append: + description: + - Whether to append to an array/list. When the key does not exist or is + - null, a new array is created. When the key is of a non-list type, + - nothing is done. + required: false + default: false + aliases: [] + index: + description: + - Used in conjunction with the update parameter. This will update a + - specific index in an array/list. + required: false + default: false + aliases: [] + curr_value: + description: + - Used in conjunction with the update parameter. This is the current + - value of 'key' in the yaml file. + required: false + default: false + aliases: [] + curr_value_format: + description: + - Format of the incoming current value. + choices: ["yaml", "json", "str"] + required: false + default: false + aliases: [] + backup: + description: + - Whether to make a backup copy of the current file when performing an + - edit. + required: false + default: true + aliases: [] +author: +- "Kenny Woodson <kwoodson@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +# Simple insert of key, value +- name: insert simple key, value + yedit: + src: somefile.yml + key: test + value: somevalue + state: present +# Results: +# test: somevalue + +# Multilevel insert of key, value +- name: insert simple key, value + yedit: + src: somefile.yml + key: a#b#c + value: d + state: present +# Results: +# a: +# b: +# c: d +''' diff --git a/roles/lib_utils/src/generate.py b/roles/lib_utils/src/generate.py new file mode 100755 index 000000000..f4b46aa91 --- /dev/null +++ b/roles/lib_utils/src/generate.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python +''' + Generate the openshift-ansible/roles/lib_openshift_cli/library/ modules. +''' + +import os +import yaml + +# pylint: disable=anomalous-backslash-in-string +GEN_STR = "#!/usr/bin/env python\n" + \ + "# pylint: disable=missing-docstring\n" + \ + "# ___ ___ _ _ ___ ___ _ _____ ___ ___\n" + \ + "# / __| __| \| | __| _ \ /_\_ _| __| \\\n" + \ + "# | (_ | _|| .` | _|| / / _ \| | | _|| |) |\n" + \ + "# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____\n" + \ + "# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _|\n" + \ + "# | |) | (_) | | .` | (_) || | | _|| |) | | | |\n" + \ + "# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_|\n" + +OPENSHIFT_ANSIBLE_PATH = os.path.dirname(os.path.realpath(__file__)) +OPENSHIFT_ANSIBLE_SOURCES_PATH = os.path.join(OPENSHIFT_ANSIBLE_PATH, 'generate_sources.yml') # noqa: E501 + + +def main(): + ''' combine the necessary files to create the ansible module ''' + + library = os.path.join(OPENSHIFT_ANSIBLE_PATH, '..', 'library/') + sources = yaml.load(open(OPENSHIFT_ANSIBLE_SOURCES_PATH).read()) + for fname, parts in sources.items(): + with open(os.path.join(library, fname), 'w') as afd: + afd.seek(0) + afd.write(GEN_STR) + for fpart in parts: + with open(os.path.join(OPENSHIFT_ANSIBLE_PATH, fpart)) as pfd: + # first line is pylint disable so skip it + for idx, line in enumerate(pfd): + if idx in [0, 1] and 'flake8: noqa' in line \ + or 'pylint: skip-file' in line: + continue + + afd.write(line) + + +if __name__ == '__main__': + main() diff --git a/roles/lib_utils/src/generate_sources.yml b/roles/lib_utils/src/generate_sources.yml new file mode 100644 index 000000000..83b21de1b --- /dev/null +++ b/roles/lib_utils/src/generate_sources.yml @@ -0,0 +1,7 @@ +--- +yedit.py: +- doc/license +- class/import.py +- doc/yedit +- class/yedit.py +- ansible/yedit.py diff --git a/roles/lib_utils/src/test/integration/files/kube-manager.yaml b/roles/lib_utils/src/test/integration/files/kube-manager.yaml new file mode 100644 index 000000000..6f4b9e6dc --- /dev/null +++ b/roles/lib_utils/src/test/integration/files/kube-manager.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: kube-controller-manager + namespace: kube-system +spec: + hostNetwork: true + containers: + - name: kube-controller-manager + image: openshift/kube:v1.0.0 + command: + - /hyperkube + - controller-manager + - --master=http://127.0.0.1:8080 + - --leader-elect=true + - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem + - --root-ca-file=/etc/kubernetes/ssl/ca.pem + livenessProbe: + httpGet: + host: 127.0.0.1 + path: /healthz + port: 10252 + initialDelaySeconds: 15 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /etc/kubernetes/ssl + name: ssl-certs-kubernetes + readOnly: true + - mountPath: /etc/ssl/certs + name: ssl-certs-host + readOnly: true + volumes: + - hostPath: + path: /etc/kubernetes/ssl + name: ssl-certs-kubernetes + - hostPath: + path: /usr/share/ca-certificates + name: ssl-certs-host diff --git a/roles/lib_utils/src/test/integration/yedit_test.yml b/roles/lib_utils/src/test/integration/yedit_test.yml new file mode 100755 index 000000000..1760a7466 --- /dev/null +++ b/roles/lib_utils/src/test/integration/yedit_test.yml @@ -0,0 +1,221 @@ +#!/usr/bin/ansible-playbook +# Yedit test so that we can quickly determine if features are working +# Ensure that the kube-manager.yaml file exists +# +# ./yedit_test.yml -M ../../library +# +--- +- hosts: localhost + gather_facts: no + vars: + test_file: kube-manager-test.yaml + test: test + strategy: debug + + post_tasks: + - name: copy the kube-manager.yaml file so that we have a pristine copy each time + copy: + src: kube-manager.yaml + dest: "./{{ test_file }}" + changed_when: False + + ####### add key to top level ##### + - name: add a key at the top level + yedit: + src: "{{ test_file }}" + key: yedittest + value: yedittest + + - name: retrieve the inserted key + yedit: + src: "{{ test_file }}" + state: list + key: yedittest + register: results + + - name: Assert that key is at top level + assert: + that: results.result == 'yedittest' + msg: 'Test: add a key to top level failed. yedittest != [{{ results.result }}]' + ###### end add key to top level ##### + + ###### modify multilevel key, value ##### + - name: modify multilevel key, value + yedit: + src: "{{ test_file }}" + key: metadata-namespace + value: openshift-is-awesome + separator: '-' + + - name: retrieve the inserted key + yedit: + src: "{{ test_file }}" + state: list + key: metadata-namespace + separator: '-' + register: results + + - name: Assert that key is as expected + assert: + that: results.result == 'openshift-is-awesome' + msg: 'Test: multilevel key, value modification: openshift-is-awesome != [{{ results.result }}]' + ###### end modify multilevel key, value ##### + + ###### test a string boolean ##### + - name: test a string boolean + yedit: + src: "{{ test_file }}" + key: spec.containers[0].volumeMounts[1].readOnly + value: 'true' + value_type: str + + - name: retrieve the inserted key + yedit: + src: "{{ test_file }}" + state: list + key: spec.containers[0].volumeMounts[1].readOnly + register: results + + - name: Assert that key is a string + assert: + that: results.result == "true" + msg: "Test: boolean str: 'true' != [{{ results.result }}]" + + - name: Assert that key is not bool + assert: + that: results.result != true + msg: "Test: boolean str: true != [{{ results.result }}]" + ###### end test boolean string ##### + + ###### test array append ##### + - name: test array append + yedit: + src: "{{ test_file }}" + key: spec.containers[0].command + value: --my-new-parameter=openshift + append: True + + - name: retrieve the array + yedit: + src: "{{ test_file }}" + state: list + key: spec.containers[0].command + register: results + + - name: Assert that the last element in array is our value + assert: + that: results.result[-1] == "--my-new-parameter=openshift" + msg: "Test: '--my-new-parameter=openshift' != [{{ results.result[-1] }}]" + ###### end test array append ##### + + ###### test non-existing array append ##### + - name: test array append to non-existing key + yedit: + src: "{{ test_file }}" + key: nonexistingkey + value: --my-new-parameter=openshift + append: True + + - name: retrieve the array + yedit: + src: "{{ test_file }}" + state: list + key: nonexistingkey + register: results + + - name: Assert that the last element in array is our value + assert: + that: results.result[-1] == "--my-new-parameter=openshift" + msg: "Test: '--my-new-parameter=openshift' != [{{ results.result[-1] }}]" + ###### end test non-existing array append ##### + + ###### test array update modify ##### + - name: test array update modify + yedit: + src: "{{ test_file }}" + key: spec.containers[0].command + value: --root-ca-file=/etc/k8s/ssl/my.pem + curr_value: --root-ca-file=/etc/kubernetes/ssl/ca.pem + curr_value_format: str + update: True + + - name: retrieve the array + yedit: + src: "{{ test_file }}" + state: list + key: spec.containers[0].command + register: results + + - name: Assert that the element in array is our value + assert: + that: results.result[5] == "--root-ca-file=/etc/k8s/ssl/my.pem" + msg: "Test: '--root-ca-file=/etc/k8s/ssl/my.pem' != [{{ results.result[5] }}]" + ###### end test array update modify##### + + ###### test dict create ##### + - name: test dict create + yedit: + src: "{{ test_file }}" + key: a.b.c + value: d + + - name: retrieve the key + yedit: + src: "{{ test_file }}" + state: list + key: a.b.c + register: results + + - name: Assert that the key was created + assert: + that: results.result == "d" + msg: "Test: 'd' != [{{ results.result }}]" + ###### end test dict create ##### + + ###### test create dict value ##### + - name: test create dict value + yedit: + src: "{{ test_file }}" + key: e.f.g + value: + h: + i: + j: k + + - name: retrieve the key + yedit: + src: "{{ test_file }}" + state: list + key: e.f.g.h.i.j + register: results + + - name: Assert that the key was created + assert: + that: results.result == "k" + msg: "Test: 'k' != [{{ results.result }}]" + ###### end test dict create ##### + + ###### test create list value ##### + - name: test create list value + yedit: + src: "{{ test_file }}" + key: z.x.y + value: + - 1 + - 2 + - 3 + + - name: retrieve the key + yedit: + src: "{{ test_file }}" + state: list + key: z#x#y + separator: '#' + register: results + - debug: var=results + + - name: Assert that the key was created + assert: + that: results.result == [1, 2, 3] + msg: "Test: '[1, 2, 3]' != [{{ results.result }}]" +###### end test create list value ##### diff --git a/roles/lib_utils/src/test/unit/yedit_test.py b/roles/lib_utils/src/test/unit/yedit_test.py new file mode 100755 index 000000000..2793c5c1a --- /dev/null +++ b/roles/lib_utils/src/test/unit/yedit_test.py @@ -0,0 +1,277 @@ +#!/usr/bin/env python2 +''' + Unit tests for yedit +''' +# To run +# python -m unittest yedit_test +# +# ............................. +# ---------------------------------------------------------------------- +# Ran 29 tests in 0.133s +# OK + +import os +import sys +import unittest + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error +# place yedit in our path +yedit_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, yedit_path) + +from yedit import Yedit # noqa: E402 + +# pylint: disable=too-many-public-methods +# Silly pylint, moar tests! + + +class YeditTest(unittest.TestCase): + ''' + Test class for yedit + ''' + data = {'a': 'a', + 'b': {'c': {'d': [{'e': 'x'}, 'f', 'g']}}, + } # noqa: E124 + + filename = 'yedit_test.yml' + + def setUp(self): + ''' setup method will create a file and set to known configuration ''' + yed = Yedit(YeditTest.filename) + yed.yaml_dict = YeditTest.data + yed.write() + + def test_load(self): + ''' Testing a get ''' + yed = Yedit('yedit_test.yml') + self.assertEqual(yed.yaml_dict, self.data) + + def test_write(self): + ''' Testing a simple write ''' + yed = Yedit('yedit_test.yml') + yed.put('key1', 1) + yed.write() + self.assertTrue('key1' in yed.yaml_dict) + self.assertEqual(yed.yaml_dict['key1'], 1) + + def test_write_x_y_z(self): + '''Testing a write of multilayer key''' + yed = Yedit('yedit_test.yml') + yed.put('x.y.z', 'modified') + yed.write() + yed.load() + self.assertEqual(yed.get('x.y.z'), 'modified') + + def test_delete_a(self): + '''Testing a simple delete ''' + yed = Yedit('yedit_test.yml') + yed.delete('a') + yed.write() + yed.load() + self.assertTrue('a' not in yed.yaml_dict) + + def test_delete_b_c(self): + '''Testing delete of layered key ''' + yed = Yedit('yedit_test.yml', separator=':') + yed.delete('b:c') + yed.write() + yed.load() + self.assertTrue('b' in yed.yaml_dict) + self.assertFalse('c' in yed.yaml_dict['b']) + + def test_create(self): + '''Testing a create ''' + os.unlink(YeditTest.filename) + yed = Yedit('yedit_test.yml') + yed.create('foo', 'bar') + yed.write() + yed.load() + self.assertTrue('foo' in yed.yaml_dict) + self.assertTrue(yed.yaml_dict['foo'] == 'bar') + + def test_create_content(self): + '''Testing a create with content ''' + content = {"foo": "bar"} + yed = Yedit("yedit_test.yml", content) + yed.write() + yed.load() + self.assertTrue('foo' in yed.yaml_dict) + self.assertTrue(yed.yaml_dict['foo'], 'bar') + + def test_array_insert(self): + '''Testing a create with content ''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('b:c:d[0]', 'inject') + self.assertTrue(yed.get('b:c:d[0]') == 'inject') + + def test_array_insert_first_index(self): + '''Testing a create with content ''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('b:c:d[0]', 'inject') + self.assertTrue(yed.get('b:c:d[1]') == 'f') + + def test_array_insert_second_index(self): + '''Testing a create with content ''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('b:c:d[0]', 'inject') + self.assertTrue(yed.get('b:c:d[2]') == 'g') + + def test_dict_array_dict_access(self): + '''Testing a create with content''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('b:c:d[0]', [{'x': {'y': 'inject'}}]) + self.assertTrue(yed.get('b:c:d[0]:[0]:x:y') == 'inject') + + def test_dict_array_dict_replace(self): + '''Testing multilevel delete''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('b:c:d[0]', [{'x': {'y': 'inject'}}]) + yed.put('b:c:d[0]:[0]:x:y', 'testing') + self.assertTrue('b' in yed.yaml_dict) + self.assertTrue('c' in yed.yaml_dict['b']) + self.assertTrue('d' in yed.yaml_dict['b']['c']) + self.assertTrue(isinstance(yed.yaml_dict['b']['c']['d'], list)) + self.assertTrue(isinstance(yed.yaml_dict['b']['c']['d'][0], list)) + self.assertTrue(isinstance(yed.yaml_dict['b']['c']['d'][0][0], dict)) + self.assertTrue('y' in yed.yaml_dict['b']['c']['d'][0][0]['x']) + self.assertTrue(yed.yaml_dict['b']['c']['d'][0][0]['x']['y'] == 'testing') # noqa: E501 + + def test_dict_array_dict_remove(self): + '''Testing multilevel delete''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('b:c:d[0]', [{'x': {'y': 'inject'}}]) + yed.delete('b:c:d[0]:[0]:x:y') + self.assertTrue('b' in yed.yaml_dict) + self.assertTrue('c' in yed.yaml_dict['b']) + self.assertTrue('d' in yed.yaml_dict['b']['c']) + self.assertTrue(isinstance(yed.yaml_dict['b']['c']['d'], list)) + self.assertTrue(isinstance(yed.yaml_dict['b']['c']['d'][0], list)) + self.assertTrue(isinstance(yed.yaml_dict['b']['c']['d'][0][0], dict)) + self.assertFalse('y' in yed.yaml_dict['b']['c']['d'][0][0]['x']) + + def test_key_exists_in_dict(self): + '''Testing exist in dict''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('b:c:d[0]', [{'x': {'y': 'inject'}}]) + self.assertTrue(yed.exists('b:c', 'd')) + + def test_key_exists_in_list(self): + '''Testing exist in list''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('b:c:d[0]', [{'x': {'y': 'inject'}}]) + self.assertTrue(yed.exists('b:c:d', [{'x': {'y': 'inject'}}])) + self.assertFalse(yed.exists('b:c:d', [{'x': {'y': 'test'}}])) + + def test_update_to_list_with_index(self): + '''Testing update to list with index''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('x:y:z', [1, 2, 3]) + yed.update('x:y:z', [5, 6], index=2) + self.assertTrue(yed.get('x:y:z') == [1, 2, [5, 6]]) + self.assertTrue(yed.exists('x:y:z', [5, 6])) + self.assertFalse(yed.exists('x:y:z', 4)) + + def test_update_to_list_with_curr_value(self): + '''Testing update to list with index''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('x:y:z', [1, 2, 3]) + yed.update('x:y:z', [5, 6], curr_value=3) + self.assertTrue(yed.get('x:y:z') == [1, 2, [5, 6]]) + self.assertTrue(yed.exists('x:y:z', [5, 6])) + self.assertFalse(yed.exists('x:y:z', 4)) + + def test_update_to_list(self): + '''Testing update to list''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('x:y:z', [1, 2, 3]) + yed.update('x:y:z', [5, 6]) + self.assertTrue(yed.get('x:y:z') == [1, 2, 3, [5, 6]]) + self.assertTrue(yed.exists('x:y:z', [5, 6])) + self.assertFalse(yed.exists('x:y:z', 4)) + + def test_append_twice_to_list(self): + '''Testing append to list''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('x:y:z', [1, 2, 3]) + yed.append('x:y:z', [5, 6]) + yed.append('x:y:z', [5, 6]) + self.assertTrue(yed.get('x:y:z') == [1, 2, 3, [5, 6], [5, 6]]) + self.assertTrue(2 == yed.get('x:y:z').count([5, 6])) + self.assertFalse(yed.exists('x:y:z', 4)) + + def test_add_item_to_dict(self): + '''Testing update to dict''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('x:y:z', {'a': 1, 'b': 2}) + yed.update('x:y:z', {'c': 3, 'd': 4}) + self.assertTrue(yed.get('x:y:z') == {'a': 1, 'b': 2, 'c': 3, 'd': 4}) + self.assertTrue(yed.exists('x:y:z', {'c': 3})) + + def test_first_level_dict_with_none_value(self): + '''test dict value with none value''' + yed = Yedit(content={'a': None}, separator=":") + yed.put('a:b:c', 'test') + self.assertTrue(yed.get('a:b:c') == 'test') + self.assertTrue(yed.get('a:b'), {'c': 'test'}) + + def test_adding_yaml_variable(self): + '''test dict value with none value''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('z:y', '{{test}}') + self.assertTrue(yed.get('z:y') == '{{test}}') + + def test_keys_with_underscore(self): + '''test dict value with none value''' + yed = Yedit("yedit_test.yml", separator=':') + yed.put('z_:y_y', {'test': '{{test}}'}) + self.assertTrue(yed.get('z_:y_y') == {'test': '{{test}}'}) + + def test_first_level_array_update(self): + '''test update on top level array''' + yed = Yedit(content=[{'a': 1}, {'b': 2}, {'b': 3}], separator=':') + yed.update('', {'c': 4}) + self.assertTrue({'c': 4} in yed.get('')) + + def test_first_level_array_delete(self): + '''test remove top level key''' + yed = Yedit(content=[{'a': 1}, {'b': 2}, {'b': 3}]) + yed.delete('') + self.assertTrue({'b': 3} not in yed.get('')) + + def test_first_level_array_get(self): + '''test dict value with none value''' + yed = Yedit(content=[{'a': 1}, {'b': 2}, {'b': 3}]) + yed.get('') + self.assertTrue([{'a': 1}, {'b': 2}, {'b': 3}] == yed.yaml_dict) + + def test_pop_list_item(self): + '''test dict value with none value''' + yed = Yedit(content=[{'a': 1}, {'b': 2}, {'b': 3}], separator=':') + yed.pop('', {'b': 2}) + self.assertTrue([{'a': 1}, {'b': 3}] == yed.yaml_dict) + + def test_pop_list_item_2(self): + '''test dict value with none value''' + z = range(10) + yed = Yedit(content=z, separator=':') + yed.pop('', 5) + z.pop(5) + self.assertTrue(z == yed.yaml_dict) + + def test_pop_dict_key(self): + '''test dict value with none value''' + yed = Yedit(content={'a': {'b': {'c': 1, 'd': 2}}}, separator='#') + yed.pop('a#b', 'c') + self.assertTrue({'a': {'b': {'d': 2}}} == yed.yaml_dict) + + def tearDown(self): + '''TearDown method''' + os.unlink(YeditTest.filename) + + +if __name__ == "__main__": + unittest.main() diff --git a/roles/nickhammond.logrotate/tasks/main.yml b/roles/nickhammond.logrotate/tasks/main.yml index 1979c851f..657cb10ec 100644 --- a/roles/nickhammond.logrotate/tasks/main.yml +++ b/roles/nickhammond.logrotate/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: nickhammond.logrotate | Install logrotate - action: "{{ ansible_pkg_mgr }} name=logrotate state=present" + package: name=logrotate state=present when: not openshift.common.is_atomic | bool - name: nickhammond.logrotate | Setup logrotate.d scripts diff --git a/roles/nuage_ca/meta/main.yml b/roles/nuage_ca/meta/main.yml index 2b06613f3..36838debc 100644 --- a/roles/nuage_ca/meta/main.yml +++ b/roles/nuage_ca/meta/main.yml @@ -1,6 +1,6 @@ --- galaxy_info: - author: Vishal Patil + author: Vishal Patil description: company: Nuage Networks license: Apache License, Version 2.0 diff --git a/roles/nuage_ca/tasks/main.yaml b/roles/nuage_ca/tasks/main.yaml index 9cfa40b8a..8d73e6840 100644 --- a/roles/nuage_ca/tasks/main.yaml +++ b/roles/nuage_ca/tasks/main.yaml @@ -1,6 +1,6 @@ --- - name: Install openssl - action: "{{ ansible_pkg_mgr }} name=openssl state=present" + package: name=openssl state=present when: not openshift.common.is_atomic | bool - name: Create CA directory @@ -41,6 +41,6 @@ delegate_to: "{{ nuage_ca_master }}" - name: Copy SSL config file - copy: src=openssl.cnf dest="{{ nuage_ca_dir }}/openssl.cnf" + copy: src=openssl.cnf dest="{{ nuage_ca_dir }}/openssl.cnf" run_once: true delegate_to: "{{ nuage_ca_master }}" diff --git a/roles/nuage_common/defaults/main.yaml b/roles/nuage_common/defaults/main.yaml index 16dac8720..a7803c0ee 100644 --- a/roles/nuage_common/defaults/main.yaml +++ b/roles/nuage_common/defaults/main.yaml @@ -1,3 +1,4 @@ +--- nuage_ca_master: "{{ groups.oo_first_master.0 }}" nuage_ca_master_crt_dir: /usr/share/nuage-openshift-certificates diff --git a/roles/nuage_master/README.md b/roles/nuage_master/README.md index de101dd19..0f1f6f2b1 100644 --- a/roles/nuage_master/README.md +++ b/roles/nuage_master/README.md @@ -5,4 +5,6 @@ Setup Nuage Kubernetes Monitor on the Master node Requirements ------------ -This role assumes it has been deployed on RHEL/Fedora + +* Ansible 2.2 +* This role assumes it has been deployed on RHEL/Fedora diff --git a/roles/nuage_master/defaults/main.yaml b/roles/nuage_master/defaults/main.yaml index cf670a9e1..c90f4f443 100644 --- a/roles/nuage_master/defaults/main.yaml +++ b/roles/nuage_master/defaults/main.yaml @@ -1,4 +1,4 @@ --- nuage_master_cspadminpasswd: "" nuage_master_adminusername: admin -nuage_master_adminuserpasswd: admin +nuage_master_adminuserpasswd: admin diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml index 56224cf82..162aaae1a 100644 --- a/roles/nuage_master/handlers/main.yaml +++ b/roles/nuage_master/handlers/main.yaml @@ -1,18 +1,24 @@ --- - name: restart nuage-openshift-monitor become: yes - service: name=nuage-openshift-monitor state=restarted + systemd: name=nuage-openshift-monitor state=restarted - name: restart master - service: name={{ openshift.common.service_type }}-master state=restarted + systemd: name={{ openshift.common.service_type }}-master state=restarted when: (not openshift_master_ha | bool) and (not master_service_status_changed | default(false)) - name: restart master api - service: name={{ openshift.common.service_type }}-master-api state=restarted - when: (openshift_master_ha | bool) and (not master_api_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' + systemd: name={{ openshift.common.service_type }}-master-api state=restarted + when: > + (openshift_master_ha | bool) and + (not master_api_service_status_changed | default(false)) and + openshift.master.cluster_method == 'native' # TODO: need to fix up ignore_errors here - name: restart master controllers - service: name={{ openshift.common.service_type }}-master-controllers state=restarted - when: (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and openshift.master.cluster_method == 'native' + systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + when: > + (openshift_master_ha | bool) and + (not master_controllers_service_status_changed | default(false)) and + openshift.master.cluster_method == 'native' ignore_errors: yes diff --git a/roles/nuage_master/meta/main.yml b/roles/nuage_master/meta/main.yml index 51b89fbf6..a8a9bd3b4 100644 --- a/roles/nuage_master/meta/main.yml +++ b/roles/nuage_master/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: - author: Vishal Patil + author: Vishal Patil description: company: Nuage Networks license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.2 platforms: - name: EL versions: @@ -13,10 +13,10 @@ galaxy_info: - cloud - system dependencies: - - role: nuage_ca - - role: nuage_common - - role: openshift_etcd_client_certificates - - role: os_firewall - os_firewall_allow: - - service: openshift-monitor - port: "{{ nuage_mon_rest_server_port }}/tcp" +- role: nuage_ca +- role: nuage_common +- role: openshift_etcd_client_certificates +- role: os_firewall + os_firewall_allow: + - service: openshift-monitor + port: "{{ nuage_mon_rest_server_port }}/tcp" diff --git a/roles/nuage_master/tasks/certificates.yml b/roles/nuage_master/tasks/certificates.yml index 0a2f375cd..c16616e1c 100644 --- a/roles/nuage_master/tasks/certificates.yml +++ b/roles/nuage_master/tasks/certificates.yml @@ -1,11 +1,11 @@ --- - name: Create a directory to hold the certificates file: path="{{ nuage_mon_rest_server_crt_dir }}" state=directory - delegate_to: "{{ nuage_ca_master }}" + delegate_to: "{{ nuage_ca_master }}" - name: Create the key command: > - openssl genrsa -out "{{ nuage_ca_master_rest_server_key }}" 4096 + openssl genrsa -out "{{ nuage_ca_master_rest_server_key }}" 4096 delegate_to: "{{ nuage_ca_master }}" - name: Create the req file @@ -30,7 +30,7 @@ shell: "cd {{ nuage_mon_rest_server_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *" delegate_to: "{{ nuage_ca_master }}" -- name: Create a temp directory for the certificates +- name: Create a temp directory for the certificates local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX" register: mktemp @@ -42,7 +42,7 @@ unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_master_crt_dir }} - name: Delete the certificates after copy - file: path="{{ nuage_mon_rest_server_crt_dir }}" state=absent + file: path="{{ nuage_mon_rest_server_crt_dir }}" state=absent delegate_to: "{{ nuage_ca_master }}" - name: Delete the temp directory diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index b8eaede3b..d211d30e8 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -1,13 +1,13 @@ --- - name: Create directory /usr/share/nuage-openshift-monitor become: yes - file: path=/usr/share/nuage-openshift-monitor state=directory + file: path=/usr/share/nuage-openshift-monitor state=directory - name: Create the log directory become: yes file: path={{ nuage_mon_rest_server_logdir }} state=directory -- name: Install Nuage Openshift Monitor +- name: Install Nuage Openshift Monitor become: yes yum: name={{ nuage_openshift_rpm }} state=present @@ -17,12 +17,12 @@ become: yes fetch: src={{ cert_output_dir }}/{{ item }} dest=/tmp/{{ item }} flat=yes with_items: - - ca.crt - - nuage.crt - - nuage.key - - nuage.kubeconfig + - ca.crt + - nuage.crt + - nuage.key + - nuage.kubeconfig -- include: certificates.yml +- include: certificates.yml - name: Create nuage-openshift-monitor.yaml become: yes diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml index 2b3ae0454..41143772e 100644 --- a/roles/nuage_master/tasks/serviceaccount.yml +++ b/roles/nuage_master/tasks/serviceaccount.yml @@ -29,7 +29,7 @@ --config={{nuage_tmp_conf}} with_items: "{{nuage_tasks}}" register: osnuage_perm_task - failed_when: "'already exists' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0" + failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0" changed_when: osnuage_perm_task.rc == 0 - name: Generate the node client config diff --git a/roles/nuage_master/vars/main.yaml b/roles/nuage_master/vars/main.yaml index b395eba99..dba399a03 100644 --- a/roles/nuage_master/vars/main.yaml +++ b/roles/nuage_master/vars/main.yaml @@ -1,3 +1,4 @@ +--- openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" @@ -6,7 +7,7 @@ ca_cert: "{{ openshift_master_config_dir }}/ca.crt" admin_config: "{{ openshift.common.config_base }}/master/admin.kubeconfig" cert_output_dir: /usr/share/nuage-openshift-monitor kube_config: /usr/share/nuage-openshift-monitor/nuage.kubeconfig -kubemon_yaml: /usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml +kubemon_yaml: /usr/share/nuage-openshift-monitor/nuage-openshift-monitor.yaml master_config_yaml: "{{ openshift_master_config_dir }}/master-config.yaml" nuage_mon_rest_server_url: "0.0.0.0:{{ nuage_mon_rest_server_port }}" nuage_mon_rest_server_logdir: "{{ nuage_openshift_monitor_log_dir | default('/var/log/nuage-openshift-monitor') }}" @@ -14,18 +15,18 @@ nuage_mon_log_level: "{{ nuage_openshift_monitor_log_level | default('3') }}" nuage_mon_rest_server_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}" nuage_ca_master_rest_server_key: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.key" -nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt" +nuage_ca_master_rest_server_crt: "{{ nuage_mon_rest_server_crt_dir }}/nuageMonServer.crt" nuage_mon_rest_server_host: "{{ openshift.master.cluster_hostname | default(openshift.common.hostname) }}" -nuage_master_crt_dir : /usr/share/nuage-openshift-monitor +nuage_master_crt_dir: /usr/share/nuage-openshift-monitor nuage_service_account: system:serviceaccount:default:nuage nuage_service_account_config: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: nuage + apiVersion: v1 + kind: ServiceAccount + metadata: + name: nuage nuage_tasks: - - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }} + - policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }} diff --git a/roles/nuage_node/README.md b/roles/nuage_node/README.md index 02a3cbc77..75a75ca6b 100644 --- a/roles/nuage_node/README.md +++ b/roles/nuage_node/README.md @@ -6,4 +6,5 @@ Setup Nuage VRS (Virtual Routing Switching) on the Openshift Node Requirements ------------ -This role assumes it has been deployed on RHEL/Fedora +* Ansible 2.2 +* This role assumes it has been deployed on RHEL/Fedora diff --git a/roles/nuage_node/handlers/main.yaml b/roles/nuage_node/handlers/main.yaml index 5f2b97ae2..8384856ff 100644 --- a/roles/nuage_node/handlers/main.yaml +++ b/roles/nuage_node/handlers/main.yaml @@ -1,8 +1,12 @@ --- - name: restart vrs become: yes - service: name=openvswitch state=restarted + systemd: name=openvswitch state=restarted - name: restart node become: yes - service: name={{ openshift.common.service_type }}-node state=restarted + systemd: name={{ openshift.common.service_type }}-node state=restarted + +- name: save iptable rules + become: yes + command: iptables-save diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml index 9f84eacf6..3e2a5e0c9 100644 --- a/roles/nuage_node/meta/main.yml +++ b/roles/nuage_node/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: - author: Vishal Patil + author: Vishal Patil description: company: Nuage Networks license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.2 platforms: - name: EL versions: @@ -13,8 +13,11 @@ galaxy_info: - cloud - system dependencies: +- role: nuage_common - role: nuage_ca - role: os_firewall os_firewall_allow: - - service: vxlan - port: 4789/udp + - service: vxlan + port: 4789/udp + - service: nuage-monitor + port: "{{ nuage_mon_rest_server_port }}/tcp" diff --git a/roles/nuage_node/tasks/certificates.yml b/roles/nuage_node/tasks/certificates.yml index 7fcd4274d..d1c8bf59a 100644 --- a/roles/nuage_node/tasks/certificates.yml +++ b/roles/nuage_node/tasks/certificates.yml @@ -5,7 +5,7 @@ - name: Create the key command: > - openssl genrsa -out "{{ nuage_ca_master_plugin_key }}" 4096 + openssl genrsa -out "{{ nuage_ca_master_plugin_key }}" 4096 delegate_to: "{{ nuage_ca_master }}" - name: Create the req file @@ -30,7 +30,7 @@ shell: "cd {{ nuage_plugin_rest_client_crt_dir }} && tar -czvf /tmp/{{ ansible_nodename }}.tgz *" delegate_to: "{{ nuage_ca_master }}" -- name: Create a temp directory for the certificates +- name: Create a temp directory for the certificates local_action: command mktemp -d "/tmp/openshift-{{ ansible_nodename }}-XXXXXXX" register: mktemp @@ -42,7 +42,7 @@ unarchive: src="{{ mktemp.stdout }}/{{ ansible_nodename }}.tgz" dest={{ nuage_plugin_crt_dir }} - name: Delete the certificates after copy - file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=absent + file: path="{{ nuage_plugin_rest_client_crt_dir }}" state=absent delegate_to: "{{ nuage_ca_master }}" - name: Delete the temp directory diff --git a/roles/nuage_node/tasks/iptables.yml b/roles/nuage_node/tasks/iptables.yml new file mode 100644 index 000000000..8e2c29620 --- /dev/null +++ b/roles/nuage_node/tasks/iptables.yml @@ -0,0 +1,17 @@ +--- +- name: IPtables | Get iptables rules + command: iptables -L --wait + register: iptablesrules + always_run: yes + +- name: Allow traffic from overlay to underlay + command: /sbin/iptables --wait -I FORWARD 1 -s {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-overlay-underlay" + when: "'nuage-overlay-underlay' not in iptablesrules.stdout" + notify: + - save iptable rules + +- name: Allow traffic from underlay to overlay + command: /sbin/iptables --wait -I FORWARD 1 -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-underlay-overlay" + when: "'nuage-underlay-overlay' not in iptablesrules.stdout" + notify: + - save iptable rules diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml index 1146573d3..d82dd36a4 100644 --- a/roles/nuage_node/tasks/main.yaml +++ b/roles/nuage_node/tasks/main.yaml @@ -2,16 +2,16 @@ - name: Install Nuage VRS become: yes yum: name={{ vrs_rpm }} state=present - -- name: Set the uplink interface + +- name: Set the uplink interface become: yes lineinfile: dest={{ vrs_config }} regexp=^NETWORK_UPLINK_INTF line='NETWORK_UPLINK_INTF={{ uplink_interface }}' -- name: Set the Active Controller +- name: Set the Active Controller become: yes lineinfile: dest={{ vrs_config }} regexp=^ACTIVE_CONTROLLER line='ACTIVE_CONTROLLER={{ vsc_active_ip }}' -- name: Set the Standby Controller +- name: Set the Standby Controller become: yes lineinfile: dest={{ vrs_config }} regexp=^STANDBY_CONTROLLER line='STANDBY_CONTROLLER={{ vsc_standby_ip }}' when: vsc_standby_ip is defined @@ -24,16 +24,18 @@ become: yes copy: src="/tmp/{{ item }}" dest="{{ vsp_openshift_dir }}/{{ item }}" with_items: - - ca.crt - - nuage.crt - - nuage.key - - nuage.kubeconfig + - ca.crt + - nuage.crt + - nuage.key + - nuage.kubeconfig - include: certificates.yml -- name: Set the vsp-openshift.yaml +- name: Set the vsp-openshift.yaml become: yes - template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644 + template: src=vsp-openshift.j2 dest={{ vsp_openshift_yaml }} owner=root mode=0644 notify: - restart vrs - - restart node + - restart node + +- include: iptables.yml diff --git a/roles/nuage_node/vars/main.yaml b/roles/nuage_node/vars/main.yaml index 86486259f..7b789152f 100644 --- a/roles/nuage_node/vars/main.yaml +++ b/roles/nuage_node/vars/main.yaml @@ -17,6 +17,6 @@ plugin_log_level: "{{ nuage_plugin_log_level | default('err') }}" nuage_plugin_rest_client_crt_dir: "{{ nuage_ca_master_crt_dir }}/{{ ansible_nodename }}" nuage_ca_master_plugin_key: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.key" -nuage_ca_master_plugin_crt: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.crt" +nuage_ca_master_plugin_crt: "{{ nuage_plugin_rest_client_crt_dir }}/nuageMonClient.crt" -nuage_plugin_crt_dir : /usr/share/vsp-openshift +nuage_plugin_crt_dir: /usr/share/vsp-openshift diff --git a/roles/openshift_builddefaults/tasks/main.yml b/roles/openshift_builddefaults/tasks/main.yml index 6a4e919e8..e0b51eee0 100644 --- a/roles/openshift_builddefaults/tasks/main.yml +++ b/roles/openshift_builddefaults/tasks/main.yml @@ -15,10 +15,10 @@ no_proxy: "{{ openshift_builddefaults_no_proxy | default(None) }}" git_http_proxy: "{{ openshift_builddefaults_git_http_proxy | default(None) }}" git_https_proxy: "{{ openshift_builddefaults_git_https_proxy | default(None) }}" - + git_no_proxy: "{{ openshift_builddefaults_git_no_proxy | default(None) }}" + - name: Set builddefaults config structure openshift_facts: role: builddefaults local_facts: config: "{{ openshift_builddefaults_json | default(builddefaults_yaml) }}" - diff --git a/roles/openshift_builddefaults/vars/main.yml b/roles/openshift_builddefaults/vars/main.yml index bcdf68112..c9ec3b82f 100644 --- a/roles/openshift_builddefaults/vars/main.yml +++ b/roles/openshift_builddefaults/vars/main.yml @@ -6,16 +6,28 @@ builddefaults_yaml: kind: BuildDefaultsConfig gitHTTPProxy: "{{ openshift.builddefaults.git_http_proxy | default('', true) }}" gitHTTPSProxy: "{{ openshift.builddefaults.git_https_proxy | default('', true) }}" + gitNoProxy: "{{ openshift.builddefaults.git_no_proxy | default('', true) }}" env: - name: HTTP_PROXY value: "{{ openshift.builddefaults.http_proxy | default('', true) }}" - name: HTTPS_PROXY value: "{{ openshift.builddefaults.https_proxy | default('', true) }}" - name: NO_PROXY - value: "{{ openshift.builddefaults.no_proxy | default('', true) | join(',') }}" + value: "{{ openshift.builddefaults.no_proxy | default('', true) }}" - name: http_proxy value: "{{ openshift.builddefaults.http_proxy | default('', true) }}" - name: https_proxy value: "{{ openshift.builddefaults.https_proxy | default('', true) }}" - name: no_proxy - value: "{{ openshift.builddefaults.no_proxy | default('', true) | join(',') }}" + value: "{{ openshift.builddefaults.no_proxy | default('', true) }}" + imageLabels: "{{ openshift_builddefaults_image_labels | default(None) }}" + nodeSelector: "{{ openshift_builddefaults_nodeselectors | default(None) }}" + annotations: "{{ openshift_builddefaults_annotations | default(None) }}" + #resources: "{{ openshift.builddefaults.resources | default(None) }}" + resources: + requests: + cpu: "{{ openshift_builddefaults_resources_requests_cpu | default(None) }}" + memory: "{{ openshift_builddefaults_resources_requests_memory | default(None) }}" + limits: + cpu: "{{ openshift_builddefaults_resources_limits_cpu | default(None) }}" + memory: "{{ openshift_builddefaults_resources_limits_memory | default(None) }}" diff --git a/roles/openshift_buildoverrides/meta/main.yml b/roles/openshift_buildoverrides/meta/main.yml new file mode 100644 index 000000000..e9d2e8712 --- /dev/null +++ b/roles/openshift_buildoverrides/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Ben Parees + description: OpenShift Build Overrides configuration + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_facts diff --git a/roles/openshift_buildoverrides/tasks/main.yml b/roles/openshift_buildoverrides/tasks/main.yml new file mode 100644 index 000000000..82fce1c5b --- /dev/null +++ b/roles/openshift_buildoverrides/tasks/main.yml @@ -0,0 +1,15 @@ +--- +#- name: Set buildoverrides +# openshift_facts: +# role: buildoverrides +# local_facts: +# force_pull: "{{ openshift_buildoverrides_force_pull | default(None) }}" +# image_labels: "{{ openshift_buildoverrides_image_labels | default(None) }}" +# nodeselectors: "{{ openshift_buildoverrides_nodeselectors | default(None) }}" +# annotations: "{{ openshift_buildoverrides_annotations | default(None) }}" + +- name: Set buildoverrides config structure + openshift_facts: + role: buildoverrides + local_facts: + config: "{{ openshift_buildoverrides_json | default(buildoverrides_yaml) }}" diff --git a/roles/openshift_buildoverrides/vars/main.yml b/roles/openshift_buildoverrides/vars/main.yml new file mode 100644 index 000000000..f0f9c255b --- /dev/null +++ b/roles/openshift_buildoverrides/vars/main.yml @@ -0,0 +1,10 @@ +--- +buildoverrides_yaml: + BuildOverrides: + configuration: + apiVersion: v1 + kind: BuildOverridesConfig + forcePull: "{{ openshift_buildoverrides_force_pull | default('', true) }}" + imageLabels: "{{ openshift_buildoverrides_image_labels | default(None) }}" + nodeSelector: "{{ openshift_buildoverrides_nodeselectors | default(None) }}" + annotations: "{{ openshift_buildoverrides_annotations | default(None) }}" diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index b6d403067..e2a12e5ff 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -8,7 +8,9 @@ when: openshift_master_ca_certificate is defined and ('certfile' not in openshift_master_ca_certificate or 'keyfile' not in openshift_master_ca_certificate) - name: Install the base package for admin tooling - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + package: + name: "{{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + state: present when: not openshift.common.is_containerized | bool register: install_result delegate_to: "{{ openshift_ca_host }}" diff --git a/roles/openshift_certificate_expiry/README.md b/roles/openshift_certificate_expiry/README.md index d44438332..a88470bdd 100644 --- a/roles/openshift_certificate_expiry/README.md +++ b/roles/openshift_certificate_expiry/README.md @@ -9,7 +9,7 @@ include: * Master/Node Service Certificates * Router/Registry Service Certificates from etcd secrets * Master/Node/Router/Registry/Admin `kubeconfig`s -* Etcd certificates +* Etcd certificates (including embedded) This role pairs well with the redeploy certificates playbook: @@ -111,12 +111,16 @@ There are two top-level keys in the saved JSON results, `data` and `summary`. The `data` key is a hash where the keys are the names of each host -examined and the values are the check results for each respective -host. +examined and the values are the check results for the certificates +identified on each respective host. -The `summary` key is a hash that summarizes the number of certificates -expiring within the configured warning window and the number of -already expired certificates. +The `summary` key is a hash that summarizes the total number of +certificates: + +* examined on the entire cluster +* OK +* expiring within the configured warning window +* already expired The example below is abbreviated to save space: @@ -193,7 +197,9 @@ The example below is abbreviated to save space: }, "summary": { "warning": 6, - "expired": 0 + "expired": 0, + "total": 7, + "ok": 1 } } ``` diff --git a/roles/openshift_certificate_expiry/filter_plugins/oo_cert_expiry.py b/roles/openshift_certificate_expiry/filter_plugins/oo_cert_expiry.py index 2e2430ee6..5f102e960 100644 --- a/roles/openshift_certificate_expiry/filter_plugins/oo_cert_expiry.py +++ b/roles/openshift_certificate_expiry/filter_plugins/oo_cert_expiry.py @@ -5,29 +5,6 @@ Custom filters for use in openshift-ansible """ -from ansible import errors -from collections import Mapping -from distutils.util import strtobool -from distutils.version import LooseVersion -from operator import itemgetter -import OpenSSL.crypto -import os -import pdb -import pkg_resources -import re -import json -import yaml -from ansible.parsing.yaml.dumper import AnsibleDumper -from urlparse import urlparse - -try: - # ansible-2.2 - # ansible.utils.unicode.to_unicode is deprecated in ansible-2.2, - # ansible.module_utils._text.to_text should be used instead. - from ansible.module_utils._text import to_text -except ImportError: - # ansible-2.1 - from ansible.utils.unicode import to_unicode as to_text # Disabling too-many-public-methods, since filter methods are necessarily # public @@ -74,13 +51,16 @@ Example playbook usage: total_warnings = sum([hostvars[h]['check_results']['summary']['warning'] for h in play_hosts]) total_expired = sum([hostvars[h]['check_results']['summary']['expired'] for h in play_hosts]) + total_ok = sum([hostvars[h]['check_results']['summary']['ok'] for h in play_hosts]) + total_total = sum([hostvars[h]['check_results']['summary']['total'] for h in play_hosts]) json_result['summary']['warning'] = total_warnings json_result['summary']['expired'] = total_expired + json_result['summary']['ok'] = total_ok + json_result['summary']['total'] = total_total return json_result - def filters(self): """ returns a mapping of filters to methods """ return { diff --git a/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py b/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py index 2cdb87dc1..a474b36b0 100644 --- a/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py +++ b/roles/openshift_certificate_expiry/library/openshift_cert_expiry.py @@ -4,17 +4,13 @@ """For details on this module see DOCUMENTATION (below)""" -# router/registry cert grabbing -import subprocess -# etcd config file -import ConfigParser -# Expiration parsing import datetime -# File path stuff import os -# Config file parsing +import subprocess + +from six.moves import configparser + import yaml -# Certificate loading import OpenSSL.crypto DOCUMENTATION = ''' @@ -260,7 +256,10 @@ Return: # This is our module MAIN function after all, so there's bound to be a # lot of code bundled up into one block # -# pylint: disable=too-many-locals,too-many-locals,too-many-statements,too-many-branches +# Reason: These checks are disabled because the issue was introduced +# during a period where the pylint checks weren't enabled for this file +# Status: temporarily disabled pending future refactoring +# pylint: disable=too-many-locals,too-many-statements,too-many-branches def main(): """This module examines certificates (in various forms) which compose an OpenShift Container Platform cluster @@ -371,7 +370,7 @@ an OpenShift Container Platform cluster ###################################################################### # Load the certificate and the CA, parse their expiration dates into # datetime objects so we can manipulate them later - for _, v in cert_meta.iteritems(): + for _, v in cert_meta.items(): with open(v, 'r') as fp: cert = fp.read() cert_subject, cert_expiry_date, time_remaining = load_and_handle_cert(cert, now) @@ -467,7 +466,11 @@ an OpenShift Container Platform cluster ###################################################################### # Check etcd certs + # + # Two things to check: 'external' etcd, and embedded etcd. ###################################################################### + # FIRST: The 'external' etcd + # # Some values may be duplicated, make this a set for now so we # unique them all etcd_certs_to_check = set([]) @@ -475,13 +478,17 @@ an OpenShift Container Platform cluster etcd_cert_params.append('dne') try: with open('/etc/etcd/etcd.conf', 'r') as fp: - etcd_config = ConfigParser.ConfigParser() + etcd_config = configparser.ConfigParser() + # Reason: This check is disabled because the issue was introduced + # during a period where the pylint checks weren't enabled for this file + # Status: temporarily disabled pending future refactoring + # pylint: disable=deprecated-method etcd_config.readfp(FakeSecHead(fp)) for param in etcd_cert_params: try: etcd_certs_to_check.add(etcd_config.get('ETCD', param)) - except ConfigParser.NoOptionError: + except configparser.NoOptionError: # That parameter does not exist, oh well... pass except IOError: @@ -506,6 +513,43 @@ an OpenShift Container Platform cluster classify_cert(expire_check_result, now, time_remaining, expire_window, etcd_certs) ###################################################################### + # Now the embedded etcd + ###################################################################### + try: + with open('/etc/origin/master/master-config.yaml', 'r') as fp: + cfg = yaml.load(fp) + except IOError: + # Not present + pass + else: + if cfg.get('etcdConfig', {}).get('servingInfo', {}).get('certFile', None) is not None: + # This is embedded + etcd_crt_name = cfg['etcdConfig']['servingInfo']['certFile'] + else: + # Not embedded + etcd_crt_name = None + + if etcd_crt_name is not None: + # etcd_crt_name is relative to the location of the + # master-config.yaml file + cfg_path = os.path.dirname(fp.name) + etcd_cert = os.path.join(cfg_path, etcd_crt_name) + with open(etcd_cert, 'r') as etcd_fp: + (cert_subject, + cert_expiry_date, + time_remaining) = load_and_handle_cert(etcd_fp.read(), now) + + expire_check_result = { + 'cert_cn': cert_subject, + 'path': etcd_fp.name, + 'expiry': cert_expiry_date, + 'days_remaining': time_remaining.days, + 'health': None, + } + + classify_cert(expire_check_result, now, time_remaining, expire_window, etcd_certs) + + ###################################################################### # /Check etcd certs ###################################################################### @@ -523,7 +567,7 @@ an OpenShift Container Platform cluster ###################################################################### # First the router certs try: - router_secrets_raw = subprocess.Popen('oc get secret router-certs -o yaml'.split(), + router_secrets_raw = subprocess.Popen('oc get -n default secret router-certs -o yaml'.split(), stdout=subprocess.PIPE) router_ds = yaml.load(router_secrets_raw.communicate()[0]) router_c = router_ds['data']['tls.crt'] @@ -552,7 +596,7 @@ an OpenShift Container Platform cluster ###################################################################### # Now for registry try: - registry_secrets_raw = subprocess.Popen('oc get secret registry-certificates -o yaml'.split(), + registry_secrets_raw = subprocess.Popen('oc get -n default secret registry-certificates -o yaml'.split(), stdout=subprocess.PIPE) registry_ds = yaml.load(registry_secrets_raw.communicate()[0]) registry_c = registry_ds['data']['registry.crt'] @@ -613,9 +657,13 @@ an OpenShift Container Platform cluster # will be at the front of the list and certificates which will # expire later are at the end. Router and registry certs should be # limited to just 1 result, so don't bother sorting those. - check_results['ocp_certs'] = sorted(check_results['ocp_certs'], cmp=lambda x, y: cmp(x['days_remaining'], y['days_remaining'])) - check_results['kubeconfigs'] = sorted(check_results['kubeconfigs'], cmp=lambda x, y: cmp(x['days_remaining'], y['days_remaining'])) - check_results['etcd'] = sorted(check_results['etcd'], cmp=lambda x, y: cmp(x['days_remaining'], y['days_remaining'])) + def cert_key(item): + ''' return the days_remaining key ''' + return item['days_remaining'] + + check_results['ocp_certs'] = sorted(check_results['ocp_certs'], key=cert_key) + check_results['kubeconfigs'] = sorted(check_results['kubeconfigs'], key=cert_key) + check_results['etcd'] = sorted(check_results['etcd'], key=cert_key) # This module will never change anything, but we might want to # change the return code parameter if there is some catastrophic @@ -628,10 +676,11 @@ an OpenShift Container Platform cluster changed=False ) + ###################################################################### # It's just the way we do things in Ansible. So disable this warning # # pylint: disable=wrong-import-position,import-error -from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.basic import AnsibleModule # noqa: E402 if __name__ == '__main__': main() diff --git a/roles/openshift_cli/library/openshift_container_binary_sync.py b/roles/openshift_cli/library/openshift_container_binary_sync.py index 9ff738d14..4ed3e1f01 100644 --- a/roles/openshift_cli/library/openshift_container_binary_sync.py +++ b/roles/openshift_cli/library/openshift_container_binary_sync.py @@ -10,7 +10,7 @@ import shutil import os.path # pylint: disable=redefined-builtin,wildcard-import,unused-wildcard-import -from ansible.module_utils.basic import * +from ansible.module_utils.basic import * # noqa: F403 DOCUMENTATION = ''' @@ -40,7 +40,7 @@ class BinarySyncer(object): self.bin_dir = '/usr/local/bin' self.image = image self.tag = tag - self.temp_dir = None # TBD + self.temp_dir = None # TBD def sync(self): container_name = "openshift-cli-%s" % random.randint(1, 100000) @@ -110,7 +110,7 @@ class BinarySyncer(object): def main(): - module = AnsibleModule( + module = AnsibleModule( # noqa: F405 argument_spec=dict( image=dict(required=True), tag=dict(required=True), diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 11c73b25c..07a00189c 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install clients - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-clients state=present" + package: name={{ openshift.common.service_type }}-clients state=present when: not openshift.common.is_containerized | bool - name: Pull CLI Image @@ -20,5 +20,5 @@ openshift_facts: - name: Install bash completion for oc tools - action: "{{ ansible_pkg_mgr }} name=bash-completion state=present" + package: name=bash-completion state=present when: not openshift.common.is_containerized | bool diff --git a/roles/openshift_clock/tasks/main.yaml b/roles/openshift_clock/tasks/main.yaml index 5a8403f68..3911201ea 100644 --- a/roles/openshift_clock/tasks/main.yaml +++ b/roles/openshift_clock/tasks/main.yaml @@ -6,7 +6,7 @@ enabled: "{{ openshift_clock_enabled | default(None) }}" - name: Install ntp package - action: "{{ ansible_pkg_mgr }} name=ntp state=present" + package: name=ntp state=present when: openshift.clock.enabled | bool and not openshift.clock.chrony_installed | bool - name: Start and enable ntpd/chronyd diff --git a/roles/openshift_cloud_provider/tasks/aws.yml b/roles/openshift_cloud_provider/tasks/aws.yml index 127a5b392..5fa8773f5 100644 --- a/roles/openshift_cloud_provider/tasks/aws.yml +++ b/roles/openshift_cloud_provider/tasks/aws.yml @@ -1,3 +1,4 @@ +--- # Work around ini_file create option in 2.2 which defaults to no - name: Create cloud config file file: diff --git a/roles/openshift_cloud_provider/tasks/gce.yml b/roles/openshift_cloud_provider/tasks/gce.yml index 14ad8ba94..ee4048911 100644 --- a/roles/openshift_cloud_provider/tasks/gce.yml +++ b/roles/openshift_cloud_provider/tasks/gce.yml @@ -1,3 +1,4 @@ +--- # Work around ini_file create option in 2.2 which defaults to no - name: Create cloud config file file: diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index 3f8ea5dce..0a476ac26 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -4,11 +4,11 @@ when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_flannel | default(false) | bool - fail: - msg: Nuage sdn can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use nuage + msg: Nuage sdn can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use nuage when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_nuage | default(false) | bool - fail: - msg: Nuage sdn can not be used with flannel + msg: Nuage sdn can not be used with flannel when: openshift_use_flannel | default(false) | bool and openshift_use_nuage | default(false) | bool - fail: @@ -29,7 +29,9 @@ use_dnsmasq: "{{ openshift_use_dnsmasq | default(None) }}" - name: Install the base package for versioning - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + package: + name: "{{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + state: present when: not openshift.common.is_containerized | bool - name: Set version facts @@ -44,4 +46,3 @@ command: > hostnamectl set-hostname {{ openshift.common.hostname }} when: openshift_set_hostname | default(set_hostname_default) | bool - diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index c690c5243..613c237a3 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -9,7 +9,7 @@ additional_registries: "{{ openshift_docker_additional_registries | default(None) }}" blocked_registries: "{{ openshift_docker_blocked_registries | default(None) }}" insecure_registries: "{{ openshift_docker_insecure_registries | default(None) }}" - log_driver: "{{ openshift_docker_log_driver | default(None) }}" + log_driver: "{{ openshift_docker_log_driver | default(None) }}" log_options: "{{ openshift_docker_log_options | default(None) }}" options: "{{ openshift_docker_options | default(None) }}" disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}" diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index e843049f9..fc4b56bbf 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -12,8 +12,8 @@ examples_base: "{{ openshift.common.config_base if openshift.common.is_container image_streams_base: "{{ examples_base }}/image-streams" centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" rhel_image_streams: - - "{{ image_streams_base}}/image-streams-rhel7.json" - - "{{ image_streams_base}}/dotnet_imagestreams.json" + - "{{ image_streams_base}}/image-streams-rhel7.json" + - "{{ image_streams_base}}/dotnet_imagestreams.json" db_templates_base: "{{ examples_base }}/db-templates" xpaas_image_streams: "{{ examples_base }}/xpaas-streams/" xpaas_templates_base: "{{ examples_base }}/xpaas-templates" diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index d8c45dbc6..a501ad938 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -5,8 +5,10 @@ # # This script should be run from openshift-ansible/roles/openshift_examples -XPAAS_VERSION=ose-v1.3.3 -ORIGIN_VERSION=${1:-v1.4} +XPAAS_VERSION=ose-v1.3.5 +ORIGIN_VERSION=${1:-v1.5} +RHAMP_TAG=1.0.0.GA +RHAMP_TEMPLATE=https://raw.githubusercontent.com/3scale/rhamp-openshift-templates/${RHAMP_TAG}/apicast-gateway/apicast-gateway-template.yml EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} find ${EXAMPLES_BASE} -name '*.json' -delete TEMP=`mktemp -d` @@ -22,12 +24,13 @@ cp origin-master/examples/jenkins/jenkins-*template.json ${EXAMPLES_BASE}/quicks cp origin-master/examples/image-streams/* ${EXAMPLES_BASE}/image-streams/ mv application-templates-${XPAAS_VERSION}/jboss-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/ find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' ! -wholename '*demo*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; -wget https://raw.githubusercontent.com/jboss-fuse/application-templates/GA/fis-image-streams.json -O ${EXAMPLES_BASE}/xpaas-streams/fis-image-streams.json +wget https://raw.githubusercontent.com/jboss-fuse/application-templates/GA/fis-image-streams.json -O ${EXAMPLES_BASE}/xpaas-streams/fis-image-streams.json wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json -wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/metrics-deployer.yaml -wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/metrics-deployer.yaml -wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/logging-deployer.yaml -wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/enterprise/deployment/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/logging-deployer.yaml +wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/origin/metrics-deployer.yaml +wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/enterprise/metrics-deployer.yaml +wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/origin/logging-deployer.yaml +wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/enterprise/deployment/deployer.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/enterprise/logging-deployer.yaml +wget ${RHAMP_TEMPLATE} -O ${EXAMPLES_BASE}/quickstart-templates/apicast-gateway-template.yml popd git diff files/examples diff --git a/roles/openshift_examples/files/examples/latest b/roles/openshift_examples/files/examples/latest index 64c411b81..59b6ef75f 120000 --- a/roles/openshift_examples/files/examples/latest +++ b/roles/openshift_examples/files/examples/latest @@ -1 +1 @@ -v1.4
\ No newline at end of file +v1.5
\ No newline at end of file diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json index 64b004ff4..cfbfc3e20 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-ephemeral-template.json @@ -4,13 +4,30 @@ "metadata": { "name": "mariadb-ephemeral", "annotations": { - "description": "MariaDB database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "openshift.io/display-name": "MariaDB (Ephemeral)", + "description": "MariaDB database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mariadb", "tags": "database,mariadb" } }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.", + "labels": { + "template": "mariadb-persistent-template" + }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -95,11 +112,30 @@ "env": [ { "name": "MYSQL_USER", - "value": "${MYSQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } }, { "name": "MYSQL_DATABASE", @@ -171,14 +207,19 @@ "required": true }, { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MariaDB root Password", + "description": "Password for the MariaDB root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { "name": "MYSQL_DATABASE", "displayName": "MariaDB Database Name", "description": "Name of the MariaDB database accessed.", "value": "sampledb", "required": true } - ], - "labels": { - "template": "mariadb-persistent-template" - } + ] } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json index 0d5b39e81..e933eecf0 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mariadb-persistent-template.json @@ -4,13 +4,30 @@ "metadata": { "name": "mariadb-persistent", "annotations": { - "description": "MariaDB database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "openshift.io/display-name": "MariaDB (Persistent)", + "description": "MariaDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mariadb", "tags": "database,mariadb" } }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.", + "labels": { + "template": "mariadb-persistent-template" + }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -112,11 +129,30 @@ "env": [ { "name": "MYSQL_USER", - "value": "${MYSQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } }, { "name": "MYSQL_DATABASE", @@ -188,6 +224,14 @@ "required": true }, { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MariaDB root Password", + "description": "Password for the MariaDB root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { "name": "MYSQL_DATABASE", "displayName": "MariaDB Database Name", "description": "Name of the MariaDB database accessed.", @@ -201,8 +245,5 @@ "value": "1Gi", "required": true } - ], - "labels": { - "template": "mariadb-persistent-template" - } + ] } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json index 5ed92b3ad..8b8fcb58b 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-ephemeral-template.json @@ -5,13 +5,30 @@ "name": "mongodb-ephemeral", "creationTimestamp": null, "annotations": { - "description": "MongoDB database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "openshift.io/display-name": "MongoDB (Ephemeral)", + "description": "MongoDB database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mongodb", "tags": "database,mongodb" } }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MONGODB_USER}\n Password: ${MONGODB_PASSWORD}\n Database Name: ${MONGODB_DATABASE}\n Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.", + "labels": { + "template": "mongodb-ephemeral-template" + }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MONGODB_USER}", + "database-password" : "${MONGODB_PASSWORD}", + "database-admin-password" : "${MONGODB_ADMIN_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -108,19 +125,34 @@ "env": [ { "name": "MONGODB_USER", - "value": "${MONGODB_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${MONGODB_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } }, { - "name": "MONGODB_DATABASE", - "value": "${MONGODB_DATABASE}" + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-admin-password" + } + } }, { - "name": "MONGODB_ADMIN_PASSWORD", - "value": "${MONGODB_ADMIN_PASSWORD}" + "name": "MONGODB_DATABASE", + "value": "${MONGODB_DATABASE}" } ], "resources": { @@ -217,9 +249,5 @@ "value": "3.2", "required": true } - ], - "labels": { - "template": "mongodb-ephemeral-template" - }, - "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}" + ] } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json index 00d550d7d..72d3a8556 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mongodb-persistent-template.json @@ -5,13 +5,30 @@ "name": "mongodb-persistent", "creationTimestamp": null, "annotations": { - "description": "MongoDB database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "openshift.io/display-name": "MongoDB (Persistent)", + "description": "MongoDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mongodb", "tags": "database,mongodb" } }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MONGODB_USER}\n Password: ${MONGODB_PASSWORD}\n Database Name: ${MONGODB_DATABASE}\n Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.", + "labels": { + "template": "mongodb-persistent-template" + }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MONGODB_USER}", + "database-password" : "${MONGODB_PASSWORD}", + "database-admin-password" : "${MONGODB_ADMIN_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -125,19 +142,34 @@ "env": [ { "name": "MONGODB_USER", - "value": "${MONGODB_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${MONGODB_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } }, { - "name": "MONGODB_DATABASE", - "value": "${MONGODB_DATABASE}" + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-admin-password" + } + } }, { - "name": "MONGODB_ADMIN_PASSWORD", - "value": "${MONGODB_ADMIN_PASSWORD}" + "name": "MONGODB_DATABASE", + "value": "${MONGODB_DATABASE}" } ], "resources": { @@ -241,9 +273,5 @@ "value": "3.2", "required": true } - ], - "labels": { - "template": "mongodb-persistent-template" - }, - "message": "You can connect to the database using MongoDB connection URL mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}" + ] } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json index a7c731243..34dd2ed78 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-ephemeral-template.json @@ -4,12 +4,29 @@ "metadata": { "name": "mysql-ephemeral", "annotations": { - "description": "MySQL database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "openshift.io/display-name": "MySQL (Ephemeral)", + "description": "MySQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mysql-database", "tags": "database,mysql" } }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", + "labels": { + "template": "mysql-ephemeral-template" + }, "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, { "kind": "Service", "apiVersion": "v1", @@ -108,11 +125,30 @@ "env": [ { "name": "MYSQL_USER", - "value": "${MYSQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } }, { "name": "MYSQL_DATABASE", @@ -192,6 +228,14 @@ "required": true }, { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MySQL root user Password", + "description": "Password for the MySQL root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { "name": "MYSQL_DATABASE", "displayName": "MySQL Database Name", "description": "Name of the MySQL database accessed.", @@ -201,12 +245,9 @@ { "name": "MYSQL_VERSION", "displayName": "Version of MySQL Image", - "description": "Version of MySQL image to be used (5.5, 5.6 or latest).", - "value": "5.6", + "description": "Version of MySQL image to be used (5.5, 5.6, 5.7, or latest).", + "value": "5.7", "required": true } - ], - "labels": { - "template": "mysql-ephemeral-template" - } + ] } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json index 05add25e2..85c48da01 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/mysql-persistent-template.json @@ -4,13 +4,30 @@ "metadata": { "name": "mysql-persistent", "annotations": { - "description": "MySQL database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "openshift.io/display-name": "MySQL (Persistent)", + "description": "MySQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mysql-database", "tags": "database,mysql" } }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", + "labels": { + "template": "mysql-persistent-template" + }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -112,11 +129,30 @@ "env": [ { "name": "MYSQL_USER", - "value": "${MYSQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } }, { "name": "MYSQL_DATABASE", @@ -188,6 +224,14 @@ "required": true }, { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MySQL root user Password", + "description": "Password for the MySQL root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { "name": "MYSQL_DATABASE", "displayName": "MySQL Database Name", "description": "Name of the MySQL database accessed.", @@ -204,12 +248,9 @@ { "name": "MYSQL_VERSION", "displayName": "Version of MySQL Image", - "description": "Version of MySQL image to be used (5.5, 5.6 or latest).", - "value": "5.6", + "description": "Version of MySQL image to be used (5.5, 5.6, 5.7, or latest).", + "value": "5.7", "required": true } - ], - "labels": { - "template": "mysql-persistent-template" - } + ] } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json index 1562204e5..0d0a2a629 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-ephemeral-template.json @@ -5,13 +5,29 @@ "name": "postgresql-ephemeral", "creationTimestamp": null, "annotations": { - "description": "PostgreSQL database service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "openshift.io/display-name": "PostgreSQL (Ephemeral)", + "description": "PostgreSQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-postgresql", "tags": "database,postgresql" } }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${POSTGRESQL_USER}\n Password: ${POSTGRESQL_PASSWORD}\n Database Name: ${POSTGRESQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:5432/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.", + "labels": { + "template": "postgresql-ephemeral-template" + }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${POSTGRESQL_USER}", + "database-password" : "${POSTGRESQL_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -108,11 +124,21 @@ "env": [ { "name": "POSTGRESQL_USER", - "value": "${POSTGRESQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "POSTGRESQL_PASSWORD", - "value": "${POSTGRESQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } }, { "name": "POSTGRESQL_DATABASE", @@ -205,8 +231,5 @@ "value": "9.5", "required": true } - ], - "labels": { - "template": "postgresql-ephemeral-template" - } + ] } diff --git a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json index fd2b6a0fb..257726cfd 100644 --- a/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/db-templates/postgresql-persistent-template.json @@ -5,13 +5,29 @@ "name": "postgresql-persistent", "creationTimestamp": null, "annotations": { - "description": "PostgreSQL database service, with persistent storage. Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "openshift.io/display-name": "PostgreSQL (Persistent)", + "description": "PostgreSQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-postgresql", "tags": "database,postgresql" } }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${POSTGRESQL_USER}\n Password: ${POSTGRESQL_PASSWORD}\n Database Name: ${POSTGRESQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:5432/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.", + "labels": { + "template": "postgresql-persistent-template" + }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${POSTGRESQL_USER}", + "database-password" : "${POSTGRESQL_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -125,11 +141,21 @@ "env": [ { "name": "POSTGRESQL_USER", - "value": "${POSTGRESQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "POSTGRESQL_PASSWORD", - "value": "${POSTGRESQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } }, { "name": "POSTGRESQL_DATABASE", @@ -229,8 +255,5 @@ "value": "9.5", "required": true } - ], - "labels": { - "template": "postgresql-persistent-template" - } + ] } diff --git a/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json index 6cbf81591..0d5ac21d8 100644 --- a/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json +++ b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json @@ -4,7 +4,7 @@ "metadata": { "name": "dotnet-image-streams", "annotations": { - "description": "ImageStream definitions for .Net Core on RHEL" + "description": "ImageStream definitions for .NET Core on RHEL" } }, "items": [ @@ -12,29 +12,51 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dotnet" + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": ".Net Core 1.0 S2I image.", + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", "iconClass": "icon-dotnet", - "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "tags": "builder,.net,dotnet,dotnetcore", "supports":"dotnet", "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", - "sampleContextDir": "1.0/test/asp-net-hello-world" + "sampleContextDir": "1.1/test/asp-net-hello-world" }, "from": { "kind": "ImageStreamTag", - "name": "1.0" + "name": "1.1" + } + }, + { + "name": "1.1", + "annotations": { + "openshift.io/display-name": ".NET Core 1.1", + "description": "Build and run .NET Core 1.1 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.1/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore11", + "supports":"dotnet:1.1,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.1/test/asp-net-hello-world", + "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnetcore-11-rhel7:1.1" } }, { "name": "1.0", "annotations": { - "description": ".Net Core 1.0 S2I image.", + "openshift.io/display-name": ".NET Core 1.0", + "description": "Build and run .NET Core 1.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.0/README.md.", "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", "supports":"dotnet:1.0,dotnet", diff --git a/roles/openshift_examples/files/examples/v1.3/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v1.3/image-streams/image-streams-centos7.json index 386f16d26..1a90a9409 100644 --- a/roles/openshift_examples/files/examples/v1.3/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v1.3/image-streams/image-streams-centos7.json @@ -7,14 +7,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "ruby" + "name": "ruby", + "annotations": { + "openshift.io/display-name": "Ruby" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run Ruby applications", + "openshift.io/display-name": "Ruby (Latest)", + "description": "Build and run Ruby applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.3/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", "iconClass": "icon-ruby", "tags": "builder,ruby", "supports": "ruby", @@ -28,9 +32,10 @@ { "name": "2.0", "annotations": { - "description": "Build and run Ruby 2.0 applications", + "openshift.io/display-name": "Ruby 2.0", + "description": "Build and run Ruby 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", "iconClass": "icon-ruby", - "tags": "builder,ruby", + "tags": "hidden,builder,ruby", "supports": "ruby:2.0,ruby", "version": "2.0", "sampleRepo": "https://github.com/openshift/ruby-ex.git" @@ -43,7 +48,8 @@ { "name": "2.2", "annotations": { - "description": "Build and run Ruby 2.2 applications", + "openshift.io/display-name": "Ruby 2.2", + "description": "Build and run Ruby 2.2 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.2/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", "supports": "ruby:2.2,ruby", @@ -58,7 +64,8 @@ { "name": "2.3", "annotations": { - "description": "Build and run Ruby 2.3 applications", + "openshift.io/display-name": "Ruby 2.3", + "description": "Build and run Ruby 2.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.3/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", "supports": "ruby:2.3,ruby", @@ -77,14 +84,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "nodejs" + "name": "nodejs", + "annotations": { + "openshift.io/display-name": "Node.js" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run NodeJS applications", + "openshift.io/display-name": "Node.js (Latest)", + "description": "Build and run Node.js applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", "supports":"nodejs", @@ -98,9 +109,10 @@ { "name": "0.10", "annotations": { - "description": "Build and run NodeJS 0.10 applications", + "openshift.io/display-name": "Node.js 0.10", + "description": "DEPRECATED: Build and run Node.js 0.10 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", "iconClass": "icon-nodejs", - "tags": "builder,nodejs", + "tags": "hidden,nodejs", "supports":"nodejs:0.10,nodejs:0.1,nodejs", "version": "0.10", "sampleRepo": "https://github.com/openshift/nodejs-ex.git" @@ -113,7 +125,8 @@ { "name": "4", "annotations": { - "description": "Build and run NodeJS 4 applications", + "openshift.io/display-name": "Node.js 4", + "description": "Build and run Node.js 4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", "supports":"nodejs:4,nodejs", @@ -132,14 +145,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "perl" + "name": "perl", + "annotations": { + "openshift.io/display-name": "Perl" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run Perl applications", + "openshift.io/display-name": "Perl (Latest)", + "description": "Build and run Perl applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", "iconClass": "icon-perl", "tags": "builder,perl", "supports":"perl", @@ -147,15 +164,16 @@ }, "from": { "kind": "ImageStreamTag", - "name": "5.20" + "name": "5.24" } }, { "name": "5.16", "annotations": { - "description": "Build and run Perl 5.16 applications", + "openshift.io/display-name": "Perl 5.16", + "description": "Build and run Perl 5.16 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", "iconClass": "icon-perl", - "tags": "builder,perl", + "tags": "hidden,builder,perl", "supports":"perl:5.16,perl", "version": "5.16", "sampleRepo": "https://github.com/openshift/dancer-ex.git" @@ -168,7 +186,8 @@ { "name": "5.20", "annotations": { - "description": "Build and run Perl 5.20 applications", + "openshift.io/display-name": "Perl 5.20", + "description": "Build and run Perl 5.20 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.", "iconClass": "icon-perl", "tags": "builder,perl", "supports":"perl:5.20,perl", @@ -179,7 +198,22 @@ "kind": "DockerImage", "name": "centos/perl-520-centos7:latest" } - + }, + { + "name": "5.24", + "annotations": { + "openshift.io/display-name": "Perl 5.24", + "description": "Build and run Perl 5.24 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.24,perl", + "version": "5.24", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/perl-524-centos7:latest" + } } ] } @@ -188,14 +222,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "php" + "name": "php", + "annotations": { + "openshift.io/display-name": "PHP" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run PHP applications", + "openshift.io/display-name": "PHP (Latest)", + "description": "Build and run PHP applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", "iconClass": "icon-php", "tags": "builder,php", "supports":"php", @@ -203,15 +241,16 @@ }, "from": { "kind": "ImageStreamTag", - "name": "5.6" + "name": "7.0" } }, { "name": "5.5", "annotations": { - "description": "Build and run PHP 5.5 applications", + "openshift.io/display-name": "PHP 5.5", + "description": "Build and run PHP 5.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", "iconClass": "icon-php", - "tags": "builder,php", + "tags": "hidden,builder,php", "supports":"php:5.5,php", "version": "5.5", "sampleRepo": "https://github.com/openshift/cakephp-ex.git" @@ -224,7 +263,8 @@ { "name": "5.6", "annotations": { - "description": "Build and run PHP 5.6 applications", + "openshift.io/display-name": "PHP 5.6", + "description": "Build and run PHP 5.6 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.", "iconClass": "icon-php", "tags": "builder,php", "supports":"php:5.6,php", @@ -235,6 +275,22 @@ "kind": "DockerImage", "name": "centos/php-56-centos7:latest" } + }, + { + "name": "7.0", + "annotations": { + "openshift.io/display-name": "PHP 7.0", + "description": "Build and run PHP 7.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:7.0,php", + "version": "7.0", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/php-70-centos7:latest" + } } ] } @@ -243,14 +299,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "python" + "name": "python", + "annotations": { + "openshift.io/display-name": "Python" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run Python applications", + "openshift.io/display-name": "Python (Latest)", + "description": "Build and run Python applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", "iconClass": "icon-python", "tags": "builder,python", "supports":"python", @@ -264,9 +324,10 @@ { "name": "3.3", "annotations": { - "description": "Build and run Python 3.3 applications", + "openshift.io/display-name": "Python 3.3", + "description": "Build and run Python 3.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", "iconClass": "icon-python", - "tags": "builder,python", + "tags": "hidden,builder,python", "supports":"python:3.3,python", "version": "3.3", "sampleRepo": "https://github.com/openshift/django-ex.git" @@ -279,7 +340,8 @@ { "name": "2.7", "annotations": { - "description": "Build and run Python 2.7 applications", + "openshift.io/display-name": "Python 2.7", + "description": "Build and run Python 2.7 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md.", "iconClass": "icon-python", "tags": "builder,python", "supports":"python:2.7,python", @@ -294,7 +356,8 @@ { "name": "3.4", "annotations": { - "description": "Build and run Python 3.4 applications", + "openshift.io/display-name": "Python 3.4", + "description": "Build and run Python 3.4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.4/README.md.", "iconClass": "icon-python", "tags": "builder,python", "supports":"python:3.4,python", @@ -309,7 +372,8 @@ { "name": "3.5", "annotations": { - "description": "Build and run Python 3.5 applications", + "openshift.io/display-name": "Python 3.5", + "description": "Build and run Python 3.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.", "iconClass": "icon-python", "tags": "builder,python", "supports":"python:3.5,python", @@ -328,14 +392,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "wildfly" + "name": "wildfly", + "annotations": { + "openshift.io/display-name": "WildFly" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run Java applications on Wildfly", + "openshift.io/display-name": "WildFly (Latest)", + "description": "Build and run WildFly applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of WildFly available on OpenShift, including major versions updates.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", "supports":"jee,java", @@ -349,7 +417,8 @@ { "name": "8.1", "annotations": { - "description": "Build and run Java applications on Wildfly 8.1", + "openshift.io/display-name": "WildFly 8.1", + "description": "Build and run WildFly 8.1 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", "supports":"wildfly:8.1,jee,java", @@ -364,7 +433,8 @@ { "name": "9.0", "annotations": { - "description": "Build and run Java applications on Wildfly 9.0", + "openshift.io/display-name": "WildFly 9.0", + "description": "Build and run WildFly 9.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", "supports":"wildfly:9.0,jee,java", @@ -379,7 +449,8 @@ { "name": "10.0", "annotations": { - "description": "Build and run Java applications on Wildfly 10.0", + "openshift.io/display-name": "WildFly 10.0", + "description": "Build and run WildFly 10.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", "supports":"wildfly:10.0,jee,java", @@ -394,7 +465,8 @@ { "name": "10.1", "annotations": { - "description": "Build and run Java applications on Wildfly 10.1", + "openshift.io/display-name": "WildFly 10.1", + "description": "Build and run WildFly 10.1 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", "supports":"wildfly:10.1,jee,java", @@ -413,28 +485,33 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "mysql" + "name": "mysql", + "annotations": { + "openshift.io/display-name": "MySQL" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Provides a MySQL database", + "openshift.io/display-name": "MySQL (Latest)", + "description": "Provides a MySQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", "iconClass": "icon-mysql-database", "tags": "mysql" }, "from": { "kind": "ImageStreamTag", - "name": "5.6" + "name": "5.7" } }, { "name": "5.5", "annotations": { - "description": "Provides a MySQL v5.5 database", + "openshift.io/display-name": "MySQL 5.5", + "description": "Provides a MySQL 5.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", "iconClass": "icon-mysql-database", - "tags": "mysql", + "tags": "hidden,mysql", "version": "5.5" }, "from": { @@ -445,7 +522,8 @@ { "name": "5.6", "annotations": { - "description": "Provides a MySQL v5.6 database", + "openshift.io/display-name": "MySQL 5.6", + "description": "Provides a MySQL 5.6 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.", "iconClass": "icon-mysql-database", "tags": "mysql", "version": "5.6" @@ -454,6 +532,20 @@ "kind": "DockerImage", "name": "centos/mysql-56-centos7:latest" } + }, + { + "name": "5.7", + "annotations": { + "openshift.io/display-name": "MySQL 5.7", + "description": "Provides a MySQL 5.7 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.7" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mysql-57-centos7:latest" + } } ] } @@ -462,14 +554,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "mariadb" + "name": "mariadb", + "annotations": { + "openshift.io/display-name": "MariaDB" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Provides a MariaDB database", + "openshift.io/display-name": "MariaDB (Latest)", + "description": "Provides a MariaDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", "iconClass": "icon-mariadb", "tags": "mariadb" }, @@ -481,7 +577,8 @@ { "name": "10.1", "annotations": { - "description": "Provides a MariaDB v10.1 database", + "openshift.io/display-name": "MariaDB 10.1", + "description": "Provides a MariaDB 10.1 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.", "iconClass": "icon-mariadb", "tags": "mariadb", "version": "10.1" @@ -498,14 +595,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "postgresql" + "name": "postgresql", + "annotations": { + "openshift.io/display-name": "PostgreSQL" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Provides a PostgreSQL database", + "openshift.io/display-name": "PostgreSQL (Latest)", + "description": "Provides a PostgreSQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", "iconClass": "icon-postgresql", "tags": "postgresql" }, @@ -517,9 +618,10 @@ { "name": "9.2", "annotations": { - "description": "Provides a PostgreSQL v9.2 database", + "openshift.io/display-name": "PostgreSQL 9.2", + "description": "Provides a PostgreSQL 9.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", "iconClass": "icon-postgresql", - "tags": "postgresql", + "tags": "hidden,postgresql", "version": "9.2" }, "from": { @@ -530,7 +632,8 @@ { "name": "9.4", "annotations": { - "description": "Provides a PostgreSQL v9.4 database", + "openshift.io/display-name": "PostgreSQL 9.4", + "description": "Provides a PostgreSQL 9.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.4.", "iconClass": "icon-postgresql", "tags": "postgresql", "version": "9.4" @@ -543,7 +646,8 @@ { "name": "9.5", "annotations": { - "description": "Provides a PostgreSQL v9.5 database", + "openshift.io/display-name": "PostgreSQL 9.5", + "description": "Provides a PostgreSQL 9.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.", "iconClass": "icon-postgresql", "tags": "postgresql", "version": "9.5" @@ -560,14 +664,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "mongodb" + "name": "mongodb", + "annotations": { + "openshift.io/display-name": "MongoDB" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Provides a MongoDB database", + "openshift.io/display-name": "MongoDB (Latest)", + "description": "Provides a MongoDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", "iconClass": "icon-mongodb", "tags": "mongodb" }, @@ -579,9 +687,10 @@ { "name": "2.4", "annotations": { - "description": "Provides a MongoDB v2.4 database", + "openshift.io/display-name": "MongoDB 2.4", + "description": "Provides a MongoDB 2.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", "iconClass": "icon-mongodb", - "tags": "mongodb", + "tags": "hidden,mongodb", "version": "2.4" }, "from": { @@ -592,7 +701,8 @@ { "name": "2.6", "annotations": { - "description": "Provides a MongoDB v2.6 database", + "openshift.io/display-name": "MongoDB 2.6", + "description": "Provides a MongoDB 2.6 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.6/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", "version": "2.6" @@ -605,7 +715,8 @@ { "name": "3.2", "annotations": { - "description": "Provides a MongoDB v3.2 database", + "openshift.io/display-name": "MongoDB 3.2", + "description": "Provides a MongoDB 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", "version": "3.2" @@ -622,26 +733,72 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "jenkins" + "name": "redis", + "annotations": { + "openshift.io/display-name": "Redis" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Redis (Latest)", + "description": "Provides a Redis database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", + "iconClass": "icon-redis", + "tags": "redis" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "Redis 3.2", + "description": "Provides a Redis 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", + "iconClass": "icon-redis", + "tags": "redis", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "centos/redis-32-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jenkins", + "annotations": { + "openshift.io/display-name": "Jenkins" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Provides a Jenkins server", + "openshift.io/display-name": "Jenkins (Latest)", + "description": "Provides a Jenkins server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", "iconClass": "icon-jenkins", "tags": "jenkins" }, "from": { "kind": "ImageStreamTag", - "name": "1" + "name": "2" } }, { "name": "1", "annotations": { - "description": "Provides a Jenkins server", + "openshift.io/display-name": "Jenkins 1.X", + "description": "Provides a Jenkins 1.X server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", "tags": "jenkins", "version": "1.x" @@ -650,6 +807,20 @@ "kind": "DockerImage", "name": "openshift/jenkins-1-centos7:latest" } + }, + { + "name": "2", + "annotations": { + "openshift.io/display-name": "Jenkins 2.X", + "description": "Provides a Jenkins v2.x server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", + "iconClass": "icon-jenkins", + "tags": "jenkins", + "version": "2.x" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/jenkins-2-centos7:latest" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v1.3/image-streams/image-streams-rhel7.json index 56c63263b..9b19b8bd0 100644 --- a/roles/openshift_examples/files/examples/v1.3/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/v1.3/image-streams/image-streams-rhel7.json @@ -7,14 +7,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "ruby" + "name": "ruby", + "annotations": { + "openshift.io/display-name": "Ruby" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run Ruby applications", + "openshift.io/display-name": "Ruby (Latest)", + "description": "Build and run Ruby applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.3/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", "iconClass": "icon-ruby", "tags": "builder,ruby", "supports": "ruby", @@ -28,9 +32,10 @@ { "name": "2.0", "annotations": { - "description": "Build and run Ruby 2.0 applications", + "openshift.io/display-name": "Ruby 2.0", + "description": "Build and run Ruby 2.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", "iconClass": "icon-ruby", - "tags": "builder,ruby", + "tags": "hidden,builder,ruby", "supports": "ruby:2.0,ruby", "version": "2.0", "sampleRepo": "https://github.com/openshift/ruby-ex.git" @@ -43,7 +48,8 @@ { "name": "2.2", "annotations": { - "description": "Build and run Ruby 2.2 applications", + "openshift.io/display-name": "Ruby 2.2", + "description": "Build and run Ruby 2.2 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.2/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", "supports": "ruby:2.2,ruby", @@ -58,7 +64,8 @@ { "name": "2.3", "annotations": { - "description": "Build and run Ruby 2.3 applications", + "openshift.io/display-name": "Ruby 2.3", + "description": "Build and run Ruby 2.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.3/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", "supports": "ruby:2.3,ruby", @@ -77,14 +84,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "nodejs" + "name": "nodejs", + "annotations": { + "openshift.io/display-name": "Node.js" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run NodeJS applications", + "openshift.io/display-name": "Node.js (Latest)", + "description": "Build and run Node.js applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", "supports":"nodejs", @@ -98,9 +109,10 @@ { "name": "0.10", "annotations": { - "description": "Build and run NodeJS 0.10 applications", + "openshift.io/display-name": "Node.js 0.10", + "description": "DEPRECATED: Build and run Node.js 0.10 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", "iconClass": "icon-nodejs", - "tags": "builder,nodejs", + "tags": "hidden,nodejs", "supports":"nodejs:0.10,nodejs:0.1,nodejs", "version": "0.10", "sampleRepo": "https://github.com/openshift/nodejs-ex.git" @@ -113,7 +125,8 @@ { "name": "4", "annotations": { - "description": "Build and run NodeJS 4.x applications", + "openshift.io/display-name": "Node.js 4", + "description": "Build and run Node.js 4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", "supports":"nodejs:4,nodejs", @@ -132,14 +145,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "perl" + "name": "perl", + "annotations": { + "openshift.io/display-name": "Perl" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run Perl applications", + "openshift.io/display-name": "Perl (Latest)", + "description": "Build and run Perl applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", "iconClass": "icon-perl", "tags": "builder,perl", "supports":"perl", @@ -147,15 +164,16 @@ }, "from": { "kind": "ImageStreamTag", - "name": "5.20" + "name": "5.24" } }, { "name": "5.16", "annotations": { - "description": "Build and run Perl 5.16 applications", + "openshift.io/display-name": "Perl 5.16", + "description": "Build and run Perl 5.16 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", "iconClass": "icon-perl", - "tags": "builder,perl", + "tags": "hidden,builder,perl", "supports":"perl:5.16,perl", "version": "5.16", "sampleRepo": "https://github.com/openshift/dancer-ex.git" @@ -168,7 +186,8 @@ { "name": "5.20", "annotations": { - "description": "Build and run Perl 5.20 applications", + "openshift.io/display-name": "Perl 5.20", + "description": "Build and run Perl 5.20 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.", "iconClass": "icon-perl", "tags": "builder,perl", "supports":"perl:5.20,perl", @@ -179,7 +198,22 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/perl-520-rhel7:latest" } - + }, + { + "name": "5.24", + "annotations": { + "openshift.io/display-name": "Perl 5.24", + "description": "Build and run Perl 5.24 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.24,perl", + "version": "5.24", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/perl-524-rhel7:latest" + } } ] } @@ -188,14 +222,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "php" + "name": "php", + "annotations": { + "openshift.io/display-name": "PHP" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run PHP applications", + "openshift.io/display-name": "PHP (Latest)", + "description": "Build and run PHP applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", "iconClass": "icon-php", "tags": "builder,php", "supports":"php", @@ -209,9 +247,10 @@ { "name": "5.5", "annotations": { - "description": "Build and run PHP 5.5 applications", + "openshift.io/display-name": "PHP 5.5", + "description": "Build and run PHP 5.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", "iconClass": "icon-php", - "tags": "builder,php", + "tags": "hidden,builder,php", "supports":"php:5.5,php", "version": "5.5", "sampleRepo": "https://github.com/openshift/cakephp-ex.git" @@ -224,7 +263,8 @@ { "name": "5.6", "annotations": { - "description": "Build and run PHP 5.6 applications", + "openshift.io/display-name": "PHP 5.6", + "description": "Build and run PHP 5.6 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.", "iconClass": "icon-php", "tags": "builder,php", "supports":"php:5.6,php", @@ -235,6 +275,22 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/php-56-rhel7:latest" } + }, + { + "name": "7.0", + "annotations": { + "openshift.io/display-name": "PHP 7.0", + "description": "Build and run PHP 7.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:7.0,php", + "version": "7.0", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/php-70-rhel7:latest" + } } ] } @@ -243,14 +299,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "python" + "name": "python", + "annotations": { + "openshift.io/display-name": "Python" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run Python applications", + "openshift.io/display-name": "Python (Latest)", + "description": "Build and run Python applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", "iconClass": "icon-python", "tags": "builder,python", "supports":"python", @@ -264,9 +324,10 @@ { "name": "3.3", "annotations": { - "description": "Build and run Python 3.3 applications", + "openshift.io/display-name": "Python 3.3", + "description": "Build and run Python 3.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", "iconClass": "icon-python", - "tags": "builder,python", + "tags": "hidden,builder,python", "supports":"python:3.3,python", "version": "3.3", "sampleRepo": "https://github.com/openshift/django-ex.git" @@ -279,7 +340,8 @@ { "name": "2.7", "annotations": { - "description": "Build and run Python 2.7 applications", + "openshift.io/display-name": "Python 2.7", + "description": "Build and run Python 2.7 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md.", "iconClass": "icon-python", "tags": "builder,python", "supports":"python:2.7,python", @@ -294,7 +356,8 @@ { "name": "3.4", "annotations": { - "description": "Build and run Python 3.4 applications", + "openshift.io/display-name": "Python 3.4", + "description": "Build and run Python 3.4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.4/README.md.", "iconClass": "icon-python", "tags": "builder,python", "supports":"python:3.4,python", @@ -309,7 +372,8 @@ { "name": "3.5", "annotations": { - "description": "Build and run Python 3.5 applications", + "openshift.io/display-name": "Python 3.5", + "description": "Build and run Python 3.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.", "iconClass": "icon-python", "tags": "builder,python", "supports":"python:3.5,python", @@ -328,28 +392,33 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "mysql" + "name": "mysql", + "annotations": { + "openshift.io/display-name": "MySQL" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Provides a MySQL database", + "openshift.io/display-name": "MySQL (Latest)", + "description": "Provides a MySQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", "iconClass": "icon-mysql-database", "tags": "mysql" }, "from": { "kind": "ImageStreamTag", - "name": "5.6" + "name": "5.7" } }, { "name": "5.5", "annotations": { - "description": "Provides a MySQL v5.5 database", + "openshift.io/display-name": "MySQL 5.5", + "description": "Provides a MySQL 5.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", "iconClass": "icon-mysql-database", - "tags": "mysql", + "tags": "hidden,mysql", "version": "5.5" }, "from": { @@ -360,7 +429,8 @@ { "name": "5.6", "annotations": { - "description": "Provides a MySQL v5.6 database", + "openshift.io/display-name": "MySQL 5.6", + "description": "Provides a MySQL 5.6 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.", "iconClass": "icon-mysql-database", "tags": "mysql", "version": "5.6" @@ -369,6 +439,20 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/mysql-56-rhel7:latest" } + }, + { + "name": "5.7", + "annotations": { + "openshift.io/display-name": "MySQL 5.7", + "description": "Provides a MySQL 5.7 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mysql-57-rhel7:latest" + } } ] } @@ -377,14 +461,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "mariadb" + "name": "mariadb", + "annotations": { + "openshift.io/display-name": "MariaDB" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Provides a MariaDB database", + "openshift.io/display-name": "MariaDB (Latest)", + "description": "Provides a MariaDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", "iconClass": "icon-mariadb", "tags": "mariadb" }, @@ -396,7 +484,8 @@ { "name": "10.1", "annotations": { - "description": "Provides a MariaDB v10.1 database", + "openshift.io/display-name": "MariaDB 10.1", + "description": "Provides a MariaDB 10.1 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.", "iconClass": "icon-mariadb", "tags": "mariadb", "version": "10.1" @@ -413,14 +502,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "postgresql" + "name": "postgresql", + "annotations": { + "openshift.io/display-name": "PostgreSQL" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Provides a PostgreSQL database", + "openshift.io/display-name": "PostgreSQL (Latest)", + "description": "Provides a PostgreSQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", "iconClass": "icon-postgresql", "tags": "postgresql" }, @@ -432,9 +525,10 @@ { "name": "9.2", "annotations": { - "description": "Provides a PostgreSQL v9.2 database", + "openshift.io/display-name": "PostgreSQL 9.2", + "description": "Provides a PostgreSQL 9.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", "iconClass": "icon-postgresql", - "tags": "postgresql", + "tags": "hidden,postgresql", "version": "9.2" }, "from": { @@ -445,7 +539,8 @@ { "name": "9.4", "annotations": { - "description": "Provides a PostgreSQL v9.4 database", + "openshift.io/display-name": "PostgreSQL 9.4", + "description": "Provides a PostgreSQL 9.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.4.", "iconClass": "icon-postgresql", "tags": "postgresql", "version": "9.4" @@ -458,7 +553,8 @@ { "name": "9.5", "annotations": { - "description": "Provides a PostgreSQL v9.5 database", + "openshift.io/display-name": "PostgreSQL 9.5", + "description": "Provides a PostgreSQL 9.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.", "iconClass": "icon-postgresql", "tags": "postgresql", "version": "9.5" @@ -475,14 +571,18 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "mongodb" + "name": "mongodb", + "annotations": { + "openshift.io/display-name": "MongoDB" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Provides a MongoDB database", + "openshift.io/display-name": "MongoDB (Latest)", + "description": "Provides a MongoDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", "iconClass": "icon-mongodb", "tags": "mongodb" }, @@ -494,9 +594,10 @@ { "name": "2.4", "annotations": { - "description": "Provides a MongoDB v2.4 database", + "openshift.io/display-name": "MongoDB 2.4", + "description": "Provides a MongoDB 2.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", "iconClass": "icon-mongodb", - "tags": "mongodb", + "tags": "hidden,mongodb", "version": "2.4" }, "from": { @@ -507,7 +608,8 @@ { "name": "2.6", "annotations": { - "description": "Provides a MongoDB v2.6 database", + "openshift.io/display-name": "MongoDB 2.6", + "description": "Provides a MongoDB 2.6 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.6/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", "version": "2.6" @@ -520,7 +622,8 @@ { "name": "3.2", "annotations": { - "description": "Provides a MongoDB v3.2 database", + "openshift.io/display-name": "MongoDB 3.2", + "description": "Provides a MongoDB 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", "version": "3.2" @@ -537,26 +640,72 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "jenkins" + "name": "redis", + "annotations": { + "openshift.io/display-name": "Redis" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Provides a Jenkins server", + "openshift.io/display-name": "Redis (Latest)", + "description": "Provides a Redis database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", + "iconClass": "icon-redis", + "tags": "redis" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "Redis 3.2", + "description": "Provides a Redis 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", + "iconClass": "icon-redis", + "tags": "redis", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/redis-32-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jenkins", + "annotations": { + "openshift.io/display-name": "Jenkins" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Jenkins (Latest)", + "description": "Provides a Jenkins server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", "iconClass": "icon-jenkins", "tags": "jenkins" }, "from": { "kind": "ImageStreamTag", - "name": "1" + "name": "2" } }, { "name": "1", "annotations": { - "description": "Provides a Jenkins server", + "openshift.io/display-name": "Jenkins 1.X", + "description": "Provides a Jenkins 1.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", "tags": "jenkins", "version": "1.x" @@ -565,6 +714,20 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/openshift3/jenkins-1-rhel7:latest" } + }, + { + "name": "2", + "annotations": { + "openshift.io/display-name": "Jenkins 2.X", + "description": "Provides a Jenkins 2.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", + "iconClass": "icon-jenkins", + "tags": "jenkins", + "version": "2.x" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/jenkins-2-rhel7:latest" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/README.md b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/README.md index e0db922a2..62765e03d 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/README.md +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/README.md @@ -19,5 +19,4 @@ instantiating them. Note: This file is processed by `hack/update-external-examples.sh`. New examples must follow the exact syntax of the existing entries. Files in this directory -are automatically pulled down, do not add additional files directly to this -directory. +are automatically pulled down, do not modify/add files to this directory. diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/apicast-gateway-template.yml b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/apicast-gateway-template.yml new file mode 100644 index 000000000..34f5fcbcc --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/apicast-gateway-template.yml @@ -0,0 +1,149 @@ +apiVersion: v1 +kind: Template +metadata: + creationTimestamp: null + name: 3scale-gateway + annotations: + description: "3scale API Gateway" + iconClass: "icon-load-balancer" + tags: "api,gateway,3scale" +objects: +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: ${THREESCALE_GATEWAY_NAME} + spec: + replicas: 2 + selector: + deploymentconfig: ${THREESCALE_GATEWAY_NAME} + strategy: + resources: {} + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + deploymentconfig: ${THREESCALE_GATEWAY_NAME} + spec: + containers: + - env: + - name: THREESCALE_PORTAL_ENDPOINT + valueFrom: + secretKeyRef: + name: ${THREESCALE_PORTAL_ENDPOINT_SECRET} + key: password + - name: THREESCALE_CONFIG_FILE + value: ${THREESCALE_CONFIG_FILE} + - name: RESOLVER + value: ${RESOLVER} + - name: APICAST_SERVICES + value: ${APICAST_SERVICES} + - name: APICAST_MISSING_CONFIGURATION + value: ${MISSING_CONFIGURATION} + - name: APICAST_LOG_LEVEL + value: ${APICAST_LOG_LEVEL} + - name: APICAST_PATH_ROUTING_ENABLED + value: ${PATH_ROUTING} + - name: APICAST_RESPONSE_CODES + value: ${RESPONSE_CODES} + - name: APICAST_REQUEST_LOGS + value: ${REQUEST_LOGS} + - name: APICAST_RELOAD_CONFIG + value: ${APICAST_RELOAD_CONFIG} + image: ${THREESCALE_GATEWAY_IMAGE} + imagePullPolicy: Always + name: ${THREESCALE_GATEWAY_NAME} + livenessProbe: + httpGet: + path: /status/live + port: 8090 + initialDelaySeconds: 10 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: /status/ready + port: 8090 + initialDelaySeconds: 15 + timeoutSeconds: 1 + ports: + - containerPort: 8080 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + dnsPolicy: ClusterFirst + restartPolicy: Always + securityContext: {} + terminationGracePeriodSeconds: 30 + triggers: + - type: ConfigChange + status: {} +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + name: ${THREESCALE_GATEWAY_NAME} + spec: + ports: + - name: 8080-tcp + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + deploymentconfig: ${THREESCALE_GATEWAY_NAME} + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} +parameters: +- description: "Name of the secret containing the THREESCALE_PORTAL_ENDPOINT with the access-token or provider key" + value: threescale-portal-endpoint-secret + name: THREESCALE_PORTAL_ENDPOINT_SECRET + required: true +- description: "Path to saved JSON file with configuration for the gateway. Has to be injected to the docker image as read only volume." + value: + name: THREESCALE_CONFIG_FILE + required: false +- description: "Name for the 3scale API Gateway" + value: threescalegw + name: THREESCALE_GATEWAY_NAME + required: true +- description: "Docker image to use." + value: 'rhamp10/apicast-gateway:1.0.0-4' + name: THREESCALE_GATEWAY_IMAGE + required: true +- description: "DNS Resolver for openresty, if empty it will be autodiscovered" + value: + name: RESOLVER + required: false +- description: "Subset of services to run. Use comma separated list of service ids (eg. 42,1337)" + value: + name: APICAST_SERVICES + required: false +- description: "What to do on missing or invalid configuration. Allowed values are: log, exit." + value: exit + required: false + name: MISSING_CONFIGURATION +- description: "Log level. One of the following: debug, info, notice, warn, error, crit, alert, or emerg." + name: APICAST_LOG_LEVEL + required: false +- description: "Enable path routing. Experimental feature." + name: PATH_ROUTING + required: false + value: "false" +- description: "Enable traffic logging to 3scale. Includes whole request and response." + value: "false" + name: REQUEST_LOGS + required: false +- description: "Enable logging response codes to 3scale." + value: "false" + name: RESPONSE_CODES + required: false +- description: "Reload config on every request" + value: "false" + name: APICAST_RELOAD_CONFIG + required: false diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json index ab4982690..9dbbf89d1 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/cakephp-mysql.json @@ -4,22 +4,36 @@ "metadata": { "name": "cakephp-mysql-example", "annotations": { - "description": "An example CakePHP application with a MySQL database", - "tags": "quickstart,php,cakephp,mysql", + "openshift.io/display-name": "CakePHP + MySQL (Ephemeral)", + "description": "An example CakePHP application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/cakephp-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,php,cakephp", "iconClass": "icon-php" } }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/cake-ex/blob/master/README.md.", "labels": { "template": "cakephp-mysql-example" }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { "name": "${NAME}", "annotations": { - "description": "Exposes and load balances the application pods" + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" } }, "spec": { @@ -209,11 +223,21 @@ }, { "name": "DATABASE_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "DATABASE_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "CAKEPHP_SECRET_TOKEN", @@ -346,12 +370,22 @@ }, "env": [ { - "name": "MYSQL_USER", - "value": "${DATABASE_USER}" + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { - "name": "MYSQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MYSQL_DATABASE", diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/dancer-mysql.json index cc7920b7d..dccb8bf7f 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/dancer-mysql.json @@ -4,22 +4,36 @@ "metadata": { "name": "dancer-mysql-example", "annotations": { - "description": "An example Dancer application with a MySQL database", - "tags": "quickstart,perl,dancer,mysql", + "openshift.io/display-name": "Dancer + MySQL (Ephemeral)", + "description": "An example Dancer application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,perl,dancer", "iconClass": "icon-perl" } }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", "labels": { "template": "dancer-mysql-example" }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { "name": "${NAME}", "annotations": { - "description": "Exposes and load balances the application pods" + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" } }, "spec": { @@ -112,7 +126,10 @@ "secret": "${GITHUB_WEBHOOK_SECRET}" } } - ] + ], + "postCommit": { + "script": "perl -I extlib/lib/perl5 -I lib t/*" + } } }, { @@ -187,11 +204,21 @@ }, { "name": "MYSQL_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MYSQL_DATABASE", @@ -321,11 +348,21 @@ "env": [ { "name": "MYSQL_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MYSQL_DATABASE", @@ -404,18 +441,6 @@ "from": "[a-zA-Z0-9]{40}" }, { - "name": "ADMIN_USERNAME", - "displayName": "Administrator Username", - "generate": "expression", - "from": "admin[A-Z0-9]{3}" - }, - { - "name": "ADMIN_PASSWORD", - "displayName": "Administrator Password", - "generate": "expression", - "from": "[a-zA-Z0-9]{8}" - }, - { "name": "DATABASE_SERVICE_NAME", "displayName": "Database Service Name", "required": true, diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/django-postgresql.json index 7d1dea11b..59ff8a988 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/django-postgresql.json @@ -4,22 +4,36 @@ "metadata": { "name": "django-psql-example", "annotations": { - "description": "An example Django application with a PostgreSQL database", - "tags": "quickstart,python,django,postgresql", + "openshift.io/display-name": "Django + PostgreSQL (Ephemeral)", + "description": "An example Django application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,python,django", "iconClass": "icon-python" } }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", "labels": { "template": "django-psql-example" }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { "name": "${NAME}", "annotations": { - "description": "Exposes and load balances the application pods" + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" } }, "spec": { @@ -201,11 +215,21 @@ }, { "name": "DATABASE_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "DATABASE_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "APP_CONFIG", @@ -311,11 +335,21 @@ "env": [ { "name": "POSTGRESQL_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "POSTGRESQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "POSTGRESQL_DATABASE", diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json index 880f0b34e..62ccc5b7f 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-ephemeral-template.json @@ -5,12 +5,13 @@ "name": "jenkins-ephemeral", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, without persistent storage.\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "openshift.io/display-name": "Jenkins (Ephemeral)", + "description": "Jenkins service, without persistent storage.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, - "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", + "message": "A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -88,7 +89,8 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 120, + "initialDelaySeconds": 420, + "failureThreshold" : 30, "httpGet": { "path": "/login", "port": 8080 @@ -96,8 +98,12 @@ }, "env": [ { - "name": "JENKINS_PASSWORD", - "value": "${JENKINS_PASSWORD}" + "name": "OPENSHIFT_ENABLE_OAUTH", + "value": "${ENABLE_OAUTH}" + }, + { + "name": "OPENSHIFT_ENABLE_REDIRECT_PROMPT", + "value": "true" }, { "name": "KUBERNETES_MASTER", @@ -150,7 +156,10 @@ "kind": "ServiceAccount", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}" + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "serviceaccounts.openshift.io/oauth-redirectreference.jenkins": "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"${JENKINS_SERVICE_NAME}\"}}" + } } }, { @@ -236,12 +245,10 @@ "value": "jenkins-jnlp" }, { - "name": "JENKINS_PASSWORD", - "displayName": "Jenkins Password", - "description": "Password for the Jenkins 'admin' user.", - "generate": "expression", - "from": "[a-zA-Z0-9]{16}", - "required": true + "name": "ENABLE_OAUTH", + "displayName": "Enable OAuth in Jenkins", + "description": "Whether to enable OAuth OpenShift integration. If false, the static account 'admin' will be initialized with the password 'password'.", + "value": "true" }, { "name": "MEMORY_LIMIT", diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json index 3291f3594..50c4ad566 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json @@ -5,12 +5,13 @@ "name": "jenkins-persistent", "creationTimestamp": null, "annotations": { - "description": "Jenkins service, with persistent storage.\nYou must have persistent volumes available in your cluster to use this template.", + "openshift.io/display-name": "Jenkins (Persistent)", + "description": "Jenkins service, with persistent storage.\n\nNOTE: You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins" } }, - "message": "A Jenkins service has been created in your project. The username/password are admin/${JENKINS_PASSWORD}. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", + "message": "A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", "objects": [ { "kind": "Route", @@ -105,7 +106,8 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 120, + "initialDelaySeconds": 420, + "failureThreshold" : 30, "httpGet": { "path": "/login", "port": 8080 @@ -113,8 +115,12 @@ }, "env": [ { - "name": "JENKINS_PASSWORD", - "value": "${JENKINS_PASSWORD}" + "name": "OPENSHIFT_ENABLE_OAUTH", + "value": "${ENABLE_OAUTH}" + }, + { + "name": "OPENSHIFT_ENABLE_REDIRECT_PROMPT", + "value": "true" }, { "name": "KUBERNETES_MASTER", @@ -167,7 +173,10 @@ "kind": "ServiceAccount", "apiVersion": "v1", "metadata": { - "name": "${JENKINS_SERVICE_NAME}" + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "serviceaccounts.openshift.io/oauth-redirectreference.jenkins": "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"${JENKINS_SERVICE_NAME}\"}}" + } } }, { @@ -253,12 +262,10 @@ "value": "jenkins-jnlp" }, { - "name": "JENKINS_PASSWORD", - "displayName": "Jenkins Password", - "description": "Password for the Jenkins 'admin' user.", - "generate": "expression", - "from": "[a-zA-Z0-9]{16}", - "required": true + "name": "ENABLE_OAUTH", + "displayName": "Enable OAuth in Jenkins", + "description": "Whether to enable OAuth OpenShift integration. If false, the static account 'admin' will be initialized with the password 'password'.", + "value": "true" }, { "name": "MEMORY_LIMIT", diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/nodejs-mongodb.json index 6ab4a1781..91f9ec7b3 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/nodejs-mongodb.json @@ -4,22 +4,37 @@ "metadata": { "name": "nodejs-mongodb-example", "annotations": { - "description": "An example Node.js application with a MongoDB database", - "tags": "quickstart,nodejs,mongodb", + "openshift.io/display-name": "Node.js + MongoDB (Ephemeral)", + "description": "An example Node.js application with a MongoDB database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,nodejs", "iconClass": "icon-nodejs" } }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", "labels": { "template": "nodejs-mongodb-example" }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData": { + "databaseUser": "${DATABASE_USER}", + "databasePassword": "${DATABASE_PASSWORD}", + "databaseAdminPassword" : "${DATABASE_ADMIN_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { "name": "${NAME}", "annotations": { - "description": "Exposes and load balances the application pods" + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" } }, "spec": { @@ -85,10 +100,10 @@ "namespace": "${NAMESPACE}", "name": "nodejs:4" }, - "env": [ + "env": [ { - "name": "NPM_MIRROR", - "value": "${NPM_MIRROR}" + "name": "NPM_MIRROR", + "value": "${NPM_MIRROR}" } ] } @@ -183,11 +198,21 @@ }, { "name": "MONGODB_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MONGODB_DATABASE", @@ -195,7 +220,12 @@ }, { "name": "MONGODB_ADMIN_PASSWORD", - "value": "${DATABASE_ADMIN_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseAdminPassword" + } + } } ], "readinessProbe": { @@ -207,17 +237,17 @@ } }, "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/pagecount", - "port": 8080 - } + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } }, "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } + "limits": { + "memory": "${MEMORY_LIMIT}" + } } } ] @@ -303,11 +333,21 @@ "env": [ { "name": "MONGODB_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MONGODB_DATABASE", @@ -315,14 +355,24 @@ }, { "name": "MONGODB_ADMIN_PASSWORD", - "value": "${DATABASE_ADMIN_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseAdminPassword" + } + } } ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] + "command": [ + "/bin/sh", + "-i", + "-c", + "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\"" + ] } }, "livenessProbe": { @@ -333,9 +383,9 @@ } }, "resources": { - "limits": { - "memory": "${MEMORY_MONGODB_LIMIT}" - } + "limits": { + "memory": "${MEMORY_MONGODB_LIMIT}" + } }, "volumeMounts": [ { diff --git a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/rails-postgresql.json index 50d60f2bb..6373562c4 100644 --- a/roles/openshift_examples/files/examples/v1.3/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.3/quickstart-templates/rails-postgresql.json @@ -4,22 +4,39 @@ "metadata": { "name": "rails-postgresql-example", "annotations": { - "description": "An example Rails application with a PostgreSQL database", - "tags": "quickstart,ruby,rails,postgresql", + "openshift.io/display-name": "Rails + PostgreSQL (Ephemeral)", + "description": "An example Rails application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,ruby,rails", "iconClass": "icon-ruby" } }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", "labels": { "template": "rails-postgresql-example" }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}", + "applicationUser" : "${APPLICATION_USER}", + "applicationPassword" : "${APPLICATION_PASSWORD}", + "keyBase" : "${SECRET_KEY_BASE}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { "name": "${NAME}", "annotations": { - "description": "Exposes and load balances the application pods" + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" } }, "spec": { @@ -204,11 +221,21 @@ }, { "name": "POSTGRESQL_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "POSTGRESQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "POSTGRESQL_DATABASE", @@ -216,7 +243,12 @@ }, { "name": "SECRET_KEY_BASE", - "value": "${SECRET_KEY_BASE}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "keyBase" + } + } }, { "name": "POSTGRESQL_MAX_CONNECTIONS", @@ -232,11 +264,21 @@ }, { "name": "APPLICATION_USER", - "value": "${APPLICATION_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "applicationUser" + } + } }, { "name": "APPLICATION_PASSWORD", - "value": "${APPLICATION_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "applicationPassword" + } + } }, { "name": "RAILS_ENV", diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json index 65060cc2c..ed0e94bed 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/fis-image-streams.json @@ -20,23 +20,13 @@ { "name": "1.0", "annotations": { - "description": "JBoss Fuse Integration Services 1.0 Java S2I images.", + "description": "JBoss Fuse Integration Services 6.2.1 Java S2I images.", "iconClass": "icon-jboss", "tags": "builder,jboss-fuse,java,xpaas", "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", "version": "1.0" } - }, - { - "name": "2.0", - "annotations": { - "description": "JBoss Fuse Integration Services 2.0 Java S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,jboss-fuse,java,xpaas", - "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", - "version": "2.0" - } - } + } ] } }, @@ -52,23 +42,13 @@ { "name": "1.0", "annotations": { - "description": "JBoss Fuse Integration Services 1.0 Karaf S2I images.", + "description": "JBoss Fuse Integration Services 6.2.1 Karaf S2I images.", "iconClass": "icon-jboss", "tags": "builder,jboss-fuse,java,karaf,xpaas", "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", "version": "1.0" } - }, - { - "name": "2.0", - "annotations": { - "description": "JBoss Fuse Integration Services 2.0 Karaf S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,jboss-fuse,java,karaf,xpaas", - "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", - "version": "2.0" - } - } + } ] } } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json index 4edc97f41..a7cb12867 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json @@ -283,6 +283,28 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { + "name": "jboss-datavirt63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", + "iconClass": "icon-jboss", + "tags": "datavirt,java,jboss,xpaas", + "supports":"datavirt:6.3,java:8,xpaas:1.4", + "version": "1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { "name": "jboss-amq-62" }, "spec": { diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datavirt63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datavirt63-basic-s2i.json new file mode 100644 index 000000000..7d64dac98 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datavirt63-basic-s2i.json @@ -0,0 +1,415 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I.", + "tags": "jdv,datavirt,jboss,xpaas", + "version": "1.4.0" + }, + "name": "datavirt63-basic-s2i" + }, + "labels": { + "template": "datavirt63-basic-s2i", + "xpaas": "1.4.0" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the secret named ${CONFIGURATION_NAME} containing the datasource configuration details required by the deployed VDB(s).", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret specified by CONFIGURATION_NAME.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.0" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datavirt63-extensions-support-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datavirt63-extensions-support-s2i.json new file mode 100644 index 000000000..1e7c03b99 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datavirt63-extensions-support-s2i.json @@ -0,0 +1,763 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I. Includes support for installing extensions (e.g. third-party DB drivers) and the ability to configure certificates for serving secure content.", + "tags": "jdv,datavirt,jboss,xpaas", + "version": "1.4.0" + }, + "name": "datavirt63-extensions-support-s2i" + }, + "labels": { + "template": "datavirt63-extensions-support-s2i", + "xpaas": "1.4.0" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the https route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom https Route Hostname", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the JDBC route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom JDBC Route Hostname", + "name": "HOSTNAME_JDBC", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The URL of the repository with source code for the extensions image. The image should have all modules, etc., placed in the \"/extensions/\" directory in the image. If the contents are in a different directory, the sourcePath for the ImageSource in the BuildConfig must be modified.", + "displayName": "Extensions Git Repository URL", + "name": "EXTENSIONS_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your extensions repository if you are not using the default branch.", + "displayName": "Extensions Git Reference", + "name": "EXTENSIONS_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your extensions repository.", + "displayName": "Extensions Context Directory", + "name": "EXTENSIONS_DIR", + "value": "datavirt/derby-driver-image", + "required": false + }, + { + "description": "Set this to the relative path to the Dockerfile in your extensions directory.", + "displayName": "Extensions Dockerfile", + "name": "EXTENSIONS_DOCKERFILE", + "value": "Dockerfile", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret(s) specified by CONFIGURATION_NAME, HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for serving secure content.", + "displayName": "Server Keystore Secret Name", + "name": "HTTPS_SECRET", + "value": "datavirt-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret.", + "displayName": "Server Keystore Filename", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS).", + "displayName": "Server Keystore Type", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate.", + "displayName": "Server Certificate Name", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "Server Keystore Password", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "displayName": "JGroups Secret Name", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datavirt-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the JGroups secret.", + "displayName": "JGroups Keystore Filename", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the JGroups server certificate", + "displayName": "JGroups Certificate Name", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "JGroups Keystore Password", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + }, + { + "name": "jdbcs", + "port": 31443, + "targetPort": "jdbcs" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "port": { + "targetPort": "https" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-jdbc", + "metadata": { + "name": "jdbc-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's JDBC service." + } + }, + "spec": { + "host": "${HOSTNAME_JDBC}", + "port": { + "targetPort": "jdbcs" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-ext", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-ext", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${EXTENSIONS_REPOSITORY_URL}", + "ref": "${EXTENSIONS_REPOSITORY_REF}" + }, + "contextDir": "${EXTENSIONS_DIR}" + }, + "strategy": { + "type": "Docker", + "dockerStrategy": { + "dockerfilePath": "${EXTENSIONS_DOCKERFILE}" + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/extras", + "sourcePath": "/extensions/." + } + ] + } + ] + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.0" + }, + "env": [ + { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + } + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + }, + { + "name": "datavirt-keystore-volume", + "mountPath": "/etc/datavirt-secret-volume", + "readOnly": true + }, + { + "name": "datavirt-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "jdbcs", + "containerPort": 31443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datavirt-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE", + "value": "/etc/datavirt-secret-volume/${HTTPS_KEYSTORE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEY_ALIAS", + "value": "${HTTPS_NAME}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "QS_DB_TYPE", + "value": "derby", + "description": "Used soley by the quickstart and set here to ensure the template can be instatiated with its default parameter values, i.e. so itworks ootb." + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "datavirt-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datavirt-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datavirt63-secure-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datavirt63-secure-s2i.json new file mode 100644 index 000000000..07f926ff3 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datavirt63-secure-s2i.json @@ -0,0 +1,642 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I. Includes ability to configure certificates for serving secure content.", + "tags": "jdv,datavirt,jboss,xpaas", + "version": "1.4.0" + }, + "name": "datavirt63-secure-s2i" + }, + "labels": { + "template": "datavirt63-secure-s2i", + "xpaas": "1.4.0" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the https route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom https Route Hostname", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the JDBC route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom JDBC Route Hostname", + "name": "HOSTNAME_JDBC", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret(s) specified by CONFIGURATION_NAME, HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for serving secure content.", + "displayName": "Server Keystore Secret Name", + "name": "HTTPS_SECRET", + "value": "datavirt-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret.", + "displayName": "Server Keystore Filename", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS).", + "displayName": "Server Keystore Type", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate.", + "displayName": "Server Certificate Name", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "Server Keystore Password", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "displayName": "JGroups Secret Name", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datavirt-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the JGroups secret.", + "displayName": "JGroups Keystore Filename", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the JGroups server certificate", + "displayName": "JGroups Certificate Name", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "JGroups Keystore Password", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + }, + { + "name": "jdbcs", + "port": 31443, + "targetPort": "jdbcs" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "port": { + "targetPort": "https" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-jdbc", + "metadata": { + "name": "jdbc-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's JDBC service." + } + }, + "spec": { + "host": "${HOSTNAME_JDBC}", + "port": { + "targetPort": "jdbcs" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.0" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + }, + { + "name": "datavirt-keystore-volume", + "mountPath": "/etc/datavirt-secret-volume", + "readOnly": true + }, + { + "name": "datavirt-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "jdbcs", + "containerPort": 31443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datavirt-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE", + "value": "/etc/datavirt-secret-volume/${HTTPS_KEYSTORE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEY_ALIAS", + "value": "${HTTPS_NAME}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "datavirt-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datavirt-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-pv-app-example.yaml b/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-pv-app-example.yaml new file mode 100644 index 000000000..14bdd1dca --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-pv-app-example.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: cloudforms +spec: + capacity: + storage: 2Gi + accessModes: + - ReadWriteOnce + nfs: + path: /opt/nfs/volumes-app + server: 10.19.0.216 + persistentVolumeReclaimPolicy: Recycle diff --git a/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-pv-example.yaml b/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-pv-example.yaml new file mode 100644 index 000000000..709d8d976 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-pv-example.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-pv01 +spec: + capacity: + storage: 2Gi + accessModes: + - ReadWriteOnce + nfs: + path: /opt/nfs/volumes + server: 10.19.0.216 + persistentVolumeReclaimPolicy: Recycle diff --git a/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml b/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml new file mode 100644 index 000000000..c8e3d4083 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.4/cfme-templates/cfme-template.yaml @@ -0,0 +1,479 @@ +apiVersion: v1 +kind: Template +labels: + template: cloudforms +metadata: + name: cloudforms + annotations: + description: "CloudForms appliance with persistent storage" + tags: "instant-app,cloudforms,cfme" + iconClass: "icon-rails" +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: "Exposes and load balances CloudForms pods" + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"},{"name":"${MEMCACHED_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: ${NAME} + spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + name: ${NAME} +- apiVersion: v1 + kind: Route + metadata: + name: ${NAME} + spec: + host: ${APPLICATION_DOMAIN} + port: + targetPort: https + tls: + termination: passthrough + to: + kind: Service + name: ${NAME} +- apiVersion: v1 + kind: ImageStream + metadata: + name: cfme-openshift-app + annotations: + description: "Keeps track of changes in the CloudForms app image" + spec: + dockerImageRepository: registry.access.redhat.com/cloudforms/cfme-openshift-app +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: ${DATABASE_SERVICE_NAME} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${DATABASE_VOLUME_CAPACITY} +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: ${NAME} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${APPLICATION_VOLUME_CAPACITY} +- apiVersion: v1 + kind: "DeploymentConfig" + metadata: + name: ${NAME} + annotations: + description: "Defines how to deploy the CloudForms appliance" + spec: + template: + metadata: + labels: + name: ${NAME} + name: ${NAME} + spec: + volumes: + - + name: "cfme-app-volume" + persistentVolumeClaim: + claimName: ${NAME} + containers: + - image: cloudforms/cfme-openshift-app:${APPLICATION_IMG_TAG} + imagePullPolicy: IfNotPresent + name: cloudforms + livenessProbe: + httpGet: + path: / + port: 80 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: / + port: 80 + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP + securityContext: + privileged: true + volumeMounts: + - + name: "cfme-app-volume" + mountPath: "/persistent" + env: + - + name: "APPLICATION_INIT_DELAY" + value: "${APPLICATION_INIT_DELAY}" + - + name: "DATABASE_SERVICE_NAME" + value: "${DATABASE_SERVICE_NAME}" + - + name: "DATABASE_REGION" + value: "${DATABASE_REGION}" + - + name: "MEMCACHED_SERVICE_NAME" + value: "${MEMCACHED_SERVICE_NAME}" + - + name: "POSTGRESQL_USER" + value: "${DATABASE_USER}" + - + name: "POSTGRESQL_PASSWORD" + value: "${DATABASE_PASSWORD}" + - + name: "POSTGRESQL_DATABASE" + value: "${DATABASE_NAME}" + - + name: "POSTGRESQL_MAX_CONNECTIONS" + value: "${POSTGRESQL_MAX_CONNECTIONS}" + - + name: "POSTGRESQL_SHARED_BUFFERS" + value: "${POSTGRESQL_SHARED_BUFFERS}" + resources: + requests: + memory: "${MEMORY_APPLICATION_MIN}" + lifecycle: + preStop: + exec: + command: + - /opt/rh/cfme-container-scripts/sync-pv-data + replicas: 1 + selector: + name: ${NAME} + triggers: + - type: "ConfigChange" + - type: "ImageChange" + imageChangeParams: + automatic: false + containerNames: + - "cloudforms" + from: + kind: "ImageStreamTag" + name: "cfme-openshift-app:${APPLICATION_IMG_TAG}" + strategy: + type: "Recreate" + recreateParams: + timeoutSeconds: 1200 +- apiVersion: v1 + kind: "Service" + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: "Exposes the memcached server" + spec: + ports: + - + name: "memcached" + port: 11211 + targetPort: 11211 + selector: + name: "${MEMCACHED_SERVICE_NAME}" +- apiVersion: v1 + kind: ImageStream + metadata: + name: cfme-openshift-memcached + annotations: + description: "Keeps track of changes in the CloudForms memcached image" + spec: + dockerImageRepository: registry.access.redhat.com/cloudforms/cfme-openshift-memcached +- apiVersion: v1 + kind: "DeploymentConfig" + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: "Defines how to deploy memcached" + spec: + strategy: + type: "Recreate" + triggers: + - + type: "ImageChange" + imageChangeParams: + automatic: false + containerNames: + - "memcached" + from: + kind: "ImageStreamTag" + name: "cfme-openshift-memcached:${MEMCACHED_IMG_TAG}" + - + type: "ConfigChange" + replicas: 1 + selector: + name: "${MEMCACHED_SERVICE_NAME}" + template: + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + labels: + name: "${MEMCACHED_SERVICE_NAME}" + spec: + volumes: [] + containers: + - + name: "memcached" + image: "cloudforms/cfme-openshift-memcached:${MEMCACHED_IMG_TAG}" + ports: + - + containerPort: 11211 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + tcpSocket: + port: 11211 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + tcpSocket: + port: 11211 + volumeMounts: [] + env: + - + name: "MEMCACHED_MAX_MEMORY" + value: "${MEMCACHED_MAX_MEMORY}" + - + name: "MEMCACHED_MAX_CONNECTIONS" + value: "${MEMCACHED_MAX_CONNECTIONS}" + - + name: "MEMCACHED_SLAB_PAGE_SIZE" + value: "${MEMCACHED_SLAB_PAGE_SIZE}" + resources: + limits: + memory: "${MEMORY_MEMCACHED_LIMIT}" +- apiVersion: v1 + kind: "Service" + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: "Exposes the database server" + spec: + ports: + - + name: "postgresql" + port: 5432 + targetPort: 5432 + selector: + name: "${DATABASE_SERVICE_NAME}" +- apiVersion: v1 + kind: ImageStream + metadata: + name: cfme-openshift-postgresql + annotations: + description: "Keeps track of changes in the CloudForms postgresql image" + spec: + dockerImageRepository: registry.access.redhat.com/cloudforms/cfme-openshift-postgresql +- apiVersion: v1 + kind: "DeploymentConfig" + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: "Defines how to deploy the database" + spec: + strategy: + type: "Recreate" + triggers: + - + type: "ImageChange" + imageChangeParams: + automatic: false + containerNames: + - "postgresql" + from: + kind: "ImageStreamTag" + name: "cfme-openshift-postgresql:${POSTGRESQL_IMG_TAG}" + - + type: "ConfigChange" + replicas: 1 + selector: + name: "${DATABASE_SERVICE_NAME}" + template: + metadata: + name: "${DATABASE_SERVICE_NAME}" + labels: + name: "${DATABASE_SERVICE_NAME}" + spec: + volumes: + - + name: "cfme-pgdb-volume" + persistentVolumeClaim: + claimName: ${DATABASE_SERVICE_NAME} + containers: + - + name: "postgresql" + image: "cloudforms/cfme-openshift-postgresql:${POSTGRESQL_IMG_TAG}" + ports: + - + containerPort: 5432 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 15 + exec: + command: + - "/bin/sh" + - "-i" + - "-c" + - "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'" + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 60 + tcpSocket: + port: 5432 + volumeMounts: + - + name: "cfme-pgdb-volume" + mountPath: "/var/lib/pgsql/data" + env: + - + name: "POSTGRESQL_USER" + value: "${DATABASE_USER}" + - + name: "POSTGRESQL_PASSWORD" + value: "${DATABASE_PASSWORD}" + - + name: "POSTGRESQL_DATABASE" + value: "${DATABASE_NAME}" + - + name: "POSTGRESQL_MAX_CONNECTIONS" + value: "${POSTGRESQL_MAX_CONNECTIONS}" + - + name: "POSTGRESQL_SHARED_BUFFERS" + value: "${POSTGRESQL_SHARED_BUFFERS}" + resources: + limits: + memory: "${MEMORY_POSTGRESQL_LIMIT}" + +parameters: + - + name: "NAME" + displayName: Name + required: true + description: "The name assigned to all of the frontend objects defined in this template." + value: cloudforms + - + name: "DATABASE_SERVICE_NAME" + displayName: "PostgreSQL Service Name" + required: true + description: "The name of the OpenShift Service exposed for the PostgreSQL container." + value: "postgresql" + - + name: "DATABASE_USER" + displayName: "PostgreSQL User" + required: true + description: "PostgreSQL user that will access the database." + value: "root" + - + name: "DATABASE_PASSWORD" + displayName: "PostgreSQL Password" + required: true + description: "Password for the PostgreSQL user." + value: "smartvm" + - + name: "DATABASE_NAME" + required: true + displayName: "PostgreSQL Database Name" + description: "Name of the PostgreSQL database accessed." + value: "vmdb_production" + - + name: "DATABASE_REGION" + required: true + displayName: "Application Database Region" + description: "Database region that will be used for application." + value: "0" + - + name: "MEMCACHED_SERVICE_NAME" + required: true + displayName: "Memcached Service Name" + description: "The name of the OpenShift Service exposed for the Memcached container." + value: "memcached" + - + name: "MEMCACHED_MAX_MEMORY" + displayName: "Memcached Max Memory" + description: "Memcached maximum memory for memcached object storage in MB." + value: "64" + - + name: "MEMCACHED_MAX_CONNECTIONS" + displayName: "Memcached Max Connections" + description: "Memcached maximum number of connections allowed." + value: "1024" + - + name: "MEMCACHED_SLAB_PAGE_SIZE" + displayName: "Memcached Slab Page Size" + description: "Memcached size of each slab page." + value: "1m" + - + name: "POSTGRESQL_MAX_CONNECTIONS" + displayName: "PostgreSQL Max Connections" + description: "PostgreSQL maximum number of database connections allowed." + value: "100" + - + name: "POSTGRESQL_SHARED_BUFFERS" + displayName: "PostgreSQL Shared Buffer Amount" + description: "Amount of memory dedicated for PostgreSQL shared memory buffers." + value: "64MB" + - + name: "MEMORY_APPLICATION_MIN" + displayName: "Application Memory Minimum" + required: true + description: "Minimum amount of memory the Application container will need." + value: "4096Mi" + - + name: "MEMORY_POSTGRESQL_LIMIT" + displayName: "PostgreSQL Memory Limit" + required: true + description: "Maximum amount of memory the PostgreSQL container can use." + value: "2048Mi" + - + name: "MEMORY_MEMCACHED_LIMIT" + displayName: "Memcached Memory Limit" + required: true + description: "Maximum amount of memory the Memcached container can use." + value: "256Mi" + - + name: "POSTGRESQL_IMG_TAG" + displayName: "PostgreSQL Image Tag" + description: "This is the PostgreSQL image tag/version requested to deploy." + value: "latest" + - + name: "MEMCACHED_IMG_TAG" + displayName: "Memcached Image Tag" + description: "This is the Memcached image tag/version requested to deploy." + value: "latest" + - + name: "APPLICATION_IMG_TAG" + displayName: "Application Image Tag" + description: "This is the Application image tag/version requested to deploy." + value: "latest" + - + name: "APPLICATION_DOMAIN" + displayName: "Application Hostname" + description: "The exposed hostname that will route to the application service, if left blank a value will be defaulted." + value: "" + - + name: "APPLICATION_INIT_DELAY" + displayName: "Application Init Delay" + required: true + description: "Delay in seconds before we attempt to initialize the application." + value: "30" + - + name: "APPLICATION_VOLUME_CAPACITY" + displayName: "Application Volume Capacity" + required: true + description: "Volume space available for application data." + value: "1Gi" + - + name: "DATABASE_VOLUME_CAPACITY" + displayName: "Database Volume Capacity" + required: true + description: "Volume space available for database." + value: "1Gi" diff --git a/roles/openshift_examples/files/examples/v1.4/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.4/db-templates/mariadb-ephemeral-template.json index 8e43bfbc3..cfbfc3e20 100644 --- a/roles/openshift_examples/files/examples/v1.4/db-templates/mariadb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.4/db-templates/mariadb-ephemeral-template.json @@ -16,6 +16,18 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -100,11 +112,30 @@ "env": [ { "name": "MYSQL_USER", - "value": "${MYSQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } }, { "name": "MYSQL_DATABASE", @@ -176,6 +207,14 @@ "required": true }, { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MariaDB root Password", + "description": "Password for the MariaDB root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { "name": "MYSQL_DATABASE", "displayName": "MariaDB Database Name", "description": "Name of the MariaDB database accessed.", diff --git a/roles/openshift_examples/files/examples/v1.4/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v1.4/db-templates/mariadb-persistent-template.json index bc85277a9..e933eecf0 100644 --- a/roles/openshift_examples/files/examples/v1.4/db-templates/mariadb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.4/db-templates/mariadb-persistent-template.json @@ -16,6 +16,18 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -117,11 +129,30 @@ "env": [ { "name": "MYSQL_USER", - "value": "${MYSQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } }, { "name": "MYSQL_DATABASE", @@ -193,6 +224,14 @@ "required": true }, { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MariaDB root Password", + "description": "Password for the MariaDB root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { "name": "MYSQL_DATABASE", "displayName": "MariaDB Database Name", "description": "Name of the MariaDB database accessed.", diff --git a/roles/openshift_examples/files/examples/v1.4/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.4/db-templates/mongodb-ephemeral-template.json index 605601ef2..8b8fcb58b 100644 --- a/roles/openshift_examples/files/examples/v1.4/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.4/db-templates/mongodb-ephemeral-template.json @@ -17,6 +17,18 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MONGODB_USER}", + "database-password" : "${MONGODB_PASSWORD}", + "database-admin-password" : "${MONGODB_ADMIN_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -113,19 +125,34 @@ "env": [ { "name": "MONGODB_USER", - "value": "${MONGODB_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${MONGODB_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } }, { - "name": "MONGODB_DATABASE", - "value": "${MONGODB_DATABASE}" + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-admin-password" + } + } }, { - "name": "MONGODB_ADMIN_PASSWORD", - "value": "${MONGODB_ADMIN_PASSWORD}" + "name": "MONGODB_DATABASE", + "value": "${MONGODB_DATABASE}" } ], "resources": { diff --git a/roles/openshift_examples/files/examples/v1.4/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.4/db-templates/mongodb-persistent-template.json index d2a0d01f0..72d3a8556 100644 --- a/roles/openshift_examples/files/examples/v1.4/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.4/db-templates/mongodb-persistent-template.json @@ -17,6 +17,18 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MONGODB_USER}", + "database-password" : "${MONGODB_PASSWORD}", + "database-admin-password" : "${MONGODB_ADMIN_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -130,19 +142,34 @@ "env": [ { "name": "MONGODB_USER", - "value": "${MONGODB_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${MONGODB_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } }, { - "name": "MONGODB_DATABASE", - "value": "${MONGODB_DATABASE}" + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-admin-password" + } + } }, { - "name": "MONGODB_ADMIN_PASSWORD", - "value": "${MONGODB_ADMIN_PASSWORD}" + "name": "MONGODB_DATABASE", + "value": "${MONGODB_DATABASE}" } ], "resources": { diff --git a/roles/openshift_examples/files/examples/v1.4/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.4/db-templates/mysql-ephemeral-template.json index 0cea42f8b..34dd2ed78 100644 --- a/roles/openshift_examples/files/examples/v1.4/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.4/db-templates/mysql-ephemeral-template.json @@ -5,16 +5,28 @@ "name": "mysql-ephemeral", "annotations": { "openshift.io/display-name": "MySQL (Ephemeral)", - "description": "MySQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.6/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "description": "MySQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mysql-database", "tags": "database,mysql" } }, - "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.6/README.md.", + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", "labels": { "template": "mysql-ephemeral-template" }, "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, { "kind": "Service", "apiVersion": "v1", @@ -113,11 +125,30 @@ "env": [ { "name": "MYSQL_USER", - "value": "${MYSQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } }, { "name": "MYSQL_DATABASE", @@ -197,6 +228,14 @@ "required": true }, { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MySQL root user Password", + "description": "Password for the MySQL root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { "name": "MYSQL_DATABASE", "displayName": "MySQL Database Name", "description": "Name of the MySQL database accessed.", @@ -206,8 +245,8 @@ { "name": "MYSQL_VERSION", "displayName": "Version of MySQL Image", - "description": "Version of MySQL image to be used (5.5, 5.6 or latest).", - "value": "5.6", + "description": "Version of MySQL image to be used (5.5, 5.6, 5.7, or latest).", + "value": "5.7", "required": true } ] diff --git a/roles/openshift_examples/files/examples/v1.4/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.4/db-templates/mysql-persistent-template.json index fc7cd7d09..85c48da01 100644 --- a/roles/openshift_examples/files/examples/v1.4/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.4/db-templates/mysql-persistent-template.json @@ -5,17 +5,29 @@ "name": "mysql-persistent", "annotations": { "openshift.io/display-name": "MySQL (Persistent)", - "description": "MySQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.6/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "description": "MySQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mysql-database", "tags": "database,mysql" } }, - "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.6/README.md.", + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", "labels": { "template": "mysql-persistent-template" }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -117,11 +129,30 @@ "env": [ { "name": "MYSQL_USER", - "value": "${MYSQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${MYSQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } }, { "name": "MYSQL_DATABASE", @@ -193,6 +224,14 @@ "required": true }, { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MySQL root user Password", + "description": "Password for the MySQL root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { "name": "MYSQL_DATABASE", "displayName": "MySQL Database Name", "description": "Name of the MySQL database accessed.", @@ -209,8 +248,8 @@ { "name": "MYSQL_VERSION", "displayName": "Version of MySQL Image", - "description": "Version of MySQL image to be used (5.5, 5.6 or latest).", - "value": "5.6", + "description": "Version of MySQL image to be used (5.5, 5.6, 5.7, or latest).", + "value": "5.7", "required": true } ] diff --git a/roles/openshift_examples/files/examples/v1.4/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.4/db-templates/postgresql-ephemeral-template.json index 505224b62..0d0a2a629 100644 --- a/roles/openshift_examples/files/examples/v1.4/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.4/db-templates/postgresql-ephemeral-template.json @@ -17,6 +17,17 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${POSTGRESQL_USER}", + "database-password" : "${POSTGRESQL_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -113,11 +124,21 @@ "env": [ { "name": "POSTGRESQL_USER", - "value": "${POSTGRESQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "POSTGRESQL_PASSWORD", - "value": "${POSTGRESQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } }, { "name": "POSTGRESQL_DATABASE", diff --git a/roles/openshift_examples/files/examples/v1.4/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.4/db-templates/postgresql-persistent-template.json index 7ff49782b..257726cfd 100644 --- a/roles/openshift_examples/files/examples/v1.4/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.4/db-templates/postgresql-persistent-template.json @@ -17,6 +17,17 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${POSTGRESQL_USER}", + "database-password" : "${POSTGRESQL_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -130,11 +141,21 @@ "env": [ { "name": "POSTGRESQL_USER", - "value": "${POSTGRESQL_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } }, { "name": "POSTGRESQL_PASSWORD", - "value": "${POSTGRESQL_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } }, { "name": "POSTGRESQL_DATABASE", diff --git a/roles/openshift_examples/files/examples/v1.4/db-templates/redis-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.4/db-templates/redis-ephemeral-template.json new file mode 100644 index 000000000..c9ae8a539 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.4/db-templates/redis-ephemeral-template.json @@ -0,0 +1,191 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "redis-ephemeral", + "creationTimestamp": null, + "annotations": { + "openshift.io/display-name": "Redis (Ephemeral)", + "description": "Redis in-memory data structure store, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-redis", + "tags": "database,redis" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Password: ${REDIS_PASSWORD}\n Connection URL: redis://${DATABASE_SERVICE_NAME}:6379/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.", + "labels": { + "template": "redis-ephemeral-template" + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "redis", + "protocol": "TCP", + "port": 6379, + "targetPort": 6379, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "redis" + ], + "from": { + "kind": "ImageStreamTag", + "name": "redis:${REDIS_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "redis", + "image": " ", + "ports": [ + { + "containerPort": 6379, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "test \"$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)\" == \"PONG\""] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 6379 + } + }, + "env": [ + { + "name": "REDIS_PASSWORD", + "value": "${REDIS_PASSWORD}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/redis/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "redis", + "required": true + }, + { + "name": "REDIS_PASSWORD", + "displayName": "Redis Connection Password", + "description": "Password for the Redis connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "REDIS_VERSION", + "displayName": "Version of Redis Image", + "description": "Version of Redis image to be used (3.2 or latest).", + "value": "3.2", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.4/db-templates/redis-persistent-template.json b/roles/openshift_examples/files/examples/v1.4/db-templates/redis-persistent-template.json new file mode 100644 index 000000000..e9db9ec9d --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.4/db-templates/redis-persistent-template.json @@ -0,0 +1,215 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "redis-persistent", + "creationTimestamp": null, + "annotations": { + "openshift.io/display-name": "Redis (Persistent)", + "description": "Redis in-memory data structure store, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.\n\nNOTE: You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-redis", + "tags": "database,redis" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Password: ${REDIS_PASSWORD}\n Connection URL: redis://${DATABASE_SERVICE_NAME}:6379/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.", + "labels": { + "template": "redis-persistent-template" + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "redis", + "protocol": "TCP", + "port": 6379, + "targetPort": 6379, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "redis" + ], + "from": { + "kind": "ImageStreamTag", + "name": "redis:${REDIS_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "redis", + "image": " ", + "ports": [ + { + "containerPort": 6379, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "test \"$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)\" == \"PONG\""] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 6379 + } + }, + "env": [ + { + "name": "REDIS_PASSWORD", + "value": "${REDIS_PASSWORD}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/redis/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "redis", + "required": true + }, + { + "name": "REDIS_PASSWORD", + "displayName": "Redis Connection Password", + "description": "Password for the Redis connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "REDIS_VERSION", + "displayName": "Version of Redis Image", + "description": "Version of Redis image to be used (3.2 or latest).", + "value": "3.2", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.4/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.4/image-streams/dotnet_imagestreams.json index 00b363c42..0d5ac21d8 100644 --- a/roles/openshift_examples/files/examples/v1.4/image-streams/dotnet_imagestreams.json +++ b/roles/openshift_examples/files/examples/v1.4/image-streams/dotnet_imagestreams.json @@ -4,7 +4,7 @@ "metadata": { "name": "dotnet-image-streams", "annotations": { - "description": "ImageStream definitions for .Net Core on RHEL" + "description": "ImageStream definitions for .NET Core on RHEL" } }, "items": [ @@ -12,29 +12,51 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "dotnet" + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core" + } }, "spec": { "tags": [ { "name": "latest", "annotations": { - "description": "Build and run .NET Core 1.0 applications", + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore", "supports":"dotnet", "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", - "sampleContextDir": "1.0/test/asp-net-hello-world" + "sampleContextDir": "1.1/test/asp-net-hello-world" }, "from": { "kind": "ImageStreamTag", - "name": "1.0" + "name": "1.1" + } + }, + { + "name": "1.1", + "annotations": { + "openshift.io/display-name": ".NET Core 1.1", + "description": "Build and run .NET Core 1.1 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.1/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore11", + "supports":"dotnet:1.1,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.1/test/asp-net-hello-world", + "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnetcore-11-rhel7:1.1" } }, { "name": "1.0", "annotations": { - "description": "Build and run .NET Core 1.0 applications", + "openshift.io/display-name": ".NET Core 1.0", + "description": "Build and run .NET Core 1.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.0/README.md.", "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", "supports":"dotnet:1.0,dotnet", diff --git a/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-centos7.json index a645de7e2..1a90a9409 100644 --- a/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-centos7.json @@ -35,7 +35,7 @@ "openshift.io/display-name": "Ruby 2.0", "description": "Build and run Ruby 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", "iconClass": "icon-ruby", - "tags": "builder,ruby", + "tags": "hidden,builder,ruby", "supports": "ruby:2.0,ruby", "version": "2.0", "sampleRepo": "https://github.com/openshift/ruby-ex.git" @@ -110,9 +110,9 @@ "name": "0.10", "annotations": { "openshift.io/display-name": "Node.js 0.10", - "description": "Build and run Node.js 0.10 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", + "description": "DEPRECATED: Build and run Node.js 0.10 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", "iconClass": "icon-nodejs", - "tags": "builder,nodejs", + "tags": "hidden,nodejs", "supports":"nodejs:0.10,nodejs:0.1,nodejs", "version": "0.10", "sampleRepo": "https://github.com/openshift/nodejs-ex.git" @@ -164,7 +164,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "5.20" + "name": "5.24" } }, { @@ -173,7 +173,7 @@ "openshift.io/display-name": "Perl 5.16", "description": "Build and run Perl 5.16 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", "iconClass": "icon-perl", - "tags": "builder,perl", + "tags": "hidden,builder,perl", "supports":"perl:5.16,perl", "version": "5.16", "sampleRepo": "https://github.com/openshift/dancer-ex.git" @@ -198,7 +198,22 @@ "kind": "DockerImage", "name": "centos/perl-520-centos7:latest" } - + }, + { + "name": "5.24", + "annotations": { + "openshift.io/display-name": "Perl 5.24", + "description": "Build and run Perl 5.24 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.24,perl", + "version": "5.24", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/perl-524-centos7:latest" + } } ] } @@ -226,7 +241,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "5.6" + "name": "7.0" } }, { @@ -235,7 +250,7 @@ "openshift.io/display-name": "PHP 5.5", "description": "Build and run PHP 5.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", "iconClass": "icon-php", - "tags": "builder,php", + "tags": "hidden,builder,php", "supports":"php:5.5,php", "version": "5.5", "sampleRepo": "https://github.com/openshift/cakephp-ex.git" @@ -260,6 +275,22 @@ "kind": "DockerImage", "name": "centos/php-56-centos7:latest" } + }, + { + "name": "7.0", + "annotations": { + "openshift.io/display-name": "PHP 7.0", + "description": "Build and run PHP 7.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:7.0,php", + "version": "7.0", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/php-70-centos7:latest" + } } ] } @@ -296,7 +327,7 @@ "openshift.io/display-name": "Python 3.3", "description": "Build and run Python 3.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", "iconClass": "icon-python", - "tags": "builder,python", + "tags": "hidden,builder,python", "supports":"python:3.3,python", "version": "3.3", "sampleRepo": "https://github.com/openshift/django-ex.git" @@ -471,7 +502,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "5.6" + "name": "5.7" } }, { @@ -480,7 +511,7 @@ "openshift.io/display-name": "MySQL 5.5", "description": "Provides a MySQL 5.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", "iconClass": "icon-mysql-database", - "tags": "mysql", + "tags": "hidden,mysql", "version": "5.5" }, "from": { @@ -501,6 +532,20 @@ "kind": "DockerImage", "name": "centos/mysql-56-centos7:latest" } + }, + { + "name": "5.7", + "annotations": { + "openshift.io/display-name": "MySQL 5.7", + "description": "Provides a MySQL 5.7 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.7" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mysql-57-centos7:latest" + } } ] } @@ -576,7 +621,7 @@ "openshift.io/display-name": "PostgreSQL 9.2", "description": "Provides a PostgreSQL 9.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", "iconClass": "icon-postgresql", - "tags": "postgresql", + "tags": "hidden,postgresql", "version": "9.2" }, "from": { @@ -645,7 +690,7 @@ "openshift.io/display-name": "MongoDB 2.4", "description": "Provides a MongoDB 2.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", "iconClass": "icon-mongodb", - "tags": "mongodb", + "tags": "hidden,mongodb", "version": "2.4" }, "from": { @@ -688,6 +733,47 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { + "name": "redis", + "annotations": { + "openshift.io/display-name": "Redis" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Redis (Latest)", + "description": "Provides a Redis database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", + "iconClass": "icon-redis", + "tags": "redis" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "Redis 3.2", + "description": "Provides a Redis 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", + "iconClass": "icon-redis", + "tags": "redis", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "centos/redis-32-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { "name": "jenkins", "annotations": { "openshift.io/display-name": "Jenkins" diff --git a/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-rhel7.json index 9b9cd236f..9b19b8bd0 100644 --- a/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/v1.4/image-streams/image-streams-rhel7.json @@ -35,7 +35,7 @@ "openshift.io/display-name": "Ruby 2.0", "description": "Build and run Ruby 2.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", "iconClass": "icon-ruby", - "tags": "builder,ruby", + "tags": "hidden,builder,ruby", "supports": "ruby:2.0,ruby", "version": "2.0", "sampleRepo": "https://github.com/openshift/ruby-ex.git" @@ -110,9 +110,9 @@ "name": "0.10", "annotations": { "openshift.io/display-name": "Node.js 0.10", - "description": "Build and run Node.js 0.10 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", + "description": "DEPRECATED: Build and run Node.js 0.10 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", "iconClass": "icon-nodejs", - "tags": "builder,nodejs", + "tags": "hidden,nodejs", "supports":"nodejs:0.10,nodejs:0.1,nodejs", "version": "0.10", "sampleRepo": "https://github.com/openshift/nodejs-ex.git" @@ -164,7 +164,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "5.20" + "name": "5.24" } }, { @@ -173,7 +173,7 @@ "openshift.io/display-name": "Perl 5.16", "description": "Build and run Perl 5.16 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", "iconClass": "icon-perl", - "tags": "builder,perl", + "tags": "hidden,builder,perl", "supports":"perl:5.16,perl", "version": "5.16", "sampleRepo": "https://github.com/openshift/dancer-ex.git" @@ -198,7 +198,22 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/perl-520-rhel7:latest" } - + }, + { + "name": "5.24", + "annotations": { + "openshift.io/display-name": "Perl 5.24", + "description": "Build and run Perl 5.24 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.24,perl", + "version": "5.24", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/perl-524-rhel7:latest" + } } ] } @@ -235,7 +250,7 @@ "openshift.io/display-name": "PHP 5.5", "description": "Build and run PHP 5.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", "iconClass": "icon-php", - "tags": "builder,php", + "tags": "hidden,builder,php", "supports":"php:5.5,php", "version": "5.5", "sampleRepo": "https://github.com/openshift/cakephp-ex.git" @@ -260,6 +275,22 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/php-56-rhel7:latest" } + }, + { + "name": "7.0", + "annotations": { + "openshift.io/display-name": "PHP 7.0", + "description": "Build and run PHP 7.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:7.0,php", + "version": "7.0", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/php-70-rhel7:latest" + } } ] } @@ -296,7 +327,7 @@ "openshift.io/display-name": "Python 3.3", "description": "Build and run Python 3.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", "iconClass": "icon-python", - "tags": "builder,python", + "tags": "hidden,builder,python", "supports":"python:3.3,python", "version": "3.3", "sampleRepo": "https://github.com/openshift/django-ex.git" @@ -378,7 +409,7 @@ }, "from": { "kind": "ImageStreamTag", - "name": "5.6" + "name": "5.7" } }, { @@ -387,7 +418,7 @@ "openshift.io/display-name": "MySQL 5.5", "description": "Provides a MySQL 5.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", "iconClass": "icon-mysql-database", - "tags": "mysql", + "tags": "hidden,mysql", "version": "5.5" }, "from": { @@ -408,6 +439,20 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/mysql-56-rhel7:latest" } + }, + { + "name": "5.7", + "annotations": { + "openshift.io/display-name": "MySQL 5.7", + "description": "Provides a MySQL 5.7 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mysql-57-rhel7:latest" + } } ] } @@ -483,7 +528,7 @@ "openshift.io/display-name": "PostgreSQL 9.2", "description": "Provides a PostgreSQL 9.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", "iconClass": "icon-postgresql", - "tags": "postgresql", + "tags": "hidden,postgresql", "version": "9.2" }, "from": { @@ -552,7 +597,7 @@ "openshift.io/display-name": "MongoDB 2.4", "description": "Provides a MongoDB 2.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", "iconClass": "icon-mongodb", - "tags": "mongodb", + "tags": "hidden,mongodb", "version": "2.4" }, "from": { @@ -595,6 +640,47 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { + "name": "redis", + "annotations": { + "openshift.io/display-name": "Redis" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Redis (Latest)", + "description": "Provides a Redis database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", + "iconClass": "icon-redis", + "tags": "redis" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "Redis 3.2", + "description": "Provides a Redis 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", + "iconClass": "icon-redis", + "tags": "redis", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/redis-32-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { "name": "jenkins", "annotations": { "openshift.io/display-name": "Jenkins" diff --git a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/README.md b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/README.md index e0db922a2..62765e03d 100644 --- a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/README.md +++ b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/README.md @@ -19,5 +19,4 @@ instantiating them. Note: This file is processed by `hack/update-external-examples.sh`. New examples must follow the exact syntax of the existing entries. Files in this directory -are automatically pulled down, do not add additional files directly to this -directory. +are automatically pulled down, do not modify/add files to this directory. diff --git a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/apicast-gateway-template.yml b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/apicast-gateway-template.yml new file mode 100644 index 000000000..34f5fcbcc --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/apicast-gateway-template.yml @@ -0,0 +1,149 @@ +apiVersion: v1 +kind: Template +metadata: + creationTimestamp: null + name: 3scale-gateway + annotations: + description: "3scale API Gateway" + iconClass: "icon-load-balancer" + tags: "api,gateway,3scale" +objects: +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: ${THREESCALE_GATEWAY_NAME} + spec: + replicas: 2 + selector: + deploymentconfig: ${THREESCALE_GATEWAY_NAME} + strategy: + resources: {} + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + deploymentconfig: ${THREESCALE_GATEWAY_NAME} + spec: + containers: + - env: + - name: THREESCALE_PORTAL_ENDPOINT + valueFrom: + secretKeyRef: + name: ${THREESCALE_PORTAL_ENDPOINT_SECRET} + key: password + - name: THREESCALE_CONFIG_FILE + value: ${THREESCALE_CONFIG_FILE} + - name: RESOLVER + value: ${RESOLVER} + - name: APICAST_SERVICES + value: ${APICAST_SERVICES} + - name: APICAST_MISSING_CONFIGURATION + value: ${MISSING_CONFIGURATION} + - name: APICAST_LOG_LEVEL + value: ${APICAST_LOG_LEVEL} + - name: APICAST_PATH_ROUTING_ENABLED + value: ${PATH_ROUTING} + - name: APICAST_RESPONSE_CODES + value: ${RESPONSE_CODES} + - name: APICAST_REQUEST_LOGS + value: ${REQUEST_LOGS} + - name: APICAST_RELOAD_CONFIG + value: ${APICAST_RELOAD_CONFIG} + image: ${THREESCALE_GATEWAY_IMAGE} + imagePullPolicy: Always + name: ${THREESCALE_GATEWAY_NAME} + livenessProbe: + httpGet: + path: /status/live + port: 8090 + initialDelaySeconds: 10 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: /status/ready + port: 8090 + initialDelaySeconds: 15 + timeoutSeconds: 1 + ports: + - containerPort: 8080 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + dnsPolicy: ClusterFirst + restartPolicy: Always + securityContext: {} + terminationGracePeriodSeconds: 30 + triggers: + - type: ConfigChange + status: {} +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + name: ${THREESCALE_GATEWAY_NAME} + spec: + ports: + - name: 8080-tcp + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + deploymentconfig: ${THREESCALE_GATEWAY_NAME} + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} +parameters: +- description: "Name of the secret containing the THREESCALE_PORTAL_ENDPOINT with the access-token or provider key" + value: threescale-portal-endpoint-secret + name: THREESCALE_PORTAL_ENDPOINT_SECRET + required: true +- description: "Path to saved JSON file with configuration for the gateway. Has to be injected to the docker image as read only volume." + value: + name: THREESCALE_CONFIG_FILE + required: false +- description: "Name for the 3scale API Gateway" + value: threescalegw + name: THREESCALE_GATEWAY_NAME + required: true +- description: "Docker image to use." + value: 'rhamp10/apicast-gateway:1.0.0-4' + name: THREESCALE_GATEWAY_IMAGE + required: true +- description: "DNS Resolver for openresty, if empty it will be autodiscovered" + value: + name: RESOLVER + required: false +- description: "Subset of services to run. Use comma separated list of service ids (eg. 42,1337)" + value: + name: APICAST_SERVICES + required: false +- description: "What to do on missing or invalid configuration. Allowed values are: log, exit." + value: exit + required: false + name: MISSING_CONFIGURATION +- description: "Log level. One of the following: debug, info, notice, warn, error, crit, alert, or emerg." + name: APICAST_LOG_LEVEL + required: false +- description: "Enable path routing. Experimental feature." + name: PATH_ROUTING + required: false + value: "false" +- description: "Enable traffic logging to 3scale. Includes whole request and response." + value: "false" + name: REQUEST_LOGS + required: false +- description: "Enable logging response codes to 3scale." + value: "false" + name: RESPONSE_CODES + required: false +- description: "Reload config on every request" + value: "false" + name: APICAST_RELOAD_CONFIG + required: false diff --git a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/cakephp-mysql.json index 354978891..9dbbf89d1 100644 --- a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/cakephp-mysql.json @@ -16,6 +16,17 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -212,11 +223,21 @@ }, { "name": "DATABASE_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "DATABASE_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "CAKEPHP_SECRET_TOKEN", @@ -349,12 +370,22 @@ }, "env": [ { - "name": "MYSQL_USER", - "value": "${DATABASE_USER}" + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { - "name": "MYSQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MYSQL_DATABASE", diff --git a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/dancer-mysql.json index 9fc5be5e0..dccb8bf7f 100644 --- a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/dancer-mysql.json @@ -16,6 +16,17 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -115,7 +126,10 @@ "secret": "${GITHUB_WEBHOOK_SECRET}" } } - ] + ], + "postCommit": { + "script": "perl -I extlib/lib/perl5 -I lib t/*" + } } }, { @@ -190,11 +204,21 @@ }, { "name": "MYSQL_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MYSQL_DATABASE", @@ -324,11 +348,21 @@ "env": [ { "name": "MYSQL_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MYSQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MYSQL_DATABASE", @@ -407,18 +441,6 @@ "from": "[a-zA-Z0-9]{40}" }, { - "name": "ADMIN_USERNAME", - "displayName": "Administrator Username", - "generate": "expression", - "from": "admin[A-Z0-9]{3}" - }, - { - "name": "ADMIN_PASSWORD", - "displayName": "Administrator Password", - "generate": "expression", - "from": "[a-zA-Z0-9]{8}" - }, - { "name": "DATABASE_SERVICE_NAME", "displayName": "Database Service Name", "required": true, diff --git a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/django-postgresql.json index 590d5fd4f..59ff8a988 100644 --- a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/django-postgresql.json @@ -16,6 +16,17 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -204,11 +215,21 @@ }, { "name": "DATABASE_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "DATABASE_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "APP_CONFIG", @@ -314,11 +335,21 @@ "env": [ { "name": "POSTGRESQL_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "POSTGRESQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "POSTGRESQL_DATABASE", diff --git a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/jenkins-ephemeral-template.json index fc7423840..62ccc5b7f 100644 --- a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/jenkins-ephemeral-template.json @@ -89,7 +89,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 120, + "initialDelaySeconds": 420, "failureThreshold" : 30, "httpGet": { "path": "/login", diff --git a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/jenkins-persistent-template.json index acf59ee94..50c4ad566 100644 --- a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/jenkins-persistent-template.json @@ -106,7 +106,7 @@ }, "livenessProbe": { "timeoutSeconds": 3, - "initialDelaySeconds": 120, + "initialDelaySeconds": 420, "failureThreshold" : 30, "httpGet": { "path": "/login", diff --git a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/nodejs-mongodb.json index d4b4add18..91f9ec7b3 100644 --- a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/nodejs-mongodb.json @@ -16,6 +16,18 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData": { + "databaseUser": "${DATABASE_USER}", + "databasePassword": "${DATABASE_PASSWORD}", + "databaseAdminPassword" : "${DATABASE_ADMIN_PASSWORD}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -88,10 +100,10 @@ "namespace": "${NAMESPACE}", "name": "nodejs:4" }, - "env": [ + "env": [ { - "name": "NPM_MIRROR", - "value": "${NPM_MIRROR}" + "name": "NPM_MIRROR", + "value": "${NPM_MIRROR}" } ] } @@ -186,11 +198,21 @@ }, { "name": "MONGODB_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MONGODB_DATABASE", @@ -198,7 +220,12 @@ }, { "name": "MONGODB_ADMIN_PASSWORD", - "value": "${DATABASE_ADMIN_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseAdminPassword" + } + } } ], "readinessProbe": { @@ -210,17 +237,17 @@ } }, "livenessProbe": { - "timeoutSeconds": 3, - "initialDelaySeconds": 30, - "httpGet": { - "path": "/pagecount", - "port": 8080 - } + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } }, "resources": { - "limits": { - "memory": "${MEMORY_LIMIT}" - } + "limits": { + "memory": "${MEMORY_LIMIT}" + } } } ] @@ -306,11 +333,21 @@ "env": [ { "name": "MONGODB_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "MONGODB_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "MONGODB_DATABASE", @@ -318,14 +355,24 @@ }, { "name": "MONGODB_ADMIN_PASSWORD", - "value": "${DATABASE_ADMIN_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseAdminPassword" + } + } } ], "readinessProbe": { "timeoutSeconds": 1, "initialDelaySeconds": 3, "exec": { - "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] + "command": [ + "/bin/sh", + "-i", + "-c", + "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\"" + ] } }, "livenessProbe": { @@ -336,9 +383,9 @@ } }, "resources": { - "limits": { - "memory": "${MEMORY_MONGODB_LIMIT}" - } + "limits": { + "memory": "${MEMORY_MONGODB_LIMIT}" + } }, "volumeMounts": [ { diff --git a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/rails-postgresql.json index baed15d8a..6373562c4 100644 --- a/roles/openshift_examples/files/examples/v1.4/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.4/quickstart-templates/rails-postgresql.json @@ -16,6 +16,20 @@ }, "objects": [ { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}", + "applicationUser" : "${APPLICATION_USER}", + "applicationPassword" : "${APPLICATION_PASSWORD}", + "keyBase" : "${SECRET_KEY_BASE}" + } + }, + { "kind": "Service", "apiVersion": "v1", "metadata": { @@ -207,11 +221,21 @@ }, { "name": "POSTGRESQL_USER", - "value": "${DATABASE_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } }, { "name": "POSTGRESQL_PASSWORD", - "value": "${DATABASE_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } }, { "name": "POSTGRESQL_DATABASE", @@ -219,7 +243,12 @@ }, { "name": "SECRET_KEY_BASE", - "value": "${SECRET_KEY_BASE}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "keyBase" + } + } }, { "name": "POSTGRESQL_MAX_CONNECTIONS", @@ -235,11 +264,21 @@ }, { "name": "APPLICATION_USER", - "value": "${APPLICATION_USER}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "applicationUser" + } + } }, { "name": "APPLICATION_PASSWORD", - "value": "${APPLICATION_PASSWORD}" + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "applicationPassword" + } + } }, { "name": "RAILS_ENV", diff --git a/roles/openshift_examples/files/examples/v1.4/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.4/xpaas-streams/jboss-image-streams.json index 4edc97f41..a7cb12867 100644 --- a/roles/openshift_examples/files/examples/v1.4/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.4/xpaas-streams/jboss-image-streams.json @@ -283,6 +283,28 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { + "name": "jboss-datavirt63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", + "iconClass": "icon-jboss", + "tags": "datavirt,java,jboss,xpaas", + "supports":"datavirt:6.3,java:8,xpaas:1.4", + "version": "1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { "name": "jboss-amq-62" }, "spec": { diff --git a/roles/openshift_examples/files/examples/v1.4/xpaas-templates/datavirt63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.4/xpaas-templates/datavirt63-basic-s2i.json new file mode 100644 index 000000000..7d64dac98 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.4/xpaas-templates/datavirt63-basic-s2i.json @@ -0,0 +1,415 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I.", + "tags": "jdv,datavirt,jboss,xpaas", + "version": "1.4.0" + }, + "name": "datavirt63-basic-s2i" + }, + "labels": { + "template": "datavirt63-basic-s2i", + "xpaas": "1.4.0" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the secret named ${CONFIGURATION_NAME} containing the datasource configuration details required by the deployed VDB(s).", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret specified by CONFIGURATION_NAME.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.0" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.4/xpaas-templates/datavirt63-extensions-support-s2i.json b/roles/openshift_examples/files/examples/v1.4/xpaas-templates/datavirt63-extensions-support-s2i.json new file mode 100644 index 000000000..1e7c03b99 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.4/xpaas-templates/datavirt63-extensions-support-s2i.json @@ -0,0 +1,763 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I. Includes support for installing extensions (e.g. third-party DB drivers) and the ability to configure certificates for serving secure content.", + "tags": "jdv,datavirt,jboss,xpaas", + "version": "1.4.0" + }, + "name": "datavirt63-extensions-support-s2i" + }, + "labels": { + "template": "datavirt63-extensions-support-s2i", + "xpaas": "1.4.0" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the https route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom https Route Hostname", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the JDBC route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom JDBC Route Hostname", + "name": "HOSTNAME_JDBC", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The URL of the repository with source code for the extensions image. The image should have all modules, etc., placed in the \"/extensions/\" directory in the image. If the contents are in a different directory, the sourcePath for the ImageSource in the BuildConfig must be modified.", + "displayName": "Extensions Git Repository URL", + "name": "EXTENSIONS_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your extensions repository if you are not using the default branch.", + "displayName": "Extensions Git Reference", + "name": "EXTENSIONS_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your extensions repository.", + "displayName": "Extensions Context Directory", + "name": "EXTENSIONS_DIR", + "value": "datavirt/derby-driver-image", + "required": false + }, + { + "description": "Set this to the relative path to the Dockerfile in your extensions directory.", + "displayName": "Extensions Dockerfile", + "name": "EXTENSIONS_DOCKERFILE", + "value": "Dockerfile", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret(s) specified by CONFIGURATION_NAME, HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for serving secure content.", + "displayName": "Server Keystore Secret Name", + "name": "HTTPS_SECRET", + "value": "datavirt-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret.", + "displayName": "Server Keystore Filename", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS).", + "displayName": "Server Keystore Type", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate.", + "displayName": "Server Certificate Name", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "Server Keystore Password", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "displayName": "JGroups Secret Name", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datavirt-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the JGroups secret.", + "displayName": "JGroups Keystore Filename", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the JGroups server certificate", + "displayName": "JGroups Certificate Name", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "JGroups Keystore Password", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + }, + { + "name": "jdbcs", + "port": 31443, + "targetPort": "jdbcs" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "port": { + "targetPort": "https" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-jdbc", + "metadata": { + "name": "jdbc-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's JDBC service." + } + }, + "spec": { + "host": "${HOSTNAME_JDBC}", + "port": { + "targetPort": "jdbcs" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-ext", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-ext", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${EXTENSIONS_REPOSITORY_URL}", + "ref": "${EXTENSIONS_REPOSITORY_REF}" + }, + "contextDir": "${EXTENSIONS_DIR}" + }, + "strategy": { + "type": "Docker", + "dockerStrategy": { + "dockerfilePath": "${EXTENSIONS_DOCKERFILE}" + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/extras", + "sourcePath": "/extensions/." + } + ] + } + ] + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.0" + }, + "env": [ + { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + } + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + }, + { + "name": "datavirt-keystore-volume", + "mountPath": "/etc/datavirt-secret-volume", + "readOnly": true + }, + { + "name": "datavirt-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "jdbcs", + "containerPort": 31443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datavirt-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE", + "value": "/etc/datavirt-secret-volume/${HTTPS_KEYSTORE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEY_ALIAS", + "value": "${HTTPS_NAME}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "QS_DB_TYPE", + "value": "derby", + "description": "Used soley by the quickstart and set here to ensure the template can be instatiated with its default parameter values, i.e. so itworks ootb." + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "datavirt-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datavirt-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.4/xpaas-templates/datavirt63-secure-s2i.json b/roles/openshift_examples/files/examples/v1.4/xpaas-templates/datavirt63-secure-s2i.json new file mode 100644 index 000000000..07f926ff3 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.4/xpaas-templates/datavirt63-secure-s2i.json @@ -0,0 +1,642 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I. Includes ability to configure certificates for serving secure content.", + "tags": "jdv,datavirt,jboss,xpaas", + "version": "1.4.0" + }, + "name": "datavirt63-secure-s2i" + }, + "labels": { + "template": "datavirt63-secure-s2i", + "xpaas": "1.4.0" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the https route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom https Route Hostname", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the JDBC route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom JDBC Route Hostname", + "name": "HOSTNAME_JDBC", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret(s) specified by CONFIGURATION_NAME, HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for serving secure content.", + "displayName": "Server Keystore Secret Name", + "name": "HTTPS_SECRET", + "value": "datavirt-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret.", + "displayName": "Server Keystore Filename", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS).", + "displayName": "Server Keystore Type", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate.", + "displayName": "Server Certificate Name", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "Server Keystore Password", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "displayName": "JGroups Secret Name", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datavirt-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the JGroups secret.", + "displayName": "JGroups Keystore Filename", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the JGroups server certificate", + "displayName": "JGroups Certificate Name", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "JGroups Keystore Password", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + }, + { + "name": "jdbcs", + "port": 31443, + "targetPort": "jdbcs" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "port": { + "targetPort": "https" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-jdbc", + "metadata": { + "name": "jdbc-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's JDBC service." + } + }, + "spec": { + "host": "${HOSTNAME_JDBC}", + "port": { + "targetPort": "jdbcs" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.0" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + }, + { + "name": "datavirt-keystore-volume", + "mountPath": "/etc/datavirt-secret-volume", + "readOnly": true + }, + { + "name": "datavirt-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "jdbcs", + "containerPort": 31443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datavirt-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE", + "value": "/etc/datavirt-secret-volume/${HTTPS_KEYSTORE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEY_ALIAS", + "value": "${HTTPS_NAME}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "datavirt-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datavirt-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-pv-app-example.yaml b/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-pv-app-example.yaml new file mode 100644 index 000000000..14bdd1dca --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-pv-app-example.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: cloudforms +spec: + capacity: + storage: 2Gi + accessModes: + - ReadWriteOnce + nfs: + path: /opt/nfs/volumes-app + server: 10.19.0.216 + persistentVolumeReclaimPolicy: Recycle diff --git a/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-pv-example.yaml b/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-pv-example.yaml new file mode 100644 index 000000000..709d8d976 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-pv-example.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-pv01 +spec: + capacity: + storage: 2Gi + accessModes: + - ReadWriteOnce + nfs: + path: /opt/nfs/volumes + server: 10.19.0.216 + persistentVolumeReclaimPolicy: Recycle diff --git a/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml b/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml new file mode 100644 index 000000000..c8e3d4083 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/cfme-templates/cfme-template.yaml @@ -0,0 +1,479 @@ +apiVersion: v1 +kind: Template +labels: + template: cloudforms +metadata: + name: cloudforms + annotations: + description: "CloudForms appliance with persistent storage" + tags: "instant-app,cloudforms,cfme" + iconClass: "icon-rails" +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: "Exposes and load balances CloudForms pods" + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"},{"name":"${MEMCACHED_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: ${NAME} + spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + name: ${NAME} +- apiVersion: v1 + kind: Route + metadata: + name: ${NAME} + spec: + host: ${APPLICATION_DOMAIN} + port: + targetPort: https + tls: + termination: passthrough + to: + kind: Service + name: ${NAME} +- apiVersion: v1 + kind: ImageStream + metadata: + name: cfme-openshift-app + annotations: + description: "Keeps track of changes in the CloudForms app image" + spec: + dockerImageRepository: registry.access.redhat.com/cloudforms/cfme-openshift-app +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: ${DATABASE_SERVICE_NAME} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${DATABASE_VOLUME_CAPACITY} +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: ${NAME} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${APPLICATION_VOLUME_CAPACITY} +- apiVersion: v1 + kind: "DeploymentConfig" + metadata: + name: ${NAME} + annotations: + description: "Defines how to deploy the CloudForms appliance" + spec: + template: + metadata: + labels: + name: ${NAME} + name: ${NAME} + spec: + volumes: + - + name: "cfme-app-volume" + persistentVolumeClaim: + claimName: ${NAME} + containers: + - image: cloudforms/cfme-openshift-app:${APPLICATION_IMG_TAG} + imagePullPolicy: IfNotPresent + name: cloudforms + livenessProbe: + httpGet: + path: / + port: 80 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: / + port: 80 + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP + securityContext: + privileged: true + volumeMounts: + - + name: "cfme-app-volume" + mountPath: "/persistent" + env: + - + name: "APPLICATION_INIT_DELAY" + value: "${APPLICATION_INIT_DELAY}" + - + name: "DATABASE_SERVICE_NAME" + value: "${DATABASE_SERVICE_NAME}" + - + name: "DATABASE_REGION" + value: "${DATABASE_REGION}" + - + name: "MEMCACHED_SERVICE_NAME" + value: "${MEMCACHED_SERVICE_NAME}" + - + name: "POSTGRESQL_USER" + value: "${DATABASE_USER}" + - + name: "POSTGRESQL_PASSWORD" + value: "${DATABASE_PASSWORD}" + - + name: "POSTGRESQL_DATABASE" + value: "${DATABASE_NAME}" + - + name: "POSTGRESQL_MAX_CONNECTIONS" + value: "${POSTGRESQL_MAX_CONNECTIONS}" + - + name: "POSTGRESQL_SHARED_BUFFERS" + value: "${POSTGRESQL_SHARED_BUFFERS}" + resources: + requests: + memory: "${MEMORY_APPLICATION_MIN}" + lifecycle: + preStop: + exec: + command: + - /opt/rh/cfme-container-scripts/sync-pv-data + replicas: 1 + selector: + name: ${NAME} + triggers: + - type: "ConfigChange" + - type: "ImageChange" + imageChangeParams: + automatic: false + containerNames: + - "cloudforms" + from: + kind: "ImageStreamTag" + name: "cfme-openshift-app:${APPLICATION_IMG_TAG}" + strategy: + type: "Recreate" + recreateParams: + timeoutSeconds: 1200 +- apiVersion: v1 + kind: "Service" + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: "Exposes the memcached server" + spec: + ports: + - + name: "memcached" + port: 11211 + targetPort: 11211 + selector: + name: "${MEMCACHED_SERVICE_NAME}" +- apiVersion: v1 + kind: ImageStream + metadata: + name: cfme-openshift-memcached + annotations: + description: "Keeps track of changes in the CloudForms memcached image" + spec: + dockerImageRepository: registry.access.redhat.com/cloudforms/cfme-openshift-memcached +- apiVersion: v1 + kind: "DeploymentConfig" + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: "Defines how to deploy memcached" + spec: + strategy: + type: "Recreate" + triggers: + - + type: "ImageChange" + imageChangeParams: + automatic: false + containerNames: + - "memcached" + from: + kind: "ImageStreamTag" + name: "cfme-openshift-memcached:${MEMCACHED_IMG_TAG}" + - + type: "ConfigChange" + replicas: 1 + selector: + name: "${MEMCACHED_SERVICE_NAME}" + template: + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + labels: + name: "${MEMCACHED_SERVICE_NAME}" + spec: + volumes: [] + containers: + - + name: "memcached" + image: "cloudforms/cfme-openshift-memcached:${MEMCACHED_IMG_TAG}" + ports: + - + containerPort: 11211 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + tcpSocket: + port: 11211 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + tcpSocket: + port: 11211 + volumeMounts: [] + env: + - + name: "MEMCACHED_MAX_MEMORY" + value: "${MEMCACHED_MAX_MEMORY}" + - + name: "MEMCACHED_MAX_CONNECTIONS" + value: "${MEMCACHED_MAX_CONNECTIONS}" + - + name: "MEMCACHED_SLAB_PAGE_SIZE" + value: "${MEMCACHED_SLAB_PAGE_SIZE}" + resources: + limits: + memory: "${MEMORY_MEMCACHED_LIMIT}" +- apiVersion: v1 + kind: "Service" + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: "Exposes the database server" + spec: + ports: + - + name: "postgresql" + port: 5432 + targetPort: 5432 + selector: + name: "${DATABASE_SERVICE_NAME}" +- apiVersion: v1 + kind: ImageStream + metadata: + name: cfme-openshift-postgresql + annotations: + description: "Keeps track of changes in the CloudForms postgresql image" + spec: + dockerImageRepository: registry.access.redhat.com/cloudforms/cfme-openshift-postgresql +- apiVersion: v1 + kind: "DeploymentConfig" + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: "Defines how to deploy the database" + spec: + strategy: + type: "Recreate" + triggers: + - + type: "ImageChange" + imageChangeParams: + automatic: false + containerNames: + - "postgresql" + from: + kind: "ImageStreamTag" + name: "cfme-openshift-postgresql:${POSTGRESQL_IMG_TAG}" + - + type: "ConfigChange" + replicas: 1 + selector: + name: "${DATABASE_SERVICE_NAME}" + template: + metadata: + name: "${DATABASE_SERVICE_NAME}" + labels: + name: "${DATABASE_SERVICE_NAME}" + spec: + volumes: + - + name: "cfme-pgdb-volume" + persistentVolumeClaim: + claimName: ${DATABASE_SERVICE_NAME} + containers: + - + name: "postgresql" + image: "cloudforms/cfme-openshift-postgresql:${POSTGRESQL_IMG_TAG}" + ports: + - + containerPort: 5432 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 15 + exec: + command: + - "/bin/sh" + - "-i" + - "-c" + - "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'" + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 60 + tcpSocket: + port: 5432 + volumeMounts: + - + name: "cfme-pgdb-volume" + mountPath: "/var/lib/pgsql/data" + env: + - + name: "POSTGRESQL_USER" + value: "${DATABASE_USER}" + - + name: "POSTGRESQL_PASSWORD" + value: "${DATABASE_PASSWORD}" + - + name: "POSTGRESQL_DATABASE" + value: "${DATABASE_NAME}" + - + name: "POSTGRESQL_MAX_CONNECTIONS" + value: "${POSTGRESQL_MAX_CONNECTIONS}" + - + name: "POSTGRESQL_SHARED_BUFFERS" + value: "${POSTGRESQL_SHARED_BUFFERS}" + resources: + limits: + memory: "${MEMORY_POSTGRESQL_LIMIT}" + +parameters: + - + name: "NAME" + displayName: Name + required: true + description: "The name assigned to all of the frontend objects defined in this template." + value: cloudforms + - + name: "DATABASE_SERVICE_NAME" + displayName: "PostgreSQL Service Name" + required: true + description: "The name of the OpenShift Service exposed for the PostgreSQL container." + value: "postgresql" + - + name: "DATABASE_USER" + displayName: "PostgreSQL User" + required: true + description: "PostgreSQL user that will access the database." + value: "root" + - + name: "DATABASE_PASSWORD" + displayName: "PostgreSQL Password" + required: true + description: "Password for the PostgreSQL user." + value: "smartvm" + - + name: "DATABASE_NAME" + required: true + displayName: "PostgreSQL Database Name" + description: "Name of the PostgreSQL database accessed." + value: "vmdb_production" + - + name: "DATABASE_REGION" + required: true + displayName: "Application Database Region" + description: "Database region that will be used for application." + value: "0" + - + name: "MEMCACHED_SERVICE_NAME" + required: true + displayName: "Memcached Service Name" + description: "The name of the OpenShift Service exposed for the Memcached container." + value: "memcached" + - + name: "MEMCACHED_MAX_MEMORY" + displayName: "Memcached Max Memory" + description: "Memcached maximum memory for memcached object storage in MB." + value: "64" + - + name: "MEMCACHED_MAX_CONNECTIONS" + displayName: "Memcached Max Connections" + description: "Memcached maximum number of connections allowed." + value: "1024" + - + name: "MEMCACHED_SLAB_PAGE_SIZE" + displayName: "Memcached Slab Page Size" + description: "Memcached size of each slab page." + value: "1m" + - + name: "POSTGRESQL_MAX_CONNECTIONS" + displayName: "PostgreSQL Max Connections" + description: "PostgreSQL maximum number of database connections allowed." + value: "100" + - + name: "POSTGRESQL_SHARED_BUFFERS" + displayName: "PostgreSQL Shared Buffer Amount" + description: "Amount of memory dedicated for PostgreSQL shared memory buffers." + value: "64MB" + - + name: "MEMORY_APPLICATION_MIN" + displayName: "Application Memory Minimum" + required: true + description: "Minimum amount of memory the Application container will need." + value: "4096Mi" + - + name: "MEMORY_POSTGRESQL_LIMIT" + displayName: "PostgreSQL Memory Limit" + required: true + description: "Maximum amount of memory the PostgreSQL container can use." + value: "2048Mi" + - + name: "MEMORY_MEMCACHED_LIMIT" + displayName: "Memcached Memory Limit" + required: true + description: "Maximum amount of memory the Memcached container can use." + value: "256Mi" + - + name: "POSTGRESQL_IMG_TAG" + displayName: "PostgreSQL Image Tag" + description: "This is the PostgreSQL image tag/version requested to deploy." + value: "latest" + - + name: "MEMCACHED_IMG_TAG" + displayName: "Memcached Image Tag" + description: "This is the Memcached image tag/version requested to deploy." + value: "latest" + - + name: "APPLICATION_IMG_TAG" + displayName: "Application Image Tag" + description: "This is the Application image tag/version requested to deploy." + value: "latest" + - + name: "APPLICATION_DOMAIN" + displayName: "Application Hostname" + description: "The exposed hostname that will route to the application service, if left blank a value will be defaulted." + value: "" + - + name: "APPLICATION_INIT_DELAY" + displayName: "Application Init Delay" + required: true + description: "Delay in seconds before we attempt to initialize the application." + value: "30" + - + name: "APPLICATION_VOLUME_CAPACITY" + displayName: "Application Volume Capacity" + required: true + description: "Volume space available for application data." + value: "1Gi" + - + name: "DATABASE_VOLUME_CAPACITY" + displayName: "Database Volume Capacity" + required: true + description: "Volume space available for database." + value: "1Gi" diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/README.md b/roles/openshift_examples/files/examples/v1.5/db-templates/README.md new file mode 100644 index 000000000..a36d7ba7d --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/README.md @@ -0,0 +1,76 @@ +OpenShift 3 Database Examples +============================= + +This directory contains example JSON templates to deploy databases in OpenShift. +They can be used to immediately instantiate a database and expose it as a +service in the current project, or to add a template that can be later used from +the Web Console or the CLI. + +The examples can also be tweaked to create new templates. + + +## Ephemeral vs. Persistent + +For each supported database, there are two template files. + +Files named `*-ephemeral-template.json` use +"[emptyDir](https://docs.openshift.org/latest/dev_guide/volumes.html)" volumes +for data storage, which means that data is lost after a pod restart. +This is tolerable for experimenting, but not suitable for production use. + +The other templates, named `*-persistent-template.json`, use [persistent volume +claims](https://docs.openshift.org/latest/architecture/additional_concepts/storage.html#persistent-volume-claims) +to request persistent storage provided by [persistent +volumes](https://docs.openshift.org/latest/architecture/additional_concepts/storage.html#persistent-volumes), +that must have been created upfront. + + +## Usage + +### Instantiating a new database service + +Use these instructions if you want to quickly deploy a new database service in +your current project. Instantiate a new database service with this command: + + $ oc new-app /path/to/template.json + +Replace `/path/to/template.json` with an appropriate path, that can be either a +local path or an URL. Example: + + $ oc new-app https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json + +The parameters listed in the output above can be tweaked by specifying values in +the command line with the `-p` option: + + $ oc new-app examples/db-templates/mongodb-ephemeral-template.json -p DATABASE_SERVICE_NAME=mydb -p MONGODB_USER=default + +Note that the persistent template requires an existing persistent volume, +otherwise the deployment won't ever succeed. + + +### Adding a database as a template + +Use these instructions if, instead of instantiating a service right away, you +want to load the template into an OpenShift project so that it can be used +later. Create the template with this command: + + $ oc create -f /path/to/template.json + +Replace `/path/to/template.json` with an appropriate path, that can be either a +local path or an URL. Example: + + $ oc create -f https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json + template "mongodb-ephemeral" created + +The new template is now available to use in the Web Console or with `oc +new-app`. + + +## More information + +The usage of each supported database image is further documented in the links +below: + +- [MySQL](https://docs.openshift.org/latest/using_images/db_images/mysql.html) +- [PostgreSQL](https://docs.openshift.org/latest/using_images/db_images/postgresql.html) +- [MongoDB](https://docs.openshift.org/latest/using_images/db_images/mongodb.html) diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.5/db-templates/mariadb-ephemeral-template.json new file mode 100644 index 000000000..cfbfc3e20 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/mariadb-ephemeral-template.json @@ -0,0 +1,225 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-ephemeral", + "annotations": { + "openshift.io/display-name": "MariaDB (Ephemeral)", + "description": "MariaDB database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-mariadb", + "tags": "database,mariadb" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.", + "labels": { + "template": "mariadb-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MariaDB root Password", + "description": "Password for the MariaDB root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v1.5/db-templates/mariadb-persistent-template.json new file mode 100644 index 000000000..e933eecf0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/mariadb-persistent-template.json @@ -0,0 +1,249 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-persistent", + "annotations": { + "openshift.io/display-name": "MariaDB (Persistent)", + "description": "MariaDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-mariadb", + "tags": "database,mariadb" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.", + "labels": { + "template": "mariadb-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MariaDB root Password", + "description": "Password for the MariaDB root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.5/db-templates/mongodb-ephemeral-template.json new file mode 100644 index 000000000..8b8fcb58b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/mongodb-ephemeral-template.json @@ -0,0 +1,253 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mongodb-ephemeral", + "creationTimestamp": null, + "annotations": { + "openshift.io/display-name": "MongoDB (Ephemeral)", + "description": "MongoDB database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-mongodb", + "tags": "database,mongodb" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MONGODB_USER}\n Password: ${MONGODB_PASSWORD}\n Database Name: ${MONGODB_DATABASE}\n Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.", + "labels": { + "template": "mongodb-ephemeral-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MONGODB_USER}", + "database-password" : "${MONGODB_PASSWORD}", + "database-admin-password" : "${MONGODB_ADMIN_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "mongo", + "protocol": "TCP", + "port": 27017, + "targetPort": 27017, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mongodb:${MONGODB_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mongodb", + "image": " ", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 3, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 27017 + } + }, + "env": [ + { + "name": "MONGODB_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MONGODB_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-admin-password" + } + } + }, + { + "name": "MONGODB_DATABASE", + "value": "${MONGODB_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mongodb/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mongodb", + "required": true + }, + { + "name": "MONGODB_USER", + "displayName": "MongoDB Connection Username", + "description": "Username for MongoDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MONGODB_PASSWORD", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MONGODB_DATABASE", + "displayName": "MongoDB Database Name", + "description": "Name of the MongoDB database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "displayName": "MongoDB Admin Password", + "description": "Password for the database admin user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MONGODB_VERSION", + "displayName": "Version of MongoDB Image", + "description": "Version of MongoDB image to be used (2.4, 2.6, 3.2 or latest).", + "value": "3.2", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v1.5/db-templates/mongodb-persistent-template.json new file mode 100644 index 000000000..72d3a8556 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/mongodb-persistent-template.json @@ -0,0 +1,277 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mongodb-persistent", + "creationTimestamp": null, + "annotations": { + "openshift.io/display-name": "MongoDB (Persistent)", + "description": "MongoDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-mongodb", + "tags": "database,mongodb" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MONGODB_USER}\n Password: ${MONGODB_PASSWORD}\n Database Name: ${MONGODB_DATABASE}\n Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.", + "labels": { + "template": "mongodb-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MONGODB_USER}", + "database-password" : "${MONGODB_PASSWORD}", + "database-admin-password" : "${MONGODB_ADMIN_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "mongo", + "protocol": "TCP", + "port": 27017, + "targetPort": 27017, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mongodb:${MONGODB_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mongodb", + "image": " ", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 3, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 27017 + } + }, + "env": [ + { + "name": "MONGODB_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MONGODB_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-admin-password" + } + } + }, + { + "name": "MONGODB_DATABASE", + "value": "${MONGODB_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mongodb/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mongodb", + "required": true + }, + { + "name": "MONGODB_USER", + "displayName": "MongoDB Connection Username", + "description": "Username for MongoDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MONGODB_PASSWORD", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MONGODB_DATABASE", + "displayName": "MongoDB Database Name", + "description": "Name of the MongoDB database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "displayName": "MongoDB Admin Password", + "description": "Password for the database admin user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "MONGODB_VERSION", + "displayName": "Version of MongoDB Image", + "description": "Version of MongoDB image to be used (2.4, 2.6, 3.2 or latest).", + "value": "3.2", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.5/db-templates/mysql-ephemeral-template.json new file mode 100644 index 000000000..34dd2ed78 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/mysql-ephemeral-template.json @@ -0,0 +1,253 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mysql-ephemeral", + "annotations": { + "openshift.io/display-name": "MySQL (Ephemeral)", + "description": "MySQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-mysql-database", + "tags": "database,mysql" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", + "labels": { + "template": "mysql-ephemeral-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "mysql", + "protocol": "TCP", + "port": 3306, + "targetPort": 3306, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mysql" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mysql:${MYSQL_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mysql", + "image": " ", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mysql", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MySQL Connection Username", + "description": "Username for MySQL user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MySQL root user Password", + "description": "Password for the MySQL root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MySQL Database Name", + "description": "Name of the MySQL database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "MYSQL_VERSION", + "displayName": "Version of MySQL Image", + "description": "Version of MySQL image to be used (5.5, 5.6, 5.7, or latest).", + "value": "5.7", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v1.5/db-templates/mysql-persistent-template.json new file mode 100644 index 000000000..85c48da01 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/mysql-persistent-template.json @@ -0,0 +1,256 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mysql-persistent", + "annotations": { + "openshift.io/display-name": "MySQL (Persistent)", + "description": "MySQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-mysql-database", + "tags": "database,mysql" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", + "labels": { + "template": "mysql-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "mysql", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mysql" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mysql:${MYSQL_VERSION}", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mysql", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mysql", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MySQL Connection Username", + "description": "Username for MySQL user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MySQL root user Password", + "description": "Password for the MySQL root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MySQL Database Name", + "description": "Name of the MySQL database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "MYSQL_VERSION", + "displayName": "Version of MySQL Image", + "description": "Version of MySQL image to be used (5.5, 5.6, 5.7, or latest).", + "value": "5.7", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.5/db-templates/postgresql-ephemeral-template.json new file mode 100644 index 000000000..0d0a2a629 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/postgresql-ephemeral-template.json @@ -0,0 +1,235 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "postgresql-ephemeral", + "creationTimestamp": null, + "annotations": { + "openshift.io/display-name": "PostgreSQL (Ephemeral)", + "description": "PostgreSQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-postgresql", + "tags": "database,postgresql" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${POSTGRESQL_USER}\n Password: ${POSTGRESQL_PASSWORD}\n Database Name: ${POSTGRESQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:5432/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.", + "labels": { + "template": "postgresql-ephemeral-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${POSTGRESQL_USER}", + "database-password" : "${POSTGRESQL_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "protocol": "TCP", + "port": 5432, + "targetPort": 5432, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "name": "postgresql:${POSTGRESQL_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "env": [ + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${POSTGRESQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "postgresql", + "required": true + }, + { + "name": "POSTGRESQL_USER", + "displayName": "PostgreSQL Connection Username", + "description": "Username for PostgreSQL user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "POSTGRESQL_PASSWORD", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "POSTGRESQL_DATABASE", + "displayName": "PostgreSQL Database Name", + "description": "Name of the PostgreSQL database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "POSTGRESQL_VERSION", + "displayName": "Version of PostgreSQL Image", + "description": "Version of PostgreSQL image to be used (9.2, 9.4, 9.5 or latest).", + "value": "9.5", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v1.5/db-templates/postgresql-persistent-template.json new file mode 100644 index 000000000..257726cfd --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/postgresql-persistent-template.json @@ -0,0 +1,259 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "postgresql-persistent", + "creationTimestamp": null, + "annotations": { + "openshift.io/display-name": "PostgreSQL (Persistent)", + "description": "PostgreSQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-postgresql", + "tags": "database,postgresql" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${POSTGRESQL_USER}\n Password: ${POSTGRESQL_PASSWORD}\n Database Name: ${POSTGRESQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:5432/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.", + "labels": { + "template": "postgresql-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "stringData" : { + "database-user" : "${POSTGRESQL_USER}", + "database-password" : "${POSTGRESQL_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "protocol": "TCP", + "port": 5432, + "targetPort": 5432, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "name": "postgresql:${POSTGRESQL_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "env": [ + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${POSTGRESQL_DATABASE}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "postgresql", + "required": true + }, + { + "name": "POSTGRESQL_USER", + "displayName": "PostgreSQL Connection Username", + "description": "Username for PostgreSQL user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "POSTGRESQL_PASSWORD", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "POSTGRESQL_DATABASE", + "displayName": "PostgreSQL Database Name", + "description": "Name of the PostgreSQL database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "POSTGRESQL_VERSION", + "displayName": "Version of PostgreSQL Image", + "description": "Version of PostgreSQL image to be used (9.2, 9.4, 9.5 or latest).", + "value": "9.5", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/redis-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.5/db-templates/redis-ephemeral-template.json new file mode 100644 index 000000000..c9ae8a539 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/redis-ephemeral-template.json @@ -0,0 +1,191 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "redis-ephemeral", + "creationTimestamp": null, + "annotations": { + "openshift.io/display-name": "Redis (Ephemeral)", + "description": "Redis in-memory data structure store, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-redis", + "tags": "database,redis" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Password: ${REDIS_PASSWORD}\n Connection URL: redis://${DATABASE_SERVICE_NAME}:6379/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.", + "labels": { + "template": "redis-ephemeral-template" + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "redis", + "protocol": "TCP", + "port": 6379, + "targetPort": 6379, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "redis" + ], + "from": { + "kind": "ImageStreamTag", + "name": "redis:${REDIS_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "redis", + "image": " ", + "ports": [ + { + "containerPort": 6379, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "test \"$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)\" == \"PONG\""] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 6379 + } + }, + "env": [ + { + "name": "REDIS_PASSWORD", + "value": "${REDIS_PASSWORD}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/redis/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "redis", + "required": true + }, + { + "name": "REDIS_PASSWORD", + "displayName": "Redis Connection Password", + "description": "Password for the Redis connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "REDIS_VERSION", + "displayName": "Version of Redis Image", + "description": "Version of Redis image to be used (3.2 or latest).", + "value": "3.2", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/db-templates/redis-persistent-template.json b/roles/openshift_examples/files/examples/v1.5/db-templates/redis-persistent-template.json new file mode 100644 index 000000000..e9db9ec9d --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/db-templates/redis-persistent-template.json @@ -0,0 +1,215 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "redis-persistent", + "creationTimestamp": null, + "annotations": { + "openshift.io/display-name": "Redis (Persistent)", + "description": "Redis in-memory data structure store, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.\n\nNOTE: You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-redis", + "tags": "database,redis" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Password: ${REDIS_PASSWORD}\n Connection URL: redis://${DATABASE_SERVICE_NAME}:6379/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.", + "labels": { + "template": "redis-persistent-template" + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "redis", + "protocol": "TCP", + "port": 6379, + "targetPort": 6379, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "redis" + ], + "from": { + "kind": "ImageStreamTag", + "name": "redis:${REDIS_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "redis", + "image": " ", + "ports": [ + { + "containerPort": 6379, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "test \"$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)\" == \"PONG\""] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 6379 + } + }, + "env": [ + { + "name": "REDIS_PASSWORD", + "value": "${REDIS_PASSWORD}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/redis/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "redis", + "required": true + }, + { + "name": "REDIS_PASSWORD", + "displayName": "Redis Connection Password", + "description": "Password for the Redis connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "REDIS_VERSION", + "displayName": "Version of Redis Image", + "description": "Version of Redis image to be used (3.2 or latest).", + "value": "3.2", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json new file mode 100644 index 000000000..0d5ac21d8 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json @@ -0,0 +1,76 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .NET Core on RHEL" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.1/test/asp-net-hello-world" + }, + "from": { + "kind": "ImageStreamTag", + "name": "1.1" + } + }, + { + "name": "1.1", + "annotations": { + "openshift.io/display-name": ".NET Core 1.1", + "description": "Build and run .NET Core 1.1 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.1/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore11", + "supports":"dotnet:1.1,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.1/test/asp-net-hello-world", + "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnetcore-11-rhel7:1.1" + } + }, + { + "name": "1.0", + "annotations": { + "openshift.io/display-name": ".NET Core 1.0", + "description": "Build and run .NET Core 1.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.0/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "supports":"dotnet:1.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.0/test/asp-net-hello-world", + "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7:1.0" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-centos7.json new file mode 100644 index 000000000..1a90a9409 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-centos7.json @@ -0,0 +1,829 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": {}, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "ruby", + "annotations": { + "openshift.io/display-name": "Ruby" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Ruby (Latest)", + "description": "Build and run Ruby applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.3/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.3" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": "Ruby 2.0", + "description": "Build and run Ruby 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", + "iconClass": "icon-ruby", + "tags": "hidden,builder,ruby", + "supports": "ruby:2.0,ruby", + "version": "2.0", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/ruby-20-centos7:latest" + } + }, + { + "name": "2.2", + "annotations": { + "openshift.io/display-name": "Ruby 2.2", + "description": "Build and run Ruby 2.2 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.2/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.2,ruby", + "version": "2.2", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/ruby-22-centos7:latest" + } + }, + { + "name": "2.3", + "annotations": { + "openshift.io/display-name": "Ruby 2.3", + "description": "Build and run Ruby 2.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.3/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.3,ruby", + "version": "2.3", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/ruby-23-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "nodejs", + "annotations": { + "openshift.io/display-name": "Node.js" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Node.js (Latest)", + "description": "Build and run Node.js applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "4" + } + }, + { + "name": "0.10", + "annotations": { + "openshift.io/display-name": "Node.js 0.10", + "description": "DEPRECATED: Build and run Node.js 0.10 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", + "iconClass": "icon-nodejs", + "tags": "hidden,nodejs", + "supports":"nodejs:0.10,nodejs:0.1,nodejs", + "version": "0.10", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/nodejs-010-centos7:latest" + } + }, + { + "name": "4", + "annotations": { + "openshift.io/display-name": "Node.js 4", + "description": "Build and run Node.js 4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs:4,nodejs", + "version": "4", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/nodejs-4-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "perl", + "annotations": { + "openshift.io/display-name": "Perl" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Perl (Latest)", + "description": "Build and run Perl applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "5.24" + } + }, + { + "name": "5.16", + "annotations": { + "openshift.io/display-name": "Perl 5.16", + "description": "Build and run Perl 5.16 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", + "iconClass": "icon-perl", + "tags": "hidden,builder,perl", + "supports":"perl:5.16,perl", + "version": "5.16", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/perl-516-centos7:latest" + } + }, + { + "name": "5.20", + "annotations": { + "openshift.io/display-name": "Perl 5.20", + "description": "Build and run Perl 5.20 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.20,perl", + "version": "5.20", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/perl-520-centos7:latest" + } + }, + { + "name": "5.24", + "annotations": { + "openshift.io/display-name": "Perl 5.24", + "description": "Build and run Perl 5.24 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.24,perl", + "version": "5.24", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/perl-524-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "php", + "annotations": { + "openshift.io/display-name": "PHP" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "PHP (Latest)", + "description": "Build and run PHP applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "7.0" + } + }, + { + "name": "5.5", + "annotations": { + "openshift.io/display-name": "PHP 5.5", + "description": "Build and run PHP 5.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", + "iconClass": "icon-php", + "tags": "hidden,builder,php", + "supports":"php:5.5,php", + "version": "5.5", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/php-55-centos7:latest" + } + }, + { + "name": "5.6", + "annotations": { + "openshift.io/display-name": "PHP 5.6", + "description": "Build and run PHP 5.6 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:5.6,php", + "version": "5.6", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/php-56-centos7:latest" + } + }, + { + "name": "7.0", + "annotations": { + "openshift.io/display-name": "PHP 7.0", + "description": "Build and run PHP 7.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:7.0,php", + "version": "7.0", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/php-70-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "python", + "annotations": { + "openshift.io/display-name": "Python" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Python (Latest)", + "description": "Build and run Python applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.5" + } + }, + { + "name": "3.3", + "annotations": { + "openshift.io/display-name": "Python 3.3", + "description": "Build and run Python 3.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", + "iconClass": "icon-python", + "tags": "hidden,builder,python", + "supports":"python:3.3,python", + "version": "3.3", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/python-33-centos7:latest" + } + }, + { + "name": "2.7", + "annotations": { + "openshift.io/display-name": "Python 2.7", + "description": "Build and run Python 2.7 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:2.7,python", + "version": "2.7", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/python-27-centos7:latest" + } + }, + { + "name": "3.4", + "annotations": { + "openshift.io/display-name": "Python 3.4", + "description": "Build and run Python 3.4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.4/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:3.4,python", + "version": "3.4", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/python-34-centos7:latest" + } + }, + { + "name": "3.5", + "annotations": { + "openshift.io/display-name": "Python 3.5", + "description": "Build and run Python 3.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:3.5,python", + "version": "3.5", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/python-35-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "wildfly", + "annotations": { + "openshift.io/display-name": "WildFly" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "WildFly (Latest)", + "description": "Build and run WildFly applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of WildFly available on OpenShift, including major versions updates.", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"jee,java", + "sampleRepo": "https://github.com/bparees/openshift-jee-sample.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "10.1" + } + }, + { + "name": "8.1", + "annotations": { + "openshift.io/display-name": "WildFly 8.1", + "description": "Build and run WildFly 8.1 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"wildfly:8.1,jee,java", + "version": "8.1", + "sampleRepo": "https://github.com/bparees/openshift-jee-sample.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/wildfly-81-centos7:latest" + } + }, + { + "name": "9.0", + "annotations": { + "openshift.io/display-name": "WildFly 9.0", + "description": "Build and run WildFly 9.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"wildfly:9.0,jee,java", + "version": "9.0", + "sampleRepo": "https://github.com/bparees/openshift-jee-sample.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/wildfly-90-centos7:latest" + } + }, + { + "name": "10.0", + "annotations": { + "openshift.io/display-name": "WildFly 10.0", + "description": "Build and run WildFly 10.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"wildfly:10.0,jee,java", + "version": "10.0", + "sampleRepo": "https://github.com/bparees/openshift-jee-sample.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/wildfly-100-centos7:latest" + } + }, + { + "name": "10.1", + "annotations": { + "openshift.io/display-name": "WildFly 10.1", + "description": "Build and run WildFly 10.1 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"wildfly:10.1,jee,java", + "version": "10.1", + "sampleRepo": "https://github.com/bparees/openshift-jee-sample.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/wildfly-101-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mysql", + "annotations": { + "openshift.io/display-name": "MySQL" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MySQL (Latest)", + "description": "Provides a MySQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", + "iconClass": "icon-mysql-database", + "tags": "mysql" + }, + "from": { + "kind": "ImageStreamTag", + "name": "5.7" + } + }, + { + "name": "5.5", + "annotations": { + "openshift.io/display-name": "MySQL 5.5", + "description": "Provides a MySQL 5.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", + "iconClass": "icon-mysql-database", + "tags": "hidden,mysql", + "version": "5.5" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/mysql-55-centos7:latest" + } + }, + { + "name": "5.6", + "annotations": { + "openshift.io/display-name": "MySQL 5.6", + "description": "Provides a MySQL 5.6 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.6" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mysql-56-centos7:latest" + } + }, + { + "name": "5.7", + "annotations": { + "openshift.io/display-name": "MySQL 5.7", + "description": "Provides a MySQL 5.7 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.7" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mysql-57-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mariadb", + "annotations": { + "openshift.io/display-name": "MariaDB" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MariaDB (Latest)", + "description": "Provides a MariaDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", + "iconClass": "icon-mariadb", + "tags": "mariadb" + }, + "from": { + "kind": "ImageStreamTag", + "name": "10.1" + } + }, + { + "name": "10.1", + "annotations": { + "openshift.io/display-name": "MariaDB 10.1", + "description": "Provides a MariaDB 10.1 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.", + "iconClass": "icon-mariadb", + "tags": "mariadb", + "version": "10.1" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mariadb-101-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "postgresql", + "annotations": { + "openshift.io/display-name": "PostgreSQL" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "PostgreSQL (Latest)", + "description": "Provides a PostgreSQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", + "iconClass": "icon-postgresql", + "tags": "postgresql" + }, + "from": { + "kind": "ImageStreamTag", + "name": "9.5" + } + }, + { + "name": "9.2", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.2", + "description": "Provides a PostgreSQL 9.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", + "iconClass": "icon-postgresql", + "tags": "hidden,postgresql", + "version": "9.2" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/postgresql-92-centos7:latest" + } + }, + { + "name": "9.4", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.4", + "description": "Provides a PostgreSQL 9.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.4.", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.4" + }, + "from": { + "kind": "DockerImage", + "name": "centos/postgresql-94-centos7:latest" + } + }, + { + "name": "9.5", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.5", + "description": "Provides a PostgreSQL 9.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.5" + }, + "from": { + "kind": "DockerImage", + "name": "centos/postgresql-95-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mongodb", + "annotations": { + "openshift.io/display-name": "MongoDB" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MongoDB (Latest)", + "description": "Provides a MongoDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", + "iconClass": "icon-mongodb", + "tags": "mongodb" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "MongoDB 2.4", + "description": "Provides a MongoDB 2.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", + "iconClass": "icon-mongodb", + "tags": "hidden,mongodb", + "version": "2.4" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/mongodb-24-centos7:latest" + } + }, + { + "name": "2.6", + "annotations": { + "openshift.io/display-name": "MongoDB 2.6", + "description": "Provides a MongoDB 2.6 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.6/README.md.", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "2.6" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mongodb-26-centos7:latest" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "MongoDB 3.2", + "description": "Provides a MongoDB 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mongodb-32-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "redis", + "annotations": { + "openshift.io/display-name": "Redis" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Redis (Latest)", + "description": "Provides a Redis database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", + "iconClass": "icon-redis", + "tags": "redis" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "Redis 3.2", + "description": "Provides a Redis 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", + "iconClass": "icon-redis", + "tags": "redis", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "centos/redis-32-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jenkins", + "annotations": { + "openshift.io/display-name": "Jenkins" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Jenkins (Latest)", + "description": "Provides a Jenkins server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", + "iconClass": "icon-jenkins", + "tags": "jenkins" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2" + } + }, + { + "name": "1", + "annotations": { + "openshift.io/display-name": "Jenkins 1.X", + "description": "Provides a Jenkins 1.X server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", + "iconClass": "icon-jenkins", + "tags": "jenkins", + "version": "1.x" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/jenkins-1-centos7:latest" + } + }, + { + "name": "2", + "annotations": { + "openshift.io/display-name": "Jenkins 2.X", + "description": "Provides a Jenkins v2.x server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", + "iconClass": "icon-jenkins", + "tags": "jenkins", + "version": "2.x" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/jenkins-2-centos7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-rhel7.json new file mode 100644 index 000000000..9b19b8bd0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/image-streams/image-streams-rhel7.json @@ -0,0 +1,736 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": {}, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "ruby", + "annotations": { + "openshift.io/display-name": "Ruby" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Ruby (Latest)", + "description": "Build and run Ruby applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.3/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.3" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": "Ruby 2.0", + "description": "Build and run Ruby 2.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", + "iconClass": "icon-ruby", + "tags": "hidden,builder,ruby", + "supports": "ruby:2.0,ruby", + "version": "2.0", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/ruby-20-rhel7:latest" + } + }, + { + "name": "2.2", + "annotations": { + "openshift.io/display-name": "Ruby 2.2", + "description": "Build and run Ruby 2.2 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.2/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.2,ruby", + "version": "2.2", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/ruby-22-rhel7:latest" + } + }, + { + "name": "2.3", + "annotations": { + "openshift.io/display-name": "Ruby 2.3", + "description": "Build and run Ruby 2.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.3/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.3,ruby", + "version": "2.3", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/ruby-23-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "nodejs", + "annotations": { + "openshift.io/display-name": "Node.js" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Node.js (Latest)", + "description": "Build and run Node.js applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "4" + } + }, + { + "name": "0.10", + "annotations": { + "openshift.io/display-name": "Node.js 0.10", + "description": "DEPRECATED: Build and run Node.js 0.10 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", + "iconClass": "icon-nodejs", + "tags": "hidden,nodejs", + "supports":"nodejs:0.10,nodejs:0.1,nodejs", + "version": "0.10", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/nodejs-010-rhel7:latest" + } + }, + { + "name": "4", + "annotations": { + "openshift.io/display-name": "Node.js 4", + "description": "Build and run Node.js 4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs:4,nodejs", + "version": "4", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/nodejs-4-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "perl", + "annotations": { + "openshift.io/display-name": "Perl" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Perl (Latest)", + "description": "Build and run Perl applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "5.24" + } + }, + { + "name": "5.16", + "annotations": { + "openshift.io/display-name": "Perl 5.16", + "description": "Build and run Perl 5.16 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", + "iconClass": "icon-perl", + "tags": "hidden,builder,perl", + "supports":"perl:5.16,perl", + "version": "5.16", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/perl-516-rhel7:latest" + } + }, + { + "name": "5.20", + "annotations": { + "openshift.io/display-name": "Perl 5.20", + "description": "Build and run Perl 5.20 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.20,perl", + "version": "5.20", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/perl-520-rhel7:latest" + } + }, + { + "name": "5.24", + "annotations": { + "openshift.io/display-name": "Perl 5.24", + "description": "Build and run Perl 5.24 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.24,perl", + "version": "5.24", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/perl-524-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "php", + "annotations": { + "openshift.io/display-name": "PHP" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "PHP (Latest)", + "description": "Build and run PHP applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "5.6" + } + }, + { + "name": "5.5", + "annotations": { + "openshift.io/display-name": "PHP 5.5", + "description": "Build and run PHP 5.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", + "iconClass": "icon-php", + "tags": "hidden,builder,php", + "supports":"php:5.5,php", + "version": "5.5", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/php-55-rhel7:latest" + } + }, + { + "name": "5.6", + "annotations": { + "openshift.io/display-name": "PHP 5.6", + "description": "Build and run PHP 5.6 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:5.6,php", + "version": "5.6", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/php-56-rhel7:latest" + } + }, + { + "name": "7.0", + "annotations": { + "openshift.io/display-name": "PHP 7.0", + "description": "Build and run PHP 7.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:7.0,php", + "version": "7.0", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/php-70-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "python", + "annotations": { + "openshift.io/display-name": "Python" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Python (Latest)", + "description": "Build and run Python applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.5" + } + }, + { + "name": "3.3", + "annotations": { + "openshift.io/display-name": "Python 3.3", + "description": "Build and run Python 3.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", + "iconClass": "icon-python", + "tags": "hidden,builder,python", + "supports":"python:3.3,python", + "version": "3.3", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/python-33-rhel7:latest" + } + }, + { + "name": "2.7", + "annotations": { + "openshift.io/display-name": "Python 2.7", + "description": "Build and run Python 2.7 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:2.7,python", + "version": "2.7", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/python-27-rhel7:latest" + } + }, + { + "name": "3.4", + "annotations": { + "openshift.io/display-name": "Python 3.4", + "description": "Build and run Python 3.4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.4/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:3.4,python", + "version": "3.4", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/python-34-rhel7:latest" + } + }, + { + "name": "3.5", + "annotations": { + "openshift.io/display-name": "Python 3.5", + "description": "Build and run Python 3.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:3.5,python", + "version": "3.5", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/python-35-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mysql", + "annotations": { + "openshift.io/display-name": "MySQL" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MySQL (Latest)", + "description": "Provides a MySQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", + "iconClass": "icon-mysql-database", + "tags": "mysql" + }, + "from": { + "kind": "ImageStreamTag", + "name": "5.7" + } + }, + { + "name": "5.5", + "annotations": { + "openshift.io/display-name": "MySQL 5.5", + "description": "Provides a MySQL 5.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", + "iconClass": "icon-mysql-database", + "tags": "hidden,mysql", + "version": "5.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/mysql-55-rhel7:latest" + } + }, + { + "name": "5.6", + "annotations": { + "openshift.io/display-name": "MySQL 5.6", + "description": "Provides a MySQL 5.6 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.6" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mysql-56-rhel7:latest" + } + }, + { + "name": "5.7", + "annotations": { + "openshift.io/display-name": "MySQL 5.7", + "description": "Provides a MySQL 5.7 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mysql-57-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mariadb", + "annotations": { + "openshift.io/display-name": "MariaDB" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MariaDB (Latest)", + "description": "Provides a MariaDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", + "iconClass": "icon-mariadb", + "tags": "mariadb" + }, + "from": { + "kind": "ImageStreamTag", + "name": "10.1" + } + }, + { + "name": "10.1", + "annotations": { + "openshift.io/display-name": "MariaDB 10.1", + "description": "Provides a MariaDB 10.1 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.", + "iconClass": "icon-mariadb", + "tags": "mariadb", + "version": "10.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mariadb-101-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "postgresql", + "annotations": { + "openshift.io/display-name": "PostgreSQL" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "PostgreSQL (Latest)", + "description": "Provides a PostgreSQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", + "iconClass": "icon-postgresql", + "tags": "postgresql" + }, + "from": { + "kind": "ImageStreamTag", + "name": "9.5" + } + }, + { + "name": "9.2", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.2", + "description": "Provides a PostgreSQL 9.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", + "iconClass": "icon-postgresql", + "tags": "hidden,postgresql", + "version": "9.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/postgresql-92-rhel7:latest" + } + }, + { + "name": "9.4", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.4", + "description": "Provides a PostgreSQL 9.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.4.", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/postgresql-94-rhel7:latest" + } + }, + { + "name": "9.5", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.5", + "description": "Provides a PostgreSQL 9.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/postgresql-95-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mongodb", + "annotations": { + "openshift.io/display-name": "MongoDB" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MongoDB (Latest)", + "description": "Provides a MongoDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", + "iconClass": "icon-mongodb", + "tags": "mongodb" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "MongoDB 2.4", + "description": "Provides a MongoDB 2.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", + "iconClass": "icon-mongodb", + "tags": "hidden,mongodb", + "version": "2.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/mongodb-24-rhel7:latest" + } + }, + { + "name": "2.6", + "annotations": { + "openshift.io/display-name": "MongoDB 2.6", + "description": "Provides a MongoDB 2.6 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.6/README.md.", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "2.6" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mongodb-26-rhel7:latest" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "MongoDB 3.2", + "description": "Provides a MongoDB 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mongodb-32-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "redis", + "annotations": { + "openshift.io/display-name": "Redis" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Redis (Latest)", + "description": "Provides a Redis database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", + "iconClass": "icon-redis", + "tags": "redis" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "Redis 3.2", + "description": "Provides a Redis 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", + "iconClass": "icon-redis", + "tags": "redis", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/redis-32-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jenkins", + "annotations": { + "openshift.io/display-name": "Jenkins" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Jenkins (Latest)", + "description": "Provides a Jenkins server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", + "iconClass": "icon-jenkins", + "tags": "jenkins" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2" + } + }, + { + "name": "1", + "annotations": { + "openshift.io/display-name": "Jenkins 1.X", + "description": "Provides a Jenkins 1.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", + "iconClass": "icon-jenkins", + "tags": "jenkins", + "version": "1.x" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/jenkins-1-rhel7:latest" + } + }, + { + "name": "2", + "annotations": { + "openshift.io/display-name": "Jenkins 2.X", + "description": "Provides a Jenkins 2.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", + "iconClass": "icon-jenkins", + "tags": "jenkins", + "version": "2.x" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/jenkins-2-rhel7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/README.md b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/README.md new file mode 100644 index 000000000..62765e03d --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/README.md @@ -0,0 +1,22 @@ +QuickStarts +=========== + +QuickStarts provide the basic skeleton of an application. Generally they +reference a repository containing very simple source code that implements a +trivial application using a particular framework. In addition they define any +components needed for the application including a Build configuration, +supporting services such as Databases, etc. + +You can instantiate these templates as is, or fork the source repository they +reference and supply your forked repository as the source-repository when +instantiating them. + +* [CakePHP](https://raw.githubusercontent.com/openshift/cakephp-ex/master/openshift/templates/cakephp-mysql.json) - Provides a basic CakePHP application with a MySQL database. For more information see the [source repository](https://github.com/openshift/cakephp-ex). +* [Dancer](https://raw.githubusercontent.com/openshift/dancer-ex/master/openshift/templates/dancer-mysql.json) - Provides a basic Dancer (Perl) application with a MySQL database. For more information see the [source repository](https://github.com/openshift/dancer-ex). +* [Django](https://raw.githubusercontent.com/openshift/django-ex/master/openshift/templates/django-postgresql.json) - Provides a basic Django (Python) application with a PostgreSQL database. For more information see the [source repository](https://github.com/openshift/django-ex). +* [NodeJS](https://raw.githubusercontent.com/openshift/nodejs-ex/master/openshift/templates/nodejs-mongodb.json) - Provides a basic NodeJS application with a MongoDB database. For more information see the [source repository](https://github.com/openshift/nodejs-ex). +* [Rails](https://raw.githubusercontent.com/openshift/rails-ex/master/openshift/templates/rails-postgresql.json) - Provides a basic Rails (Ruby) application with a PostgreSQL database. For more information see the [source repository](https://github.com/openshift/rails-ex). + +Note: This file is processed by `hack/update-external-examples.sh`. New examples +must follow the exact syntax of the existing entries. Files in this directory +are automatically pulled down, do not modify/add files to this directory. diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/apicast-gateway-template.yml b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/apicast-gateway-template.yml new file mode 100644 index 000000000..34f5fcbcc --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/apicast-gateway-template.yml @@ -0,0 +1,149 @@ +apiVersion: v1 +kind: Template +metadata: + creationTimestamp: null + name: 3scale-gateway + annotations: + description: "3scale API Gateway" + iconClass: "icon-load-balancer" + tags: "api,gateway,3scale" +objects: +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: ${THREESCALE_GATEWAY_NAME} + spec: + replicas: 2 + selector: + deploymentconfig: ${THREESCALE_GATEWAY_NAME} + strategy: + resources: {} + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + deploymentconfig: ${THREESCALE_GATEWAY_NAME} + spec: + containers: + - env: + - name: THREESCALE_PORTAL_ENDPOINT + valueFrom: + secretKeyRef: + name: ${THREESCALE_PORTAL_ENDPOINT_SECRET} + key: password + - name: THREESCALE_CONFIG_FILE + value: ${THREESCALE_CONFIG_FILE} + - name: RESOLVER + value: ${RESOLVER} + - name: APICAST_SERVICES + value: ${APICAST_SERVICES} + - name: APICAST_MISSING_CONFIGURATION + value: ${MISSING_CONFIGURATION} + - name: APICAST_LOG_LEVEL + value: ${APICAST_LOG_LEVEL} + - name: APICAST_PATH_ROUTING_ENABLED + value: ${PATH_ROUTING} + - name: APICAST_RESPONSE_CODES + value: ${RESPONSE_CODES} + - name: APICAST_REQUEST_LOGS + value: ${REQUEST_LOGS} + - name: APICAST_RELOAD_CONFIG + value: ${APICAST_RELOAD_CONFIG} + image: ${THREESCALE_GATEWAY_IMAGE} + imagePullPolicy: Always + name: ${THREESCALE_GATEWAY_NAME} + livenessProbe: + httpGet: + path: /status/live + port: 8090 + initialDelaySeconds: 10 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: /status/ready + port: 8090 + initialDelaySeconds: 15 + timeoutSeconds: 1 + ports: + - containerPort: 8080 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + dnsPolicy: ClusterFirst + restartPolicy: Always + securityContext: {} + terminationGracePeriodSeconds: 30 + triggers: + - type: ConfigChange + status: {} +- apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + name: ${THREESCALE_GATEWAY_NAME} + spec: + ports: + - name: 8080-tcp + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + deploymentconfig: ${THREESCALE_GATEWAY_NAME} + sessionAffinity: None + type: ClusterIP + status: + loadBalancer: {} +parameters: +- description: "Name of the secret containing the THREESCALE_PORTAL_ENDPOINT with the access-token or provider key" + value: threescale-portal-endpoint-secret + name: THREESCALE_PORTAL_ENDPOINT_SECRET + required: true +- description: "Path to saved JSON file with configuration for the gateway. Has to be injected to the docker image as read only volume." + value: + name: THREESCALE_CONFIG_FILE + required: false +- description: "Name for the 3scale API Gateway" + value: threescalegw + name: THREESCALE_GATEWAY_NAME + required: true +- description: "Docker image to use." + value: 'rhamp10/apicast-gateway:1.0.0-4' + name: THREESCALE_GATEWAY_IMAGE + required: true +- description: "DNS Resolver for openresty, if empty it will be autodiscovered" + value: + name: RESOLVER + required: false +- description: "Subset of services to run. Use comma separated list of service ids (eg. 42,1337)" + value: + name: APICAST_SERVICES + required: false +- description: "What to do on missing or invalid configuration. Allowed values are: log, exit." + value: exit + required: false + name: MISSING_CONFIGURATION +- description: "Log level. One of the following: debug, info, notice, warn, error, crit, alert, or emerg." + name: APICAST_LOG_LEVEL + required: false +- description: "Enable path routing. Experimental feature." + name: PATH_ROUTING + required: false + value: "false" +- description: "Enable traffic logging to 3scale. Includes whole request and response." + value: "false" + name: REQUEST_LOGS + required: false +- description: "Enable logging response codes to 3scale." + value: "false" + name: RESPONSE_CODES + required: false +- description: "Reload config on every request" + value: "false" + name: APICAST_RELOAD_CONFIG + required: false diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json new file mode 100644 index 000000000..9dbbf89d1 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/cakephp-mysql.json @@ -0,0 +1,531 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "cakephp-mysql-example", + "annotations": { + "openshift.io/display-name": "CakePHP + MySQL (Ephemeral)", + "description": "An example CakePHP application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/cakephp-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,php,cakephp", + "iconClass": "icon-php" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/cake-ex/blob/master/README.md.", + "labels": { + "template": "cakephp-mysql-example" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "php:5.6" + }, + "env": [ + { + "name": "COMPOSER_MIRROR", + "value": "${COMPOSER_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server" + } + }, + "spec": { + "strategy": { + "type": "Recreate", + "recreateParams": { + "pre": { + "failurePolicy": "Retry", + "execNewPod": { + "command": [ + "./migrate-database.sh" + ], + "containerName": "cakephp-mysql-example" + } + } + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "cakephp-mysql-example" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "cakephp-mysql-example", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health.php", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "DATABASE_ENGINE", + "value": "${DATABASE_ENGINE}" + }, + { + "name": "DATABASE_NAME", + "value": "${DATABASE_NAME}" + }, + { + "name": "DATABASE_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } + }, + { + "name": "DATABASE_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } + }, + { + "name": "CAKEPHP_SECRET_TOKEN", + "value": "${CAKEPHP_SECRET_TOKEN}" + }, + { + "name": "CAKEPHP_SECURITY_SALT", + "value": "${CAKEPHP_SECURITY_SALT}" + }, + { + "name": "CAKEPHP_SECURITY_CIPHER_SEED", + "value": "${CAKEPHP_SECURITY_CIPHER_SEED}" + }, + { + "name": "OPCACHE_REVALIDATE_FREQ", + "value": "${OPCACHE_REVALIDATE_FREQ}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "mysql", + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "mysql:5.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], + "containers": [ + { + "name": "mysql", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/mysql/data" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "MYSQL_PWD='${DATABASE_PASSWORD}' mysql -h 127.0.0.1 -u ${DATABASE_USER} -D ${DATABASE_NAME} -e 'SELECT 1'" ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_MYSQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "cakephp-mysql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the CakePHP container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "MEMORY_MYSQL_LIMIT", + "displayName": "Memory Limit (MySQL)", + "description": "Maximum amount of memory the MySQL container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/openshift/cakephp-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "mysql" + }, + { + "name": "DATABASE_ENGINE", + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default).", + "required": true, + "value": "mysql" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "default" + }, + { + "name": "DATABASE_USER", + "displayName": "Database User", + "required": true, + "value": "cakephp" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "CAKEPHP_SECRET_TOKEN", + "displayName": "CakePHP secret token", + "description": "Set this to a long random string.", + "generate": "expression", + "from": "[\\w]{50}" + }, + { + "name": "CAKEPHP_SECURITY_SALT", + "displayName": "CakePHP Security Salt", + "description": "Security salt for session hash.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CAKEPHP_SECURITY_CIPHER_SEED", + "displayName": "CakePHP Security Cipher Seed", + "description": "Security cipher seed for session hash.", + "generate": "expression", + "from": "[0-9]{30}" + }, + { + "name": "OPCACHE_REVALIDATE_FREQ", + "displayName": "OPcache Revalidation Frequency", + "description": "How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", + "value": "2" + }, + { + "name": "COMPOSER_MIRROR", + "displayName": "Custom Composer Mirror URL", + "description": "The custom Composer mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json new file mode 100644 index 000000000..dccb8bf7f --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dancer-mysql.json @@ -0,0 +1,487 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "dancer-mysql-example", + "annotations": { + "openshift.io/display-name": "Dancer + MySQL (Ephemeral)", + "description": "An example Dancer application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,perl,dancer", + "iconClass": "icon-perl" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", + "labels": { + "template": "dancer-mysql-example" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "perl:5.20" + }, + "env": [ + { + "name": "CPAN_MIRROR", + "value": "${CPAN_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "perl -I extlib/lib/perl5 -I lib t/*" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server" + } + }, + "spec": { + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "dancer-mysql-example" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "dancer-mysql-example", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "SECRET_KEY_BASE", + "value": "${SECRET_KEY_BASE}" + }, + { + "name": "PERL_APACHE2_RELOAD", + "value": "${PERL_APACHE2_RELOAD}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "mysql", + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "mysql:5.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], + "containers": [ + { + "name": "mysql", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/mysql/data" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "MYSQL_PWD='${DATABASE_PASSWORD}' mysql -h 127.0.0.1 -u ${DATABASE_USER} -D ${DATABASE_NAME} -e 'SELECT 1'" ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_MYSQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "dancer-mysql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Perl Dancer container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "MEMORY_MYSQL_LIMIT", + "displayName": "Memory Limit (MySQL)", + "description": "Maximum amount of memory the MySQL container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/openshift/dancer-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "database" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{8}" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "sampledb" + }, + { + "name": "PERL_APACHE2_RELOAD", + "displayName": "Perl Module Reload", + "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules.", + "value": "" + }, + { + "name": "SECRET_KEY_BASE", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", + "generate": "expression", + "from": "[a-z0-9]{127}" + }, + { + "name": "CPAN_MIRROR", + "displayName": "Custom CPAN Mirror URL", + "description": "The custom CPAN mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json new file mode 100644 index 000000000..59ff8a988 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/django-postgresql.json @@ -0,0 +1,500 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "django-psql-example", + "annotations": { + "openshift.io/display-name": "Django + PostgreSQL (Ephemeral)", + "description": "An example Django application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,python,django", + "iconClass": "icon-python" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", + "labels": { + "template": "django-psql-example" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "python:3.5" + }, + "env": [ + { + "name": "PIP_INDEX_URL", + "value": "${PIP_INDEX_URL}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "./manage.py test" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server" + } + }, + "spec": { + "strategy": { + "type": "Rolling" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "django-psql-example" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "django-psql-example", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "DATABASE_ENGINE", + "value": "${DATABASE_ENGINE}" + }, + { + "name": "DATABASE_NAME", + "value": "${DATABASE_NAME}" + }, + { + "name": "DATABASE_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } + }, + { + "name": "DATABASE_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } + }, + { + "name": "APP_CONFIG", + "value": "${APP_CONFIG}" + }, + { + "name": "DJANGO_SECRET_KEY", + "value": "${DJANGO_SECRET_KEY}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "postgresql:9.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432 + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + } + ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "django-psql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "required": true, + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "required": true, + "description": "Maximum amount of memory the Django container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_POSTGRESQL_LIMIT", + "displayName": "Memory Limit (PostgreSQL)", + "required": true, + "description": "Maximum amount of memory the PostgreSQL container can use.", + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "required": true, + "description": "The URL of the repository with your application source code.", + "value": "https://github.com/openshift/django-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "postgresql" + }, + { + "name": "DATABASE_ENGINE", + "displayName": "Database Engine", + "required": true, + "description": "Database engine: postgresql, mysql or sqlite (default).", + "value": "postgresql" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "default" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "required": true, + "value": "django" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database User Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "APP_CONFIG", + "displayName": "Application Configuration File Path", + "description": "Relative path to Gunicorn configuration file (optional)." + }, + { + "name": "DJANGO_SECRET_KEY", + "displayName": "Django Secret Key", + "description": "Set this to a long random string.", + "generate": "expression", + "from": "[\\w]{50}" + }, + { + "name": "PIP_INDEX_URL", + "displayName": "Custom PyPi Index URL", + "description": "The custom PyPi index URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/jenkins-ephemeral-template.json new file mode 100644 index 000000000..62ccc5b7f --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/jenkins-ephemeral-template.json @@ -0,0 +1,275 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "jenkins-ephemeral", + "creationTimestamp": null, + "annotations": { + "openshift.io/display-name": "Jenkins (Ephemeral)", + "description": "Jenkins service, without persistent storage.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "iconClass": "icon-jenkins", + "tags": "instant-app,jenkins" + } + }, + "message": "A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", + "objects": [ + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "to": { + "kind": "Service", + "name": "${JENKINS_SERVICE_NAME}" + }, + "tls": { + "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "jenkins" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${JENKINS_IMAGE_STREAM_TAG}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", + "containers": [ + { + "name": "jenkins", + "image": " ", + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 420, + "failureThreshold" : 30, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "env": [ + { + "name": "OPENSHIFT_ENABLE_OAUTH", + "value": "${ENABLE_OAUTH}" + }, + { + "name": "OPENSHIFT_ENABLE_REDIRECT_PROMPT", + "value": "true" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "mountPath": "/var/lib/jenkins" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + } + }, + { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "serviceaccounts.openshift.io/oauth-redirectreference.jenkins": "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"${JENKINS_SERVICE_NAME}\"}}" + } + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JNLP_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "agent", + "protocol": "TCP", + "port": 50000, + "targetPort": 50000, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + } + } + ], + "parameters": [ + { + "name": "JENKINS_SERVICE_NAME", + "displayName": "Jenkins Service Name", + "description": "The name of the OpenShift Service exposed for the Jenkins container.", + "value": "jenkins" + }, + { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { + "name": "ENABLE_OAUTH", + "displayName": "Enable OAuth in Jenkins", + "description": "Whether to enable OAuth OpenShift integration. If false, the static account 'admin' will be initialized with the password 'password'.", + "value": "true" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" + } + ], + "labels": { + "template": "jenkins-ephemeral-template" + } +} diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/jenkins-persistent-template.json new file mode 100644 index 000000000..50c4ad566 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/jenkins-persistent-template.json @@ -0,0 +1,299 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "jenkins-persistent", + "creationTimestamp": null, + "annotations": { + "openshift.io/display-name": "Jenkins (Persistent)", + "description": "Jenkins service, with persistent storage.\n\nNOTE: You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-jenkins", + "tags": "instant-app,jenkins" + } + }, + "message": "A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", + "objects": [ + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "to": { + "kind": "Service", + "name": "${JENKINS_SERVICE_NAME}" + }, + "tls": { + "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "creationTimestamp": null + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "jenkins" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${JENKINS_IMAGE_STREAM_TAG}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", + "containers": [ + { + "name": "jenkins", + "image": " ", + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 420, + "failureThreshold" : 30, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "env": [ + { + "name": "OPENSHIFT_ENABLE_OAUTH", + "value": "${ENABLE_OAUTH}" + }, + { + "name": "OPENSHIFT_ENABLE_REDIRECT_PROMPT", + "value": "true" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "mountPath": "/var/lib/jenkins" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${JENKINS_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + } + }, + { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "serviceaccounts.openshift.io/oauth-redirectreference.jenkins": "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"${JENKINS_SERVICE_NAME}\"}}" + } + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JNLP_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "agent", + "protocol": "TCP", + "port": 50000, + "targetPort": 50000, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + }, + "creationTimestamp": null + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + } + } + ], + "parameters": [ + { + "name": "JENKINS_SERVICE_NAME", + "displayName": "Jenkins Service Name", + "description": "The name of the OpenShift Service exposed for the Jenkins container.", + "value": "jenkins" + }, + { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { + "name": "ENABLE_OAUTH", + "displayName": "Enable OAuth in Jenkins", + "description": "Whether to enable OAuth OpenShift integration. If false, the static account 'admin' will be initialized with the password 'password'.", + "value": "true" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" + } + ], + "labels": { + "template": "jenkins-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json new file mode 100644 index 000000000..91f9ec7b3 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/nodejs-mongodb.json @@ -0,0 +1,517 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "nodejs-mongodb-example", + "annotations": { + "openshift.io/display-name": "Node.js + MongoDB (Ephemeral)", + "description": "An example Node.js application with a MongoDB database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,nodejs", + "iconClass": "icon-nodejs" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", + "labels": { + "template": "nodejs-mongodb-example" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData": { + "databaseUser": "${DATABASE_USER}", + "databasePassword": "${DATABASE_PASSWORD}", + "databaseAdminPassword" : "${DATABASE_ADMIN_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "nodejs:4" + }, + "env": [ + { + "name": "NPM_MIRROR", + "value": "${NPM_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "npm test" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server" + } + }, + "spec": { + "strategy": { + "type": "Rolling" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "nodejs-mongodb-example" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "nodejs-mongodb-example", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "MONGODB_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } + }, + { + "name": "MONGODB_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } + }, + { + "name": "MONGODB_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseAdminPassword" + } + } + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "mongodb", + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "mongodb:3.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mongodb", + "image": " ", + "ports": [ + { + "containerPort": 27017 + } + ], + "env": [ + { + "name": "MONGODB_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } + }, + { + "name": "MONGODB_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } + }, + { + "name": "MONGODB_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseAdminPassword" + } + } + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 3, + "exec": { + "command": [ + "/bin/sh", + "-i", + "-c", + "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\"" + ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 27017 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_MONGODB_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mongodb/data" + } + ] + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "nodejs-mongodb-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Node.js container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "MEMORY_MONGODB_LIMIT", + "displayName": "Memory Limit (MongoDB)", + "description": "Maximum amount of memory the MongoDB container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/openshift/nodejs-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "GENERIC_WEBHOOK_SECRET", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "mongodb" + }, + { + "name": "DATABASE_USER", + "displayName": "MongoDB Username", + "description": "Username for MongoDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "sampledb" + }, + { + "name": "DATABASE_ADMIN_PASSWORD", + "displayName": "Database Administrator Password", + "description": "Password for the database admin user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "NPM_MIRROR", + "displayName": "Custom NPM Mirror URL", + "description": "The custom NPM mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json new file mode 100644 index 000000000..6373562c4 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/rails-postgresql.json @@ -0,0 +1,562 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "rails-postgresql-example", + "annotations": { + "openshift.io/display-name": "Rails + PostgreSQL (Ephemeral)", + "description": "An example Rails application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,ruby,rails", + "iconClass": "icon-ruby" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", + "labels": { + "template": "rails-postgresql-example" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "databaseUser" : "${DATABASE_USER}", + "databasePassword" : "${DATABASE_PASSWORD}", + "applicationUser" : "${APPLICATION_USER}", + "applicationPassword" : "${APPLICATION_PASSWORD}", + "keyBase" : "${SECRET_KEY_BASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "ruby:2.3" + }, + "env": [ + { + "name": "RUBYGEM_MIRROR", + "value": "${RUBYGEM_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "bundle exec rake test" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server" + } + }, + "spec": { + "strategy": { + "type": "Recreate", + "recreateParams": { + "pre": { + "failurePolicy": "Abort", + "execNewPod": { + "command": [ + "./migrate-database.sh" + ], + "containerName": "${NAME}" + } + } + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "rails-postgresql-example" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "rails-postgresql-example", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 5, + "httpGet": { + "path": "/articles", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 10, + "httpGet": { + "path": "/articles", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databaseUser" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "databasePassword" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "SECRET_KEY_BASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "keyBase" + } + } + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + }, + { + "name": "APPLICATION_DOMAIN", + "value": "${APPLICATION_DOMAIN}" + }, + { + "name": "APPLICATION_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "applicationUser" + } + } + }, + { + "name": "APPLICATION_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "applicationPassword" + } + } + }, + { + "name": "RAILS_ENV", + "value": "${RAILS_ENV}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "postgresql:9.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DATABASE_USER}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DATABASE_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "rails-postgresql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "required": true, + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "required": true, + "description": "Maximum amount of memory the Rails container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_POSTGRESQL_LIMIT", + "displayName": "Memory Limit (PostgreSQL)", + "required": true, + "description": "Maximum amount of memory the PostgreSQL container can use.", + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "required": true, + "description": "The URL of the repository with your application source code.", + "value": "https://github.com/openshift/rails-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Rails service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "SECRET_KEY_BASE", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", + "generate": "expression", + "from": "[a-z0-9]{127}" + }, + { + "name": "APPLICATION_USER", + "displayName": "Application Username", + "required": true, + "description": "The application user that is used within the sample application to authorize access on pages.", + "value": "openshift" + }, + { + "name": "APPLICATION_PASSWORD", + "displayName": "Application Password", + "required": true, + "description": "The application password that is used within the sample application to authorize access on pages.", + "value": "secret" + }, + { + "name": "RAILS_ENV", + "displayName": "Rails Environment", + "required": true, + "description": "Environment under which the sample application will run. Could be set to production, development or test.", + "value": "production" + }, + { + "name": "DATABASE_SERVICE_NAME", + "required": true, + "displayName": "Database Service Name", + "value": "postgresql" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{8}" + }, + { + "name": "DATABASE_NAME", + "required": true, + "displayName": "Database Name", + "value": "root" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "displayName": "Maximum Database Connections", + "value": "100" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "displayName": "Shared Buffer Amount", + "value": "12MB" + }, + { + "name": "RUBYGEM_MIRROR", + "displayName": "Custom RubyGems Mirror URL", + "description": "The custom RubyGems mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-streams/fis-image-streams.json b/roles/openshift_examples/files/examples/v1.5/xpaas-streams/fis-image-streams.json new file mode 100644 index 000000000..ed0e94bed --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-streams/fis-image-streams.json @@ -0,0 +1,56 @@ +{ + "kind": "List", + "apiVersion": "v1", + "metadata": { + "name": "fis-image-streams", + "annotations": { + "description": "ImageStream definitions for JBoss Fuse Integration Services." + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "fis-java-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-fuse-6/fis-java-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Fuse Integration Services 6.2.1 Java S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,xpaas", + "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", + "version": "1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "fis-karaf-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-fuse-6/fis-karaf-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Fuse Integration Services 6.2.1 Karaf S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,karaf,xpaas", + "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", + "version": "1.0" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.5/xpaas-streams/jboss-image-streams.json new file mode 100644 index 000000000..a7cb12867 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-streams/jboss-image-streams.json @@ -0,0 +1,372 @@ +{ + "kind": "List", + "apiVersion": "v1", + "metadata": { + "name": "jboss-image-streams", + "annotations": { + "description": "ImageStream definitions for JBoss Middleware products." + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-webserver30-tomcat7-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift", + "tags": [ + { + "name": "1.1", + "annotations": { + "description": "JBoss Web Server 3.0 Tomcat 7 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", + "supports":"tomcat7:3.0,tomcat:7,java:8,xpaas:1.1", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss Web Server 3.0 Tomcat 7 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", + "supports":"tomcat7:3.0,tomcat:7,java:8,xpaas:1.2", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.2" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-webserver30-tomcat8-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift", + "tags": [ + { + "name": "1.1", + "annotations": { + "description": "JBoss Web Server 3.0 Tomcat 8 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", + "supports":"tomcat8:3.0,tomcat:8,java:8,xpaas:1.1", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss Web Server 3.0 Tomcat 8 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", + "supports":"tomcat8:3.0,tomcat:8,java:8,xpaas:1.2", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.2" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-eap64-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-eap-6/eap64-openshift", + "tags": [ + { + "name": "1.1", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.1", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.2", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.2" + } + }, + { + "name": "1.3", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.3" + } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.4" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-eap70-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-eap-7/eap70-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.0,javaee:7,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.3" + } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.0,javaee:7,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.4" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-decisionserver62-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift", + "tags": [ + { + "name": "1.2", + "annotations": { + "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,decisionserver,java,xpaas", + "supports":"decisionserver:6.2,java:8,xpaas:1.2", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.2", + "version": "1.2" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-decisionserver63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,decisionserver,java,xpaas", + "supports":"decisionserver:6.3,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-processserver63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,processserver,java,xpaas", + "supports":"processserver:6.3,java:8,xpaas:1.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid65-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift", + "tags": [ + { + "name": "1.2", + "annotations": { + "description": "JBoss Data Grid 6.5 S2I images.", + "iconClass": "icon-jboss", + "tags": "datagrid,java,jboss,xpaas", + "supports":"datagrid:6.5,java:8,xpaas:1.2", + "version": "1.2" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datavirt63-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", + "iconClass": "icon-jboss", + "tags": "datavirt,java,jboss,xpaas", + "supports":"datavirt:6.3,java:8,xpaas:1.4", + "version": "1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-amq-62" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-amq-6/amq62-openshift", + "tags": [ + { + "name": "1.1", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "supports":"amq:6.2,messaging,xpaas:1.1", + "version": "1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "supports":"amq:6.2,messaging,xpaas:1.2", + "version": "1.2" + } + }, + { + "name": "1.3", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "supports":"amq:6.2,messaging,xpaas:1.3", + "version": "1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "redhat-sso70-openshift", + "annotations": { + "description": "Red Hat SSO 7.0" + } + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift", + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat SSO 7.0", + "iconClass": "icon-jboss", + "tags": "sso,keycloak,redhat", + "supports":"sso:7.0,xpaas:1.3", + "version": "1.3" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-basic.json new file mode 100644 index 000000000..ab35afead --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-basic.json @@ -0,0 +1,321 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template doesn't feature SSL support.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "version": "1.3.1" + }, + "name": "amq62-basic" + }, + "labels": { + "template": "amq62-basic", + "xpaas": "1.3.1" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-persistent-ssl.json new file mode 100644 index 000000000..c12f06dec --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-persistent-ssl.json @@ -0,0 +1,549 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for JBoss A-MQ brokers. These are deployed as standalone and use persistent storage for saving messages. This template supports SSL and requires usage of OpenShift secrets.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "version": "1.3.1" + }, + "name": "amq62-persistent-ssl" + }, + "labels": { + "template": "amq62-persistent-ssl", + "xpaas": "1.3.1" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5671, + "targetPort": 5671 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8883, + "targetPort": 8883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61612, + "targetPort": 61612 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port." + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "amq-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + }, + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "mqtt-ssl", + "containerPort": 8883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + }, + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-persistent.json new file mode 100644 index 000000000..897ce0395 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-persistent.json @@ -0,0 +1,371 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone and use persistent storage for saving messages. This template doesn't feature SSL support.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "version": "1.3.1" + }, + "name": "amq62-persistent" + }, + "labels": { + "template": "amq62-persistent", + "xpaas": "1.3.1" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-ssl.json new file mode 100644 index 000000000..97d110286 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/amq62-ssl.json @@ -0,0 +1,503 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template supports SSL and requires usage of OpenShift secrets.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "version": "1.3.1" + }, + "name": "amq62-ssl" + }, + "labels": { + "template": "amq62-ssl", + "xpaas": "1.3.1" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. SSL variants of these protocols will be configured automaticaly.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5671, + "targetPort": 5671 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8883, + "targetPort": 8883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61612, + "targetPort": 61612 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port." + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "amq-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "mqtt-ssl", + "containerPort": 8883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-basic.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-basic.json new file mode 100644 index 000000000..56e76016f --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-basic.json @@ -0,0 +1,332 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 applications.", + "tags": "datagrid,jboss,xpaas", + "version": "1.2.0" + }, + "name": "datagrid65-basic" + }, + "labels": { + "template": "datagrid65-basic", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-https.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-https.json new file mode 100644 index 000000000..639ac2e11 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-https.json @@ -0,0 +1,501 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 applications.", + "tags": "datagrid,jboss,xpaas", + "version": "1.2.0" + }, + "name": "datagrid65-https" + }, + "labels": { + "template": "datagrid65-https", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-mysql-persistent.json new file mode 100644 index 000000000..22ca3f0a0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-mysql-persistent.json @@ -0,0 +1,779 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 and MySQL applications with persistent storage.", + "tags": "datagrid,jboss,xpaas", + "version": "1.2.0" + }, + "name": "datagrid65-mysql-persistent" + }, + "labels": { + "template": "datagrid65-mysql-persistent", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-mysql.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-mysql.json new file mode 100644 index 000000000..e1a585d24 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-mysql.json @@ -0,0 +1,739 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 and MySQL applications.", + "tags": "datagrid,jboss,xpaas", + "version": "1.2.0" + }, + "name": "datagrid65-mysql" + }, + "labels": { + "template": "datagrid65-mysql", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-postgresql-persistent.json new file mode 100644 index 000000000..12720eb19 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-postgresql-persistent.json @@ -0,0 +1,756 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", + "tags": "datagrid,jboss,xpaas", + "version": "1.3.2" + }, + "name": "datagrid65-postgresql-persistent" + }, + "labels": { + "template": "datagrid65-postgresql-persistent", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-postgresql.json new file mode 100644 index 000000000..da8015fb0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datagrid65-postgresql.json @@ -0,0 +1,716 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", + "tags": "datagrid,jboss,xpaas", + "version": "1.3.2" + }, + "name": "datagrid65-postgresql" + }, + "labels": { + "template": "datagrid65-postgresql", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "description": "Password for JDG user.", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configurd for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11222, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datavirt63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datavirt63-basic-s2i.json new file mode 100644 index 000000000..7d64dac98 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datavirt63-basic-s2i.json @@ -0,0 +1,415 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I.", + "tags": "jdv,datavirt,jboss,xpaas", + "version": "1.4.0" + }, + "name": "datavirt63-basic-s2i" + }, + "labels": { + "template": "datavirt63-basic-s2i", + "xpaas": "1.4.0" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the secret named ${CONFIGURATION_NAME} containing the datasource configuration details required by the deployed VDB(s).", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret specified by CONFIGURATION_NAME.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.0" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datavirt63-extensions-support-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datavirt63-extensions-support-s2i.json new file mode 100644 index 000000000..1e7c03b99 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datavirt63-extensions-support-s2i.json @@ -0,0 +1,763 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I. Includes support for installing extensions (e.g. third-party DB drivers) and the ability to configure certificates for serving secure content.", + "tags": "jdv,datavirt,jboss,xpaas", + "version": "1.4.0" + }, + "name": "datavirt63-extensions-support-s2i" + }, + "labels": { + "template": "datavirt63-extensions-support-s2i", + "xpaas": "1.4.0" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the https route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom https Route Hostname", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the JDBC route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom JDBC Route Hostname", + "name": "HOSTNAME_JDBC", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The URL of the repository with source code for the extensions image. The image should have all modules, etc., placed in the \"/extensions/\" directory in the image. If the contents are in a different directory, the sourcePath for the ImageSource in the BuildConfig must be modified.", + "displayName": "Extensions Git Repository URL", + "name": "EXTENSIONS_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your extensions repository if you are not using the default branch.", + "displayName": "Extensions Git Reference", + "name": "EXTENSIONS_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your extensions repository.", + "displayName": "Extensions Context Directory", + "name": "EXTENSIONS_DIR", + "value": "datavirt/derby-driver-image", + "required": false + }, + { + "description": "Set this to the relative path to the Dockerfile in your extensions directory.", + "displayName": "Extensions Dockerfile", + "name": "EXTENSIONS_DOCKERFILE", + "value": "Dockerfile", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret(s) specified by CONFIGURATION_NAME, HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for serving secure content.", + "displayName": "Server Keystore Secret Name", + "name": "HTTPS_SECRET", + "value": "datavirt-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret.", + "displayName": "Server Keystore Filename", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS).", + "displayName": "Server Keystore Type", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate.", + "displayName": "Server Certificate Name", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "Server Keystore Password", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "displayName": "JGroups Secret Name", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datavirt-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the JGroups secret.", + "displayName": "JGroups Keystore Filename", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the JGroups server certificate", + "displayName": "JGroups Certificate Name", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "JGroups Keystore Password", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + }, + { + "name": "jdbcs", + "port": 31443, + "targetPort": "jdbcs" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "port": { + "targetPort": "https" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-jdbc", + "metadata": { + "name": "jdbc-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's JDBC service." + } + }, + "spec": { + "host": "${HOSTNAME_JDBC}", + "port": { + "targetPort": "jdbcs" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-ext", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-ext", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${EXTENSIONS_REPOSITORY_URL}", + "ref": "${EXTENSIONS_REPOSITORY_REF}" + }, + "contextDir": "${EXTENSIONS_DIR}" + }, + "strategy": { + "type": "Docker", + "dockerStrategy": { + "dockerfilePath": "${EXTENSIONS_DOCKERFILE}" + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/extras", + "sourcePath": "/extensions/." + } + ] + } + ] + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.0" + }, + "env": [ + { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + } + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + }, + { + "name": "datavirt-keystore-volume", + "mountPath": "/etc/datavirt-secret-volume", + "readOnly": true + }, + { + "name": "datavirt-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "jdbcs", + "containerPort": 31443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datavirt-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE", + "value": "/etc/datavirt-secret-volume/${HTTPS_KEYSTORE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEY_ALIAS", + "value": "${HTTPS_NAME}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "QS_DB_TYPE", + "value": "derby", + "description": "Used soley by the quickstart and set here to ensure the template can be instatiated with its default parameter values, i.e. so itworks ootb." + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "datavirt-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datavirt-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datavirt63-secure-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datavirt63-secure-s2i.json new file mode 100644 index 000000000..07f926ff3 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/datavirt63-secure-s2i.json @@ -0,0 +1,642 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I. Includes ability to configure certificates for serving secure content.", + "tags": "jdv,datavirt,jboss,xpaas", + "version": "1.4.0" + }, + "name": "datavirt63-secure-s2i" + }, + "labels": { + "template": "datavirt63-secure-s2i", + "xpaas": "1.4.0" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the https route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom https Route Hostname", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the JDBC route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom JDBC Route Hostname", + "name": "HOSTNAME_JDBC", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret(s) specified by CONFIGURATION_NAME, HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for serving secure content.", + "displayName": "Server Keystore Secret Name", + "name": "HTTPS_SECRET", + "value": "datavirt-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret.", + "displayName": "Server Keystore Filename", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS).", + "displayName": "Server Keystore Type", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate.", + "displayName": "Server Certificate Name", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "Server Keystore Password", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "displayName": "JGroups Secret Name", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datavirt-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the JGroups secret.", + "displayName": "JGroups Keystore Filename", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the JGroups server certificate", + "displayName": "JGroups Certificate Name", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "JGroups Keystore Password", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + }, + { + "name": "jdbcs", + "port": 31443, + "targetPort": "jdbcs" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "port": { + "targetPort": "https" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-jdbc", + "metadata": { + "name": "jdbc-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's JDBC service." + } + }, + "spec": { + "host": "${HOSTNAME_JDBC}", + "port": { + "targetPort": "jdbcs" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.0" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + }, + { + "name": "datavirt-keystore-volume", + "mountPath": "/etc/datavirt-secret-volume", + "readOnly": true + }, + { + "name": "datavirt-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "jdbcs", + "containerPort": 31443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datavirt-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE", + "value": "/etc/datavirt-secret-volume/${HTTPS_KEYSTORE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEY_ALIAS", + "value": "${HTTPS_NAME}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "datavirt-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datavirt-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver62-amq-s2i.json new file mode 100644 index 000000000..754a3b4c0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver62-amq-s2i.json @@ -0,0 +1,686 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server A-MQ applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,amq,java,messaging,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver62-amq-s2i" + }, + "labels": { + "template": "decisionserver62-amq-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver62-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver62-basic-s2i.json new file mode 100644 index 000000000..8be4ac90b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver62-basic-s2i.json @@ -0,0 +1,339 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver62-basic-s2i" + }, + "labels": { + "template": "decisionserver62-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver62-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver62-https-s2i.json new file mode 100644 index 000000000..bf9047599 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver62-https-s2i.json @@ -0,0 +1,473 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.2 decision server HTTPS applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver62-https-s2i" + }, + "labels": { + "template": "decisionserver62-https-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver62-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver63-amq-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver63-amq-s2i.json new file mode 100644 index 000000000..51e667e02 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver63-amq-s2i.json @@ -0,0 +1,696 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server A-MQ applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,amq,java,messaging,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-amq-s2i" + }, + "labels": { + "template": "decisionserver63-amq-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver63-basic-s2i.json new file mode 100644 index 000000000..c5f0d006a --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver63-basic-s2i.json @@ -0,0 +1,339 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-basic-s2i" + }, + "labels": { + "template": "decisionserver63-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver63-https-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver63-https-s2i.json new file mode 100644 index 000000000..3db0e4c84 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/decisionserver63-https-s2i.json @@ -0,0 +1,473 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BRMS 6.3 decision server HTTPS applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "decisionserver,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "decisionserver63-https-s2i" + }, + "labels": { + "template": "decisionserver63-https-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "decisionserver-hellorules=org.openshift.quickstarts:decisionserver-hellorules:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "decisionserver/hellorules", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "decisionserver-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-decisionserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "decisionserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "decisionserver-keystore-volume", + "mountPath": "/etc/decisionserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/decisionserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "decisionserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-amq-persistent-s2i.json new file mode 100644 index 000000000..72dbb4302 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-amq-persistent-s2i.json @@ -0,0 +1,813 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap64-amq-persistent-s2i" + }, + "labels": { + "template": "eap64-amq-persistent-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "6.4.x", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/opt/amq/data/kahadb", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-amq-s2i.json new file mode 100644 index 000000000..9dd847451 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-amq-s2i.json @@ -0,0 +1,760 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 6 A-MQ applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap64-amq-s2i" + }, + "labels": { + "template": "eap64-amq-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "6.4.x", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-basic-s2i.json new file mode 100644 index 000000000..7b1800b7b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-basic-s2i.json @@ -0,0 +1,340 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for EAP 6 applications built using S2I.", + "tags": "eap,javaee,java,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap64-basic-s2i" + }, + "labels": { + "template": "eap64-basic-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "6.4.x", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-https-s2i.json new file mode 100644 index 000000000..31716d84c --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-https-s2i.json @@ -0,0 +1,525 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for EAP 6 applications built using S2I.", + "tags": "eap,javaee,java,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap64-https-s2i" + }, + "labels": { + "template": "eap64-https-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "6.4.x", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mongodb-persistent-s2i.json new file mode 100644 index 000000000..212431056 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -0,0 +1,781 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap64-mongodb-persistent-s2i" + }, + "labels": { + "template": "eap64-mongodb-persistent-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mongodb/data", + "name": "${APPLICATION_NAME}-mongodb-pvol" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mongodb-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mongodb-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mongodb-s2i.json new file mode 100644 index 000000000..13fbbdd93 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mongodb-s2i.json @@ -0,0 +1,741 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 6 MongoDB applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap64-mongodb-s2i" + }, + "labels": { + "template": "eap64-mongodb-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mysql-persistent-s2i.json new file mode 100644 index 000000000..69fdec206 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -0,0 +1,792 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap64-mysql-persistent-s2i" + }, + "labels": { + "template": "eap64-mysql-persistent-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mysql-s2i.json new file mode 100644 index 000000000..2bd3c249f --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-mysql-s2i.json @@ -0,0 +1,752 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 6 MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap64-mysql-s2i" + }, + "labels": { + "template": "eap64-mysql-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-postgresql-persistent-s2i.json new file mode 100644 index 000000000..31f245950 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -0,0 +1,769 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap64-postgresql-persistent-s2i" + }, + "labels": { + "template": "eap64-postgresql-persistent-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-postgresql-s2i.json new file mode 100644 index 000000000..eac964697 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-postgresql-s2i.json @@ -0,0 +1,729 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 6 PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap64-postgresql-s2i" + }, + "labels": { + "template": "eap64-postgresql-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-sso-s2i.json new file mode 100644 index 000000000..09023be71 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap64-sso-s2i.json @@ -0,0 +1,756 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-jboss", + "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", + "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", + "version": "1.3.2" + }, + "name": "eap64-sso-s2i" + }, + "labels": { + "template": "eap64-sso-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.4" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-amq-persistent-s2i.json new file mode 100644 index 000000000..f08cdf2f9 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-amq-persistent-s2i.json @@ -0,0 +1,813 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap70-amq-persistent-s2i" + }, + "labels": { + "template": "eap70-amq-persistent-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/opt/amq/data/kahadb", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-amq-s2i.json new file mode 100644 index 000000000..3ca9e9fab --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-amq-s2i.json @@ -0,0 +1,760 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 7 A-MQ applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap70-amq-s2i" + }, + "labels": { + "template": "eap70-amq-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-basic-s2i.json new file mode 100644 index 000000000..83b4d5b24 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-basic-s2i.json @@ -0,0 +1,351 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for EAP 7 applications built using S2I.", + "tags": "eap,javaee,java,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap70-basic-s2i" + }, + "labels": { + "template": "eap70-basic-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.0.GA", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-https-s2i.json new file mode 100644 index 000000000..1292442a4 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-https-s2i.json @@ -0,0 +1,536 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-jboss", + "description": "Application template for EAP 7 applications built using S2I.", + "tags": "eap,javaee,java,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap70-https-s2i" + }, + "labels": { + "template": "eap70-https-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.0.GA", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mongodb-persistent-s2i.json new file mode 100644 index 000000000..99db77d58 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mongodb-persistent-s2i.json @@ -0,0 +1,792 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap70-mongodb-persistent-s2i" + }, + "labels": { + "template": "eap70-mongodb-persistent-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mongodb/data", + "name": "${APPLICATION_NAME}-mongodb-pvol" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mongodb-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mongodb-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mongodb-s2i.json new file mode 100644 index 000000000..c8150c231 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mongodb-s2i.json @@ -0,0 +1,752 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 7 MongoDB applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap70-mongodb-s2i" + }, + "labels": { + "template": "eap70-mongodb-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mysql-persistent-s2i.json new file mode 100644 index 000000000..f8e5c2b04 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mysql-persistent-s2i.json @@ -0,0 +1,807 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap70-mysql-persistent-s2i" + }, + "labels": { + "template": "eap70-mysql-persistent-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mysql-s2i.json new file mode 100644 index 000000000..1edeb62e7 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-mysql-s2i.json @@ -0,0 +1,767 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 7 MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap70-mysql-s2i" + }, + "labels": { + "template": "eap70-mysql-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-postgresql-persistent-s2i.json new file mode 100644 index 000000000..d11df06ee --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-postgresql-persistent-s2i.json @@ -0,0 +1,784 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap70-postgresql-persistent-s2i" + }, + "labels": { + "template": "eap70-postgresql-persistent-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-postgresql-s2i.json new file mode 100644 index 000000000..6b7f6d707 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-postgresql-s2i.json @@ -0,0 +1,744 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for EAP 7 PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "eap70-postgresql-s2i" + }, + "labels": { + "template": "eap70-postgresql-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-sso-s2i.json new file mode 100644 index 000000000..811602220 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/eap70-sso-s2i.json @@ -0,0 +1,767 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-jboss", + "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", + "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", + "version": "1.3.2" + }, + "name": "eap70-sso-s2i" + }, + "labels": { + "template": "eap70-sso-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-basic-s2i.json new file mode 100644 index 000000000..413a6de87 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-basic-s2i.json @@ -0,0 +1,284 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS applications built using S2I.", + "tags": "tomcat,tomcat7,java,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat7-basic-s2i" + }, + "labels": { + "template": "jws30-tomcat7-basic-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "tomcat-websocket-chat", + "required": false + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat7-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-https-s2i.json new file mode 100644 index 000000000..610ea9441 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-https-s2i.json @@ -0,0 +1,398 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS applications built using S2I.", + "tags": "tomcat,tomcat7,java,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat7-https-s2i" + }, + "labels": { + "template": "jws30-tomcat7-https-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "tomcat-websocket-chat", + "required": false + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat7-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json new file mode 100644 index 000000000..6ef9d6e4c --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json @@ -0,0 +1,654 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", + "tags": "tomcat,tomcat7,mongodb,java,database,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat7-mongodb-persistent-s2i" + }, + "labels": { + "template": "jws30-tomcat7-mongodb-persistent-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat7-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mongodb/data", + "name": "${APPLICATION_NAME}-mongodb-pvol" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mongodb-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mongodb-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mongodb-s2i.json new file mode 100644 index 000000000..9b48f8ae7 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mongodb-s2i.json @@ -0,0 +1,614 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS MongoDB applications built using S2I.", + "tags": "tomcat,tomcat7,mongodb,java,database,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat7-mongodb-s2i" + }, + "labels": { + "template": "jws30-tomcat7-mongodb-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat7-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json new file mode 100644 index 000000000..30af703ce --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json @@ -0,0 +1,656 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", + "tags": "tomcat,tomcat7,mysql,java,database,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat7-mysql-persistent-s2i" + }, + "labels": { + "template": "jws30-tomcat7-mysql-persistent-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", + "name": "DB_JNDI", + "value": "jboss/datasources/defaultDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat7-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mysql-s2i.json new file mode 100644 index 000000000..c2843af63 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-mysql-s2i.json @@ -0,0 +1,616 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS MySQL applications built using S2I.", + "tags": "tomcat,tomcat7,mysql,java,database,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat7-mysql-s2i" + }, + "labels": { + "template": "jws30-tomcat7-mysql-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", + "name": "DB_JNDI", + "value": "jboss/datasources/defaultDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat7-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json new file mode 100644 index 000000000..b8372f374 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json @@ -0,0 +1,633 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", + "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "jws30-tomcat7-postgresql-persistent-s2i" + }, + "labels": { + "template": "jws30-tomcat7-postgresql-persistent-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", + "name": "DB_JNDI", + "value": "jboss/datasources/defaultDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat7-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-postgresql-s2i.json new file mode 100644 index 000000000..cd5bb9fa4 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat7-postgresql-s2i.json @@ -0,0 +1,593 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS PostgreSQL applications built using S2I.", + "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "jws30-tomcat7-postgresql-s2i" + }, + "labels": { + "template": "jws30-tomcat7-postgresql-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", + "name": "DB_JNDI", + "value": "jboss/datasources/defaultDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat7-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-basic-s2i.json new file mode 100644 index 000000000..cb1e49d29 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-basic-s2i.json @@ -0,0 +1,284 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS applications built using S2I.", + "tags": "tomcat,tomcat8,java,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat8-basic-s2i" + }, + "labels": { + "template": "jws30-tomcat8-basic-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "tomcat-websocket-chat", + "required": false + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat8-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-https-s2i.json new file mode 100644 index 000000000..21d5662c7 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-https-s2i.json @@ -0,0 +1,398 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS applications built using S2I.", + "tags": "tomcat,tomcat8,java,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat8-https-s2i" + }, + "labels": { + "template": "jws30-tomcat8-https-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "tomcat-websocket-chat", + "required": false + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat8-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json new file mode 100644 index 000000000..34657d826 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json @@ -0,0 +1,654 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", + "tags": "tomcat,tomcat8,mongodb,java,database,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat8-mongodb-persistent-s2i" + }, + "labels": { + "template": "jws30-tomcat8-mongodb-persistent-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat8-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mongodb/data", + "name": "${APPLICATION_NAME}-mongodb-pvol" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mongodb-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mongodb-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mongodb-s2i.json new file mode 100644 index 000000000..974cfaddb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mongodb-s2i.json @@ -0,0 +1,614 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS MongoDB applications built using S2I.", + "tags": "tomcat,tomcat8,mongodb,java,database,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat8-mongodb-s2i" + }, + "labels": { + "template": "jws30-tomcat8-mongodb-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat8-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json new file mode 100644 index 000000000..7a8231cc5 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json @@ -0,0 +1,656 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", + "tags": "tomcat,tomcat8,mysql,java,database,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat8-mysql-persistent-s2i" + }, + "labels": { + "template": "jws30-tomcat8-mysql-persistent-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", + "name": "DB_JNDI", + "value": "jboss/datasources/defaultDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat8-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mysql-s2i.json new file mode 100644 index 000000000..cda21f237 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-mysql-s2i.json @@ -0,0 +1,616 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS MySQL applications built using S2I.", + "tags": "tomcat,tomcat8,mysql,java,database,jboss,xpaas", + "version": "1.2.0" + }, + "name": "jws30-tomcat8-mysql-s2i" + }, + "labels": { + "template": "jws30-tomcat8-mysql-s2i", + "xpaas": "1.2.0" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/mysqlDS", + "name": "DB_JNDI", + "value": "jboss/datasources/defaultDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat8-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json new file mode 100644 index 000000000..4dfc98015 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json @@ -0,0 +1,633 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", + "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "jws30-tomcat8-postgresql-persistent-s2i" + }, + "labels": { + "template": "jws30-tomcat8-postgresql-persistent-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", + "name": "DB_JNDI", + "value": "jboss/datasources/defaultDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat8-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-postgresql-s2i.json new file mode 100644 index 000000000..f6c85668c --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/jws30-tomcat8-postgresql-s2i.json @@ -0,0 +1,591 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-tomcat", + "description": "Application template for JWS PostgreSQL applications built using S2I.", + "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", + "version": "1.3.2" + }, + "name": "jws30-tomcat8-postgresql-s2i" + }, + "labels": { + "template": "jws30-tomcat8-postgresql-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. jboss/datasources/postgresqlDS", + "name": "DB_JNDI", + "value": "jboss/datasources/defaultDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret", + "required": true + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt", + "required": false + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key", + "required": false + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-webserver30-tomcat8-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "jws-service-account", + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json new file mode 100644 index 000000000..1dea463ac --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json @@ -0,0 +1,1079 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-mysql-persistent-s2i" + }, + "labels": { + "template": "processserver63-amq-mysql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-mysql-s2i.json new file mode 100644 index 000000000..42264585b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-mysql-s2i.json @@ -0,0 +1,959 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-mysql-s2i" + }, + "labels": { + "template": "processserver63-amq-mysql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json new file mode 100644 index 000000000..f6d0c99ed --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json @@ -0,0 +1,1052 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-postgresql-persistent-s2i" + }, + "labels": { + "template": "processserver63-amq-postgresql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-postgresql-s2i.json new file mode 100644 index 000000000..41c726cf0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-amq-postgresql-s2i.json @@ -0,0 +1,932 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,amq,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-amq-postgresql-s2i" + }, + "labels": { + "template": "processserver63-amq-postgresql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "JNDI name of request queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "queue/KIE.SERVER.REQUEST", + "required": false + }, + { + "description": "JNDI name of response queue for JMS.", + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "queue/KIE.SERVER.RESPONSE", + "required": false + }, + { + "description": "JNDI name of executor queue for JMS.", + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "queue/KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "name": "MQ_JNDI", + "value": "java:/JmsXA", + "required": false + }, + { + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE,KIE.SERVER.EXECUTOR", + "required": false + }, + { + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_REQUEST", + "value": "${KIE_SERVER_JMS_QUEUES_REQUEST}" + }, + { + "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", + "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" + }, + { + "name": "KIE_SERVER_EXECUTOR_JMS_QUEUE", + "value": "${KIE_SERVER_EXECUTOR_JMS_QUEUE}" + }, + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-basic-s2i.json new file mode 100644 index 000000000..170c919cb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-basic-s2i.json @@ -0,0 +1,345 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,javaee,java,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-basic-s2i" + }, + "labels": { + "template": "processserver63-basic-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.H2Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-mysql-persistent-s2i.json new file mode 100644 index 000000000..89d0db1a6 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-mysql-persistent-s2i.json @@ -0,0 +1,792 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-mysql-persistent-s2i" + }, + "labels": { + "template": "processserver63-mysql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB,${APPLICATION_NAME}-mysql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-mysql-s2i.json new file mode 100644 index 000000000..26cab29f8 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-mysql-s2i.json @@ -0,0 +1,716 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,mysql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-mysql-s2i" + }, + "labels": { + "template": "processserver63-mysql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.MySQL5Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-postgresql-persistent-s2i.json new file mode 100644 index 000000000..32a512829 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-postgresql-persistent-s2i.json @@ -0,0 +1,765 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications with persistent storage built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-postgresql-persistent-s2i" + }, + "labels": { + "template": "processserver63-postgresql-persistent-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB,${APPLICATION_NAME}-postgresql=QUARTZ" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JNDI", + "value": "${DB_JNDI}NotManaged" + }, + { + "name": "QUARTZ_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "QUARTZ_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "QUARTZ_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "QUARTZ_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "QUARTZ_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "QUARTZ_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "QUARTZ_JTA", + "value": "false" + }, + { + "name": "QUARTZ_NONXA", + "value": "true" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-postgresql-s2i.json new file mode 100644 index 000000000..55e2199bb --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/processserver63-postgresql-s2i.json @@ -0,0 +1,689 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications built using S2I.", + "iconClass": "icon-jboss", + "tags": "processserver,postgresql,javaee,java,database,jboss,xpaas", + "version": "1.3.3" + }, + "name": "processserver63-postgresql-s2i" + }, + "labels": { + "template": "processserver63-postgresql-s2i", + "xpaas": "1.3.3" + }, + "parameters": [ + { + "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "processserver-library=org.openshift.quickstarts:processserver-library:1.3.0.Final", + "required": false + }, + { + "description": "The protocol to access the KIE Server REST interface.", + "name": "KIE_SERVER_PROTOCOL", + "value": "https", + "required": false + }, + { + "description": "The port to access the KIE Server REST interface.", + "name": "KIE_SERVER_PORT", + "value": "8443", + "required": false + }, + { + "description": "The user name to access the KIE Server REST or JMS interface.", + "name": "KIE_SERVER_USER", + "value": "kieserver", + "required": false + }, + { + "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", + "name": "KIE_SERVER_PASSWORD", + "from": "[a-zA-Z]{6}[0-9]{1}!", + "generate": "expression", + "required": false + }, + { + "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", + "name": "KIE_SERVER_DOMAIN", + "value": "other", + "required": false + }, + { + "description": "Hibernate persistence dialect.", + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "org.hibernate.dialect.PostgreSQL82Dialect", + "required": false + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "kie-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "processserver/library", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/ExampleDS", + "name": "DB_JNDI", + "value": "java:jboss/datasources/ExampleDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "processserver-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-processserver63-openshift:1.3" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "processserver-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "processserver-keystore-volume", + "mountPath": "/etc/processserver-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "KIE_CONTAINER_DEPLOYMENT", + "value": "${KIE_CONTAINER_DEPLOYMENT}" + }, + { + "name": "KIE_SERVER_PROTOCOL", + "value": "${KIE_SERVER_PROTOCOL}" + }, + { + "name": "KIE_SERVER_PORT", + "value": "${KIE_SERVER_PORT}" + }, + { + "name": "KIE_SERVER_USER", + "value": "${KIE_SERVER_USER}" + }, + { + "name": "KIE_SERVER_PASSWORD", + "value": "${KIE_SERVER_PASSWORD}" + }, + { + "name": "KIE_SERVER_DOMAIN", + "value": "${KIE_SERVER_DOMAIN}" + }, + { + "name": "KIE_SERVER_PERSISTENCE_DIALECT", + "value": "${KIE_SERVER_PERSISTENCE_DIALECT}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/processserver-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "processserver-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-https.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-https.json new file mode 100644 index 000000000..fb0578a67 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-https.json @@ -0,0 +1,514 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for SSO 7.0", + "iconClass" : "icon-jboss", + "tags" : "sso,keycloak,java,jboss,xpaas", + "version" : "1.3.2" + }, + "name": "sso70-https" + }, + "labels": { + "template": "sso70-https", + "xpaas" : "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "sso", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "redhat-sso70-openshift:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-mysql-persistent.json new file mode 100644 index 000000000..dcbb24bf1 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-mysql-persistent.json @@ -0,0 +1,750 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for SSO 7.0 MySQL applications with persistent storage", + "iconClass" : "icon-jboss", + "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", + "version" : "1.3.2" + }, + "name": "sso70-mysql-persistent" + }, + "labels": { + "template": "sso70-mysql-persistent", + "xpaas" : "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "sso", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/KeycloakDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "redhat-sso70-openshift:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-mysql.json new file mode 100644 index 000000000..1768f7a1b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-mysql.json @@ -0,0 +1,719 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for SSO 7.0 MySQL applications", + "iconClass" : "icon-jboss", + "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", + "version" : "1.3.2" + }, + "name": "sso70-mysql" + }, + "labels": { + "template": "sso70-mysql", + "xpaas" : "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "sso", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/KeycloakDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "server" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "server" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "database" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "server" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "server" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "server" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "redhat-sso70-openshift:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}", + "component": "server" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "database" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}", + "component": "database" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-postgresql-persistent.json new file mode 100644 index 000000000..4c2f81f2e --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-postgresql-persistent.json @@ -0,0 +1,727 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage", + "iconClass" : "icon-jboss", + "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", + "version" : "1.3.2" + }, + "name": "sso70-postgresql-persistent" + }, + "labels": { + "template": "sso70-postgresql-persistent", + "xpaas" : "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "sso", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/KeycloakDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "redhat-sso70-openshift:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-postgresql.json new file mode 100644 index 000000000..d8402ef72 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/xpaas-templates/sso70-postgresql.json @@ -0,0 +1,696 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for SSO 7.0 PostgreSQL applications", + "iconClass" : "icon-jboss", + "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", + "version" : "1.3.2" + }, + "name": "sso70-postgresql" + }, + "labels": { + "template": "sso70-postgresql", + "xpaas" : "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "sso", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/KeycloakDS", + "required": false + }, + { + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "server" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "server" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "database" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "server" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "server" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "server" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "redhat-sso70-openshift:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}", + "component": "server" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}", + "component": "database" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}", + "component": "database" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_expand_partition/meta/main.yml b/roles/openshift_expand_partition/meta/main.yml index a596d6c63..dea6b6ee0 100644 --- a/roles/openshift_expand_partition/meta/main.yml +++ b/roles/openshift_expand_partition/meta/main.yml @@ -13,6 +13,6 @@ galaxy_info: versions: - all categories: - - openshift - - cloud + - openshift + - cloud dependencies: [] diff --git a/roles/openshift_expand_partition/tasks/main.yml b/roles/openshift_expand_partition/tasks/main.yml index cdd813e6a..00603f4fa 100644 --- a/roles/openshift_expand_partition/tasks/main.yml +++ b/roles/openshift_expand_partition/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Ensure growpart is installed - action: "{{ ansible_pkg_mgr }} name=cloud-utils-growpart state=present" + package: name=cloud-utils-growpart state=present when: not openshift.common.is_containerized | bool - name: Determine if growpart is installed diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 9754687cf..10121f82a 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -7,18 +7,39 @@ """Ansible module for retrieving and setting openshift related facts""" -import ConfigParser +# pylint: disable=no-name-in-module, import-error, wrong-import-order import copy +import errno +import json +import re import io import os import yaml -from distutils.util import strtobool -from distutils.version import LooseVersion import struct import socket -from dbus import SystemBus, Interface -from dbus.exceptions import DBusException +from distutils.util import strtobool +from distutils.version import LooseVersion +from six import string_types, text_type +from six.moves import configparser +# ignore pylint errors related to the module_utils import +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import +# import module snippets +from ansible.module_utils.basic import * # noqa: F403 +from ansible.module_utils.facts import * # noqa: F403 +from ansible.module_utils.urls import * # noqa: F403 +from ansible.module_utils.six import iteritems, itervalues +from ansible.module_utils.six.moves.urllib.parse import urlparse, urlunparse +from ansible.module_utils._text import to_native + +HAVE_DBUS = False + +try: + from dbus import SystemBus, Interface + from dbus.exceptions import DBusException + HAVE_DBUS = True +except ImportError: + pass DOCUMENTATION = ''' --- @@ -47,6 +68,7 @@ def migrate_docker_facts(facts): } if 'docker' not in facts: facts['docker'] = {} + # pylint: disable=consider-iterating-dictionary for role in params.keys(): if role in facts: for param in params[role]: @@ -60,11 +82,12 @@ def migrate_docker_facts(facts): # log_options was originally meant to be a comma separated string, but # we now prefer an actual list, with backward compatibility: if 'log_options' in facts['docker'] and \ - isinstance(facts['docker']['log_options'], basestring): + isinstance(facts['docker']['log_options'], string_types): facts['docker']['log_options'] = facts['docker']['log_options'].split(",") return facts + # TODO: We should add a generic migration function that takes source and destination # paths and does the right thing rather than one function for common, one for node, etc. def migrate_common_facts(facts): @@ -75,6 +98,7 @@ def migrate_common_facts(facts): } if 'common' not in facts: facts['common'] = {} + # pylint: disable=consider-iterating-dictionary for role in params.keys(): if role in facts: for param in params[role]: @@ -82,6 +106,7 @@ def migrate_common_facts(facts): facts['common'][param] = facts[role].pop(param) return facts + def migrate_node_facts(facts): """ Migrate facts from various roles into node """ params = { @@ -89,6 +114,7 @@ def migrate_node_facts(facts): } if 'node' not in facts: facts['node'] = {} + # pylint: disable=consider-iterating-dictionary for role in params.keys(): if role in facts: for param in params[role]: @@ -96,14 +122,6 @@ def migrate_node_facts(facts): facts['node'][param] = facts[role].pop(param) return facts -def migrate_local_facts(facts): - """ Apply migrations of local facts """ - migrated_facts = copy.deepcopy(facts) - migrated_facts = migrate_docker_facts(migrated_facts) - migrated_facts = migrate_common_facts(migrated_facts) - migrated_facts = migrate_node_facts(migrated_facts) - migrated_facts = migrate_hosted_facts(migrated_facts) - return migrated_facts def migrate_hosted_facts(facts): """ Apply migrations for master facts """ @@ -122,6 +140,34 @@ def migrate_hosted_facts(facts): facts['hosted']['registry']['selector'] = facts['master'].pop('registry_selector') return facts + +def migrate_admission_plugin_facts(facts): + """ Apply migrations for admission plugin facts """ + if 'master' in facts: + if 'kube_admission_plugin_config' in facts['master']: + if 'admission_plugin_config' not in facts['master']: + facts['master']['admission_plugin_config'] = dict() + # Merge existing kube_admission_plugin_config with admission_plugin_config. + facts['master']['admission_plugin_config'] = merge_facts(facts['master']['admission_plugin_config'], + facts['master']['kube_admission_plugin_config'], + additive_facts_to_overwrite=[], + protected_facts_to_overwrite=[]) + # Remove kube_admission_plugin_config fact + facts['master'].pop('kube_admission_plugin_config', None) + return facts + + +def migrate_local_facts(facts): + """ Apply migrations of local facts """ + migrated_facts = copy.deepcopy(facts) + migrated_facts = migrate_docker_facts(migrated_facts) + migrated_facts = migrate_common_facts(migrated_facts) + migrated_facts = migrate_node_facts(migrated_facts) + migrated_facts = migrate_hosted_facts(migrated_facts) + migrated_facts = migrate_admission_plugin_facts(migrated_facts) + return migrated_facts + + def first_ip(network): """ Return the first IPv4 address in network @@ -130,13 +176,14 @@ def first_ip(network): Returns: str: first IPv4 address """ - atoi = lambda addr: struct.unpack("!I", socket.inet_aton(addr))[0] - itoa = lambda addr: socket.inet_ntoa(struct.pack("!I", addr)) + atoi = lambda addr: struct.unpack("!I", socket.inet_aton(addr))[0] # noqa: E731 + itoa = lambda addr: socket.inet_ntoa(struct.pack("!I", addr)) # noqa: E731 (address, netmask) = network.split('/') netmask_i = (0xffffffff << (32 - atoi(netmask))) & 0xffffffff return itoa((atoi(address) & netmask_i) + 1) + def hostname_valid(hostname): """ Test if specified hostname should be considered valid @@ -174,11 +221,8 @@ def choose_hostname(hostnames=None, fallback=''): return hostname ip_regex = r'\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z' - ips = [i for i in hostnames - if (i is not None and isinstance(i, basestring) - and re.match(ip_regex, i))] - hosts = [i for i in hostnames - if i is not None and i != '' and i not in ips] + ips = [i for i in hostnames if i is not None and isinstance(i, string_types) and re.match(ip_regex, i)] + hosts = [i for i in hostnames if i is not None and i != '' and i not in ips] for host_list in (hosts, ips): for host in host_list: @@ -198,13 +242,13 @@ def query_metadata(metadata_url, headers=None, expect_json=False): Returns: dict or list: metadata request result """ - result, info = fetch_url(module, metadata_url, headers=headers) + result, info = fetch_url(module, metadata_url, headers=headers) # noqa: F405 if info['status'] != 200: raise OpenShiftFactsMetadataUnavailableError("Metadata unavailable") if expect_json: - return module.from_json(result.read()) + return module.from_json(to_native(result.read())) # noqa: F405 else: - return [line.strip() for line in result.readlines()] + return [to_native(line.strip()) for line in result.readlines()] def walk_metadata(metadata_url, headers=None, expect_json=False): @@ -312,9 +356,9 @@ def normalize_aws_facts(metadata, facts): ): int_info = dict() var_map = {'ips': 'local-ipv4s', 'public_ips': 'public-ipv4s'} - for ips_var, int_var in var_map.iteritems(): + for ips_var, int_var in iteritems(var_map): ips = interface.get(int_var) - if isinstance(ips, basestring): + if isinstance(ips, string_types): int_info[ips_var] = [ips] else: int_info[ips_var] = ips @@ -363,7 +407,7 @@ def normalize_openstack_facts(metadata, facts): facts['network']['ip'] = local_ipv4 facts['network']['public_ip'] = metadata['ec2_compat']['public-ipv4'] - for f_var, h_var, ip_var in [('hostname', 'hostname', 'local-ipv4'), + for f_var, h_var, ip_var in [('hostname', 'hostname', 'local-ipv4'), ('public_hostname', 'public-hostname', 'public-ipv4')]: try: if socket.gethostbyname(metadata['ec2_compat'][h_var]) == metadata['ec2_compat'][ip_var]: @@ -404,6 +448,7 @@ def normalize_provider_facts(provider, metadata): facts = normalize_openstack_facts(metadata, facts) return facts + def set_flannel_facts_if_unset(facts): """ Set flannel facts if not already present in facts dict dict: the facts dict updated with the flannel facts if @@ -421,6 +466,7 @@ def set_flannel_facts_if_unset(facts): facts['common']['use_flannel'] = use_flannel return facts + def set_nuage_facts_if_unset(facts): """ Set nuage facts if not already present in facts dict dict: the facts dict updated with the nuage facts if @@ -438,6 +484,7 @@ def set_nuage_facts_if_unset(facts): facts['common']['use_nuage'] = use_nuage return facts + def set_node_schedulability(facts): """ Set schedulable facts if not already present in facts dict Args: @@ -455,6 +502,7 @@ def set_node_schedulability(facts): facts['node']['schedulable'] = True return facts + def set_selectors(facts): """ Set selectors facts if not already present in facts dict Args: @@ -491,6 +539,7 @@ def set_selectors(facts): return facts + def set_dnsmasq_facts_if_unset(facts): """ Set dnsmasq facts if not already present in facts Args: @@ -510,6 +559,7 @@ def set_dnsmasq_facts_if_unset(facts): return facts + def set_project_cfg_facts_if_unset(facts): """ Set Project Configuration facts if not already present in facts dict dict: @@ -537,6 +587,7 @@ def set_project_cfg_facts_if_unset(facts): return facts + def set_identity_providers_if_unset(facts): """ Set identity_providers fact if not already present in facts dict @@ -563,6 +614,7 @@ def set_identity_providers_if_unset(facts): return facts + def set_url_facts_if_unset(facts): """ Set url facts if not already present in facts dict @@ -622,7 +674,6 @@ def set_url_facts_if_unset(facts): host, ports[prefix])) - r_lhn = "{0}:{1}".format(hostname, ports['api']).replace('.', '-') r_lhu = "system:openshift-master/{0}:{1}".format(api_hostname, ports['api']).replace('.', '-') facts['master'].setdefault('loopback_cluster_name', r_lhn) @@ -638,6 +689,7 @@ def set_url_facts_if_unset(facts): return facts + def set_aggregate_facts(facts): """ Set aggregate facts @@ -715,9 +767,9 @@ def set_etcd_facts_if_unset(facts): # Read ETCD_DATA_DIR from /etc/etcd/etcd.conf: try: # Add a fake section for parsing: - ini_str = unicode('[root]\n' + open('/etc/etcd/etcd.conf', 'r').read(), 'utf-8') + ini_str = text_type('[root]\n' + open('/etc/etcd/etcd.conf', 'r').read(), 'utf-8') ini_fp = io.StringIO(ini_str) - config = ConfigParser.RawConfigParser() + config = configparser.RawConfigParser() config.readfp(ini_fp) etcd_data_dir = config.get('root', 'ETCD_DATA_DIR') if etcd_data_dir.startswith('"') and etcd_data_dir.endswith('"'): @@ -733,6 +785,7 @@ def set_etcd_facts_if_unset(facts): return facts + def set_deployment_facts_if_unset(facts): """ Set Facts that vary based on deployment_type. This currently includes common.service_type, common.config_base, master.registry_url, @@ -813,6 +866,21 @@ def set_deployment_facts_if_unset(facts): return facts + +def set_evacuate_or_drain_option(facts): + """OCP before 1.5/3.5 used '--evacuate'. As of 1.5/3.5 OCP uses +'--drain'. Let's make that a fact for easy reference later. + """ + if facts['common']['version_gte_3_5_or_1_5']: + # New-style + facts['common']['evacuate_or_drain'] = '--drain' + else: + # Old-style + facts['common']['evacuate_or_drain'] = '--evacuate' + + return facts + + def set_version_facts_if_unset(facts): """ Set version facts. This currently includes common.version and common.version_gte_3_1_or_1_1. @@ -824,31 +892,46 @@ def set_version_facts_if_unset(facts): """ if 'common' in facts: deployment_type = facts['common']['deployment_type'] - version = get_openshift_version(facts) - if version: - facts['common']['version'] = version + openshift_version = get_openshift_version(facts) + if openshift_version: + version = LooseVersion(openshift_version) + facts['common']['version'] = openshift_version + facts['common']['short_version'] = '.'.join([str(x) for x in version.version[0:2]]) if deployment_type == 'origin': - version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0') - version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('1.1.1') - version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('1.2.0') - version_gte_3_3_or_1_3 = LooseVersion(version) >= LooseVersion('1.3.0') + version_gte_3_1_or_1_1 = version >= LooseVersion('1.1.0') + version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('1.1.1') + version_gte_3_2_or_1_2 = version >= LooseVersion('1.2.0') + version_gte_3_3_or_1_3 = version >= LooseVersion('1.3.0') + version_gte_3_4_or_1_4 = version >= LooseVersion('1.4.0') + version_gte_3_5_or_1_5 = version >= LooseVersion('1.5.0') + version_gte_3_6_or_1_6 = version >= LooseVersion('1.6.0') else: - version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('3.0.2.905') - version_gte_3_1_1_or_1_1_1 = LooseVersion(version) >= LooseVersion('3.1.1') - version_gte_3_2_or_1_2 = LooseVersion(version) >= LooseVersion('3.1.1.901') - version_gte_3_3_or_1_3 = LooseVersion(version) >= LooseVersion('3.3.0') + version_gte_3_1_or_1_1 = version >= LooseVersion('3.0.2.905') + version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('3.1.1') + version_gte_3_2_or_1_2 = version >= LooseVersion('3.1.1.901') + version_gte_3_3_or_1_3 = version >= LooseVersion('3.3.0') + version_gte_3_4_or_1_4 = version >= LooseVersion('3.4.0') + version_gte_3_5_or_1_5 = version >= LooseVersion('3.5.0') + version_gte_3_6_or_1_6 = version >= LooseVersion('3.6.0') else: version_gte_3_1_or_1_1 = True version_gte_3_1_1_or_1_1_1 = True version_gte_3_2_or_1_2 = True - version_gte_3_3_or_1_3 = False + version_gte_3_3_or_1_3 = True + version_gte_3_4_or_1_4 = False + version_gte_3_5_or_1_5 = False + version_gte_3_6_or_1_6 = False facts['common']['version_gte_3_1_or_1_1'] = version_gte_3_1_or_1_1 facts['common']['version_gte_3_1_1_or_1_1_1'] = version_gte_3_1_1_or_1_1_1 facts['common']['version_gte_3_2_or_1_2'] = version_gte_3_2_or_1_2 facts['common']['version_gte_3_3_or_1_3'] = version_gte_3_3_or_1_3 + facts['common']['version_gte_3_4_or_1_4'] = version_gte_3_4_or_1_4 + facts['common']['version_gte_3_5_or_1_5'] = version_gte_3_5_or_1_5 + facts['common']['version_gte_3_6_or_1_6'] = version_gte_3_6_or_1_6 - - if version_gte_3_3_or_1_3: + if version_gte_3_4_or_1_4: + examples_content_version = 'v1.4' + elif version_gte_3_3_or_1_3: examples_content_version = 'v1.3' elif version_gte_3_2_or_1_2: examples_content_version = 'v1.2' @@ -861,6 +944,7 @@ def set_version_facts_if_unset(facts): return facts + def set_manageiq_facts_if_unset(facts): """ Set manageiq facts. This currently includes common.use_manageiq. @@ -881,6 +965,7 @@ def set_manageiq_facts_if_unset(facts): return facts + def set_sdn_facts_if_unset(facts, system_facts): """ Set sdn facts if not already present in facts dict @@ -891,6 +976,7 @@ def set_sdn_facts_if_unset(facts, system_facts): dict: the facts dict updated with the generated sdn facts if they were not already present """ + # pylint: disable=too-many-branches if 'common' in facts: use_sdn = facts['common']['use_openshift_sdn'] if not (use_sdn == '' or isinstance(use_sdn, bool)): @@ -931,7 +1017,7 @@ def set_sdn_facts_if_unset(facts, system_facts): # default MTU if interface MTU cannot be detected facts['node']['sdn_mtu'] = '1450' - for val in system_facts.itervalues(): + for val in itervalues(system_facts): if isinstance(val, dict) and 'mtu' in val: mtu = val['mtu'] @@ -940,7 +1026,9 @@ def set_sdn_facts_if_unset(facts, system_facts): return facts + def set_nodename(facts): + """ set nodename """ if 'node' in facts and 'common' in facts: if 'cloudprovider' in facts and facts['cloudprovider']['kind'] == 'openstack': facts['node']['nodename'] = facts['provider']['metadata']['hostname'].replace('.novalocal', '') @@ -948,6 +1036,7 @@ def set_nodename(facts): facts['node']['nodename'] = facts['common']['hostname'].lower() return facts + def migrate_oauth_template_facts(facts): """ Migrate an old oauth template fact to a newer format if it's present. @@ -967,6 +1056,7 @@ def migrate_oauth_template_facts(facts): facts['master']['oauth_templates']['login'] = facts['master']['oauth_template'] return facts + def format_url(use_ssl, hostname, port, path=''): """ Format url based on ssl flag, hostname, port and path @@ -989,6 +1079,7 @@ def format_url(use_ssl, hostname, port, path=''): url = urlunparse((scheme, netloc, path, '', '', '')) return url + def get_current_config(facts): """ Get current openshift config @@ -1018,10 +1109,9 @@ def get_current_config(facts): ) kubeconfig_path = os.path.join(kubeconfig_dir, '.kubeconfig') - if (os.path.isfile('/usr/bin/openshift') - and os.path.isfile(kubeconfig_path)): + if os.path.isfile('/usr/bin/openshift') and os.path.isfile(kubeconfig_path): try: - _, output, _ = module.run_command( + _, output, _ = module.run_command( # noqa: F405 ["/usr/bin/openshift", "ex", "config", "view", "-o", "json", "--kubeconfig=%s" % kubeconfig_path], check_rc=False @@ -1052,6 +1142,7 @@ def get_current_config(facts): return current_config + def build_kubelet_args(facts): """Build node kubelet_args @@ -1096,6 +1187,7 @@ values provided as a list. Hence the gratuitous use of ['foo'] below. # # map() seems to be returning an itertools.imap object # instead of a list. We cast it to a list ourselves. + # pylint: disable=unnecessary-lambda labels_str = list(map(lambda x: '='.join(x), facts['node']['labels'].items())) if labels_str != '': kubelet_args['node-labels'] = labels_str @@ -1106,6 +1198,7 @@ values provided as a list. Hence the gratuitous use of ['foo'] below. facts = merge_facts({'node': {'kubelet_args': kubelet_args}}, facts, [], []) return facts + def build_controller_args(facts): """ Build master controller_args """ cloud_cfg_path = os.path.join(facts['common']['config_base'], @@ -1127,6 +1220,7 @@ def build_controller_args(facts): facts = merge_facts({'master': {'controller_args': controller_args}}, facts, [], []) return facts + def build_api_server_args(facts): """ Build master api_server_args """ cloud_cfg_path = os.path.join(facts['common']['config_base'], @@ -1148,13 +1242,14 @@ def build_api_server_args(facts): facts = merge_facts({'master': {'api_server_args': api_server_args}}, facts, [], []) return facts + def is_service_running(service): """ Queries systemd through dbus to see if the service is running """ service_running = False - bus = SystemBus() - systemd = bus.get_object('org.freedesktop.systemd1', '/org/freedesktop/systemd1') - manager = Interface(systemd, dbus_interface='org.freedesktop.systemd1.Manager') try: + bus = SystemBus() + systemd = bus.get_object('org.freedesktop.systemd1', '/org/freedesktop/systemd1') + manager = Interface(systemd, dbus_interface='org.freedesktop.systemd1.Manager') service_unit = service if service.endswith('.service') else manager.GetUnit('{0}.service'.format(service)) service_proxy = bus.get_object('org.freedesktop.systemd1', str(service_unit)) service_properties = Interface(service_proxy, dbus_interface='org.freedesktop.DBus.Properties') @@ -1163,10 +1258,20 @@ def is_service_running(service): if service_load_state == 'loaded' and service_active_state == 'active': service_running = True except DBusException: + # TODO: do not swallow exception, as it may be hiding useful debugging + # information. pass return service_running + +def rpm_rebuilddb(): + """ + Runs rpm --rebuilddb to ensure the db is in good shape. + """ + module.run_command(['/usr/bin/rpm', '--rebuilddb']) # noqa: F405 + + def get_version_output(binary, version_cmd): """ runs and returns the version output for a command """ cmd = [] @@ -1177,9 +1282,10 @@ def get_version_output(binary, version_cmd): cmd.append(item) if os.path.isfile(cmd[0]): - _, output, _ = module.run_command(cmd) + _, output, _ = module.run_command(cmd) # noqa: F405 return output + def get_docker_version_info(): """ Parses and returns the docker version info """ result = None @@ -1192,6 +1298,7 @@ def get_docker_version_info(): } return result + def get_hosted_registry_insecure(): """ Parses OPTIONS from /etc/sysconfig/docker to determine if the registry is currently insecure. @@ -1199,17 +1306,18 @@ def get_hosted_registry_insecure(): hosted_registry_insecure = None if os.path.exists('/etc/sysconfig/docker'): try: - ini_str = unicode('[root]\n' + open('/etc/sysconfig/docker', 'r').read(), 'utf-8') + ini_str = text_type('[root]\n' + open('/etc/sysconfig/docker', 'r').read(), 'utf-8') ini_fp = io.StringIO(ini_str) - config = ConfigParser.RawConfigParser() + config = configparser.RawConfigParser() config.readfp(ini_fp) options = config.get('root', 'OPTIONS') if 'insecure-registry' in options: hosted_registry_insecure = True - except: + except Exception: # pylint: disable=broad-except pass return hosted_registry_insecure + def get_openshift_version(facts): """ Get current version of openshift on the host. @@ -1226,12 +1334,13 @@ def get_openshift_version(facts): # No need to run this method repeatedly on a system if we already know the # version + # TODO: We need a way to force reload this after upgrading bits. if 'common' in facts: if 'version' in facts['common'] and facts['common']['version'] is not None: return chomp_commit_offset(facts['common']['version']) if os.path.isfile('/usr/bin/openshift'): - _, output, _ = module.run_command(['/usr/bin/openshift', 'version']) + _, output, _ = module.run_command(['/usr/bin/openshift', 'version']) # noqa: F405 version = parse_openshift_version(output) elif 'common' in facts and 'is_containerized' in facts['common']: version = get_container_openshift_version(facts) @@ -1240,7 +1349,7 @@ def get_openshift_version(facts): # This can be very slow and may get re-run multiple times, so we only use this # if other methods failed to find a version. if not version and os.path.isfile('/usr/local/bin/openshift'): - _, output, _ = module.run_command(['/usr/local/bin/openshift', 'version']) + _, output, _ = module.run_command(['/usr/local/bin/openshift', 'version']) # noqa: F405 version = parse_openshift_version(output) return chomp_commit_offset(version) @@ -1330,9 +1439,10 @@ def apply_provider_facts(facts, provider_facts): facts['provider'] = provider_facts return facts + # Disabling pylint too many branches. This function needs refactored # but is a very core part of openshift_facts. -# pylint: disable=too-many-branches +# pylint: disable=too-many-branches, too-many-nested-blocks def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overwrite): """ Recursively merge facts dicts @@ -1355,16 +1465,18 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw # here, just completely overwrite with the new if they are present there. inventory_json_facts = ['admission_plugin_config', 'kube_admission_plugin_config', - 'image_policy_config'] + 'image_policy_config', + "builddefaults", + "buildoverrides"] facts = dict() - for key, value in orig.iteritems(): + for key, value in iteritems(orig): # Key exists in both old and new facts. if key in new: if key in inventory_json_facts: # Watchout for JSON facts that sometimes load as strings. # (can happen if the JSON contains a boolean) - if isinstance(new[key], basestring): + if isinstance(new[key], string_types): facts[key] = yaml.safe_load(new[key]) else: facts[key] = copy.deepcopy(new[key]) @@ -1401,16 +1513,18 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw elif key in protected_facts and key not in [x.split('.')[-1] for x in protected_facts_to_overwrite]: # The master count (int) can only increase unless it # has been passed as a protected fact to overwrite. - if key == 'master_count': + if key == 'master_count' and new[key] is not None and new[key] is not '': if int(value) <= int(new[key]): facts[key] = copy.deepcopy(new[key]) else: - module.fail_json(msg='openshift_facts received a lower value for openshift.master.master_count') + # pylint: disable=line-too-long + module.fail_json(msg='openshift_facts received a lower value for openshift.master.master_count') # noqa: F405 # ha (bool) can not change unless it has been passed # as a protected fact to overwrite. if key == 'ha': if safe_get_bool(value) != safe_get_bool(new[key]): - module.fail_json(msg='openshift_facts received a different value for openshift.master.ha') + # pylint: disable=line-too-long + module.fail_json(msg='openshift_facts received a different value for openshift.master.ha') # noqa: F405 else: facts[key] = value # No other condition has been met. Overwrite the old fact @@ -1424,12 +1538,13 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw for key in new_keys: # Watchout for JSON facts that sometimes load as strings. # (can happen if the JSON contains a boolean) - if key in inventory_json_facts and isinstance(new[key], basestring): + if key in inventory_json_facts and isinstance(new[key], string_types): facts[key] = yaml.safe_load(new[key]) else: facts[key] = copy.deepcopy(new[key]) return facts + def save_local_facts(filename, facts): """ Save local facts @@ -1445,7 +1560,7 @@ def save_local_facts(filename, facts): if exception.errno != errno.EEXIST: # but it is okay if it is already there raise # pass any other exceptions up the chain with open(filename, 'w') as fact_file: - fact_file.write(module.jsonify(facts)) + fact_file.write(module.jsonify(facts)) # noqa: F405 os.chmod(filename, 0o600) except (IOError, OSError) as ex: raise OpenShiftFactsFileWriteError( @@ -1464,15 +1579,15 @@ def get_local_facts_from_file(filename): local_facts = dict() try: # Handle conversion of INI style facts file to json style - ini_facts = ConfigParser.SafeConfigParser() + ini_facts = configparser.SafeConfigParser() ini_facts.read(filename) for section in ini_facts.sections(): local_facts[section] = dict() for key, value in ini_facts.items(section): local_facts[section][key] = value - except (ConfigParser.MissingSectionHeaderError, - ConfigParser.ParsingError): + except (configparser.MissingSectionHeaderError, + configparser.ParsingError): try: with open(filename, 'r') as facts_file: local_facts = json.load(facts_file) @@ -1481,6 +1596,7 @@ def get_local_facts_from_file(filename): return local_facts + def sort_unique(alist): """ Sorts and de-dupes a list @@ -1498,6 +1614,7 @@ def sort_unique(alist): return out + def safe_get_bool(fact): """ Get a boolean fact safely. @@ -1508,12 +1625,9 @@ def safe_get_bool(fact): """ return bool(strtobool(str(fact))) + def set_proxy_facts(facts): - """ Set global proxy facts and promote defaults from http_proxy, https_proxy, - no_proxy to the more specific builddefaults and builddefaults_git vars. - 1. http_proxy, https_proxy, no_proxy - 2. builddefaults_* - 3. builddefaults_git_* + """ Set global proxy facts Args: facts(dict): existing facts @@ -1523,13 +1637,11 @@ def set_proxy_facts(facts): if 'common' in facts: common = facts['common'] if 'http_proxy' in common or 'https_proxy' in common: - if 'no_proxy' in common and \ - isinstance(common['no_proxy'], basestring): + if 'no_proxy' in common and isinstance(common['no_proxy'], string_types): common['no_proxy'] = common['no_proxy'].split(",") elif 'no_proxy' not in common: common['no_proxy'] = [] - if 'generate_no_proxy_hosts' in common and \ - safe_get_bool(common['generate_no_proxy_hosts']): + if 'generate_no_proxy_hosts' in common and safe_get_bool(common['generate_no_proxy_hosts']): if 'no_proxy_internal_hostnames' in common: common['no_proxy'].extend(common['no_proxy_internal_hostnames'].split(',')) # We always add local dns domain and ourselves no matter what @@ -1537,6 +1649,21 @@ def set_proxy_facts(facts): common['no_proxy'].append(common['hostname']) common['no_proxy'] = sort_unique(common['no_proxy']) facts['common'] = common + return facts + + +def set_builddefaults_facts(facts): + """ Set build defaults including setting proxy values from http_proxy, https_proxy, + no_proxy to the more specific builddefaults and builddefaults_git vars. + 1. http_proxy, https_proxy, no_proxy + 2. builddefaults_* + 3. builddefaults_git_* + + Args: + facts(dict): existing facts + Returns: + facts(dict): Updated facts with missing values + """ if 'builddefaults' in facts: builddefaults = facts['builddefaults'] @@ -1546,27 +1673,46 @@ def set_proxy_facts(facts): builddefaults['http_proxy'] = common['http_proxy'] if 'https_proxy' not in builddefaults and 'https_proxy' in common: builddefaults['https_proxy'] = common['https_proxy'] - # make no_proxy into a list if it's not - if 'no_proxy' in builddefaults and isinstance(builddefaults['no_proxy'], basestring): - builddefaults['no_proxy'] = builddefaults['no_proxy'].split(",") if 'no_proxy' not in builddefaults and 'no_proxy' in common: builddefaults['no_proxy'] = common['no_proxy'] + + # Create git specific facts from generic values, if git specific values are + # not defined. if 'git_http_proxy' not in builddefaults and 'http_proxy' in builddefaults: builddefaults['git_http_proxy'] = builddefaults['http_proxy'] if 'git_https_proxy' not in builddefaults and 'https_proxy' in builddefaults: builddefaults['git_https_proxy'] = builddefaults['https_proxy'] - # If we're actually defining a proxy config then create kube_admission_plugin_config - # if it doesn't exist, then merge builddefaults[config] structure - # into kube_admission_plugin_config - if 'kube_admission_plugin_config' not in facts['master']: - facts['master']['kube_admission_plugin_config'] = dict() - if 'config' in builddefaults and ('http_proxy' in builddefaults or \ - 'https_proxy' in builddefaults): - facts['master']['kube_admission_plugin_config'].update(builddefaults['config']) - facts['builddefaults'] = builddefaults + if 'git_no_proxy' not in builddefaults and 'no_proxy' in builddefaults: + builddefaults['git_no_proxy'] = builddefaults['no_proxy'] + # If we're actually defining a builddefaults config then create admission_plugin_config + # then merge builddefaults[config] structure into admission_plugin_config + if 'config' in builddefaults: + if 'admission_plugin_config' not in facts['master']: + facts['master']['admission_plugin_config'] = dict() + facts['master']['admission_plugin_config'].update(builddefaults['config']) + return facts + + +def set_buildoverrides_facts(facts): + """ Set build overrides + + Args: + facts(dict): existing facts + Returns: + facts(dict): Updated facts with missing values + """ + if 'buildoverrides' in facts: + buildoverrides = facts['buildoverrides'] + # If we're actually defining a buildoverrides config then create admission_plugin_config + # then merge buildoverrides[config] structure into admission_plugin_config + if 'config' in buildoverrides: + if 'admission_plugin_config' not in facts['master']: + facts['master']['admission_plugin_config'] = dict() + facts['master']['admission_plugin_config'].update(buildoverrides['config']) return facts + # pylint: disable=too-many-statements def set_container_facts_if_unset(facts): """ Set containerized facts. @@ -1638,6 +1784,7 @@ def set_container_facts_if_unset(facts): return facts + def set_installed_variant_rpm_facts(facts): """ Set RPM facts of installed variant Args: @@ -1652,7 +1799,7 @@ def set_installed_variant_rpm_facts(facts): ['{0}-{1}'.format(base_rpm, r) for r in optional_rpms] + \ ['tuned-profiles-%s-node' % base_rpm] for rpm in variant_rpms: - exit_code, _, _ = module.run_command(['rpm', '-q', rpm]) + exit_code, _, _ = module.run_command(['rpm', '-q', rpm]) # noqa: F405 if exit_code == 0: installed_rpms.append(rpm) @@ -1660,7 +1807,6 @@ def set_installed_variant_rpm_facts(facts): return facts - class OpenShiftFactsInternalError(Exception): """Origin Facts Error""" pass @@ -1701,6 +1847,7 @@ class OpenShiftFacts(object): OpenShiftFactsUnsupportedRoleError: """ known_roles = ['builddefaults', + 'buildoverrides', 'clock', 'cloudprovider', 'common', @@ -1728,12 +1875,12 @@ class OpenShiftFacts(object): try: # ansible-2.1 # pylint: disable=too-many-function-args,invalid-name - self.system_facts = ansible_facts(module, ['hardware', 'network', 'virtual', 'facter']) + self.system_facts = ansible_facts(module, ['hardware', 'network', 'virtual', 'facter']) # noqa: F405 for (k, v) in self.system_facts.items(): self.system_facts["ansible_%s" % k.replace('-', '_')] = v except UnboundLocalError: # ansible-2.2 - self.system_facts = get_all_facts(module)['ansible_facts'] + self.system_facts = get_all_facts(module)['ansible_facts'] # noqa: F405 self.facts = self.generate_facts(local_facts, additive_facts_to_overwrite, @@ -1766,7 +1913,6 @@ class OpenShiftFacts(object): protected_facts_to_overwrite) roles = local_facts.keys() - if 'common' in local_facts and 'deployment_type' in local_facts['common']: deployment_type = local_facts['common']['deployment_type'] else: @@ -1800,11 +1946,14 @@ class OpenShiftFacts(object): facts = build_controller_args(facts) facts = build_api_server_args(facts) facts = set_version_facts_if_unset(facts) + facts = set_evacuate_or_drain_option(facts) facts = set_dnsmasq_facts_if_unset(facts) facts = set_manageiq_facts_if_unset(facts) facts = set_aggregate_facts(facts) facts = set_etcd_facts_if_unset(facts) facts = set_proxy_facts(facts) + facts = set_builddefaults_facts(facts) + facts = set_buildoverrides_facts(facts) if not safe_get_bool(facts['common']['is_containerized']): facts = set_installed_variant_rpm_facts(facts) facts = set_nodename(facts) @@ -1821,7 +1970,7 @@ class OpenShiftFacts(object): """ defaults = {} ip_addr = self.system_facts['ansible_default_ipv4']['address'] - exit_code, output, _ = module.run_command(['hostname', '-f']) + exit_code, output, _ = module.run_command(['hostname', '-f']) # noqa: F405 hostname_f = output.strip() if exit_code == 0 else '' hostname_values = [hostname_f, self.system_facts['ansible_nodename'], self.system_facts['ansible_fqdn']] @@ -1840,22 +1989,6 @@ class OpenShiftFacts(object): debug_level=2) if 'master' in roles: - scheduler_predicates = [ - {"name": "MatchNodeSelector"}, - {"name": "PodFitsResources"}, - {"name": "PodFitsPorts"}, - {"name": "NoDiskConflict"}, - {"name": "NoVolumeZoneConflict"}, - {"name": "MaxEBSVolumeCount"}, - {"name": "MaxGCEPDVolumeCount"}, - {"name": "Region", "argument": {"serviceAffinity" : {"labels" : ["region"]}}} - ] - scheduler_priorities = [ - {"name": "LeastRequestedPriority", "weight": 1}, - {"name": "SelectorSpreadPriority", "weight": 1}, - {"name": "Zone", "weight" : 2, "argument": {"serviceAntiAffinity" : {"label": "zone"}}} - ] - defaults['master'] = dict(api_use_ssl=True, api_port='8443', controllers_port='8444', console_use_ssl=True, @@ -1872,8 +2005,6 @@ class OpenShiftFacts(object): access_token_max_seconds=86400, auth_token_max_seconds=500, oauth_grant_method='auto', - scheduler_predicates=scheduler_predicates, - scheduler_priorities=scheduler_priorities, dynamic_provisioning_enabled=True, max_requests_inflight=500) @@ -1886,6 +2017,11 @@ class OpenShiftFacts(object): if 'docker' in roles: docker = dict(disable_push_dockerhub=False, options='--log-driver=json-file --log-opt max-size=50m') + # NOTE: This is a workaround for a dnf output racecondition that can occur in + # some situations. See https://bugzilla.redhat.com/show_bug.cgi?id=918184 + if self.system_facts['ansible_pkg_mgr'] == 'dnf': + rpm_rebuilddb() + version_info = get_docker_version_info() if version_info is not None: docker['api_version'] = version_info['api_version'] @@ -1897,7 +2033,7 @@ class OpenShiftFacts(object): defaults['docker'] = docker if 'clock' in roles: - exit_code, _, _ = module.run_command(['rpm', '-q', 'chrony']) + exit_code, _, _ = module.run_command(['rpm', '-q', 'chrony']) # noqa: F405 chrony_installed = bool(exit_code == 0) defaults['clock'] = dict( enabled=True, @@ -1923,7 +2059,9 @@ class OpenShiftFacts(object): options='*(rw,root_squash)' ), host=None, - access_modes=['ReadWriteOnce'], + access=dict( + modes=['ReadWriteOnce'] + ), create_pv=True, create_pvc=False ) @@ -1940,7 +2078,9 @@ class OpenShiftFacts(object): options='*(rw,root_squash)' ), host=None, - access_modes=['ReadWriteOnce'], + access=dict( + modes=['ReadWriteOnce'] + ), create_pv=True, create_pvc=False ) @@ -1956,7 +2096,9 @@ class OpenShiftFacts(object): directory='/exports', options='*(rw,root_squash)'), host=None, - access_modes=['ReadWriteMany'], + access=dict( + modes=['ReadWriteMany'] + ), create_pv=True, create_pvc=True ) @@ -1982,7 +2124,7 @@ class OpenShiftFacts(object): # TODO: this is not exposed through module_utils/facts.py in ansible, # need to create PR for ansible to expose it - bios_vendor = get_file_content( + bios_vendor = get_file_content( # noqa: F405 '/sys/devices/virtual/dmi/id/bios_vendor' ) if bios_vendor == 'Google': @@ -1997,8 +2139,7 @@ class OpenShiftFacts(object): if metadata: metadata['project']['attributes'].pop('sshKeys', None) metadata['instance'].pop('serviceAccounts', None) - elif (virt_type == 'xen' and virt_role == 'guest' - and re.match(r'.*\.amazon$', product_version)): + elif virt_type == 'xen' and virt_role == 'guest' and re.match(r'.*\.amazon$', product_version): provider = 'aws' metadata_url = 'http://169.254.169.254/latest/meta-data/' metadata = get_provider_metadata(metadata_url) @@ -2059,7 +2200,7 @@ class OpenShiftFacts(object): # Determine if any of the provided variable structures match the fact. matching_structure = None - if openshift_env_structures != None: + if openshift_env_structures is not None: for structure in openshift_env_structures: if re.match(structure, openshift_env_fact): matching_structure = structure @@ -2083,7 +2224,7 @@ class OpenShiftFacts(object): # Disabling too-many-branches and too-many-locals. # This should be cleaned up as a TODO item. - #pylint: disable=too-many-branches, too-many-locals + # pylint: disable=too-many-branches, too-many-locals def init_local_facts(self, facts=None, additive_facts_to_overwrite=None, openshift_env=None, @@ -2111,8 +2252,8 @@ class OpenShiftFacts(object): if facts is not None: facts_to_set[self.role] = facts - if openshift_env != {} and openshift_env != None: - for fact, value in openshift_env.iteritems(): + if openshift_env != {} and openshift_env is not None: + for fact, value in iteritems(openshift_env): oo_env_facts = dict() current_level = oo_env_facts keys = self.split_openshift_env_fact_keys(fact, openshift_env_structures)[1:] @@ -2140,16 +2281,16 @@ class OpenShiftFacts(object): if 'docker' in new_local_facts: # remove duplicate and empty strings from registry lists - for cat in ['additional', 'blocked', 'insecure']: + for cat in ['additional', 'blocked', 'insecure']: key = '{0}_registries'.format(cat) if key in new_local_facts['docker']: val = new_local_facts['docker'][key] - if isinstance(val, basestring): + if isinstance(val, string_types): val = [x.strip() for x in val.split(',')] new_local_facts['docker'][key] = list(set(val) - set([''])) # Convert legacy log_options comma sep string to a list if present: if 'log_options' in new_local_facts['docker'] and \ - isinstance(new_local_facts['docker']['log_options'], basestring): + isinstance(new_local_facts['docker']['log_options'], string_types): new_local_facts['docker']['log_options'] = new_local_facts['docker']['log_options'].split(',') new_local_facts = self.remove_empty_facts(new_local_facts) @@ -2157,7 +2298,7 @@ class OpenShiftFacts(object): if new_local_facts != local_facts: self.validate_local_facts(new_local_facts) changed = True - if not module.check_mode: + if not module.check_mode: # noqa: F405 save_local_facts(self.filename, new_local_facts) self.changed = changed @@ -2170,7 +2311,7 @@ class OpenShiftFacts(object): facts (dict): facts to clean """ facts_to_remove = [] - for fact, value in facts.iteritems(): + for fact, value in iteritems(facts): if isinstance(facts[fact], dict): facts[fact] = self.remove_empty_facts(facts[fact]) else: @@ -2190,10 +2331,10 @@ class OpenShiftFacts(object): invalid_facts = self.validate_master_facts(facts, invalid_facts) if invalid_facts: msg = 'Invalid facts detected:\n' + # pylint: disable=consider-iterating-dictionary for key in invalid_facts.keys(): msg += '{0}: {1}\n'.format(key, invalid_facts[key]) - module.fail_json(msg=msg, - changed=self.changed) + module.fail_json(msg=msg, changed=self.changed) # noqa: F405 # disabling pylint errors for line-too-long since we're dealing # with best effort reduction of error messages here. @@ -2245,13 +2386,14 @@ class OpenShiftFacts(object): 'Secrets must be 16, 24, or 32 characters in length.') return invalid_facts + def main(): """ main """ # disabling pylint errors for global-variable-undefined and invalid-name # for 'global module' usage, since it is required to use ansible_facts # pylint: disable=global-variable-undefined, invalid-name global module - module = AnsibleModule( + module = AnsibleModule( # noqa: F405 argument_spec=dict( role=dict(default='common', required=False, choices=OpenShiftFacts.known_roles), @@ -2265,16 +2407,19 @@ def main(): add_file_common_args=True, ) - module.params['gather_subset'] = ['hardware', 'network', 'virtual', 'facter'] - module.params['gather_timeout'] = 10 - module.params['filter'] = '*' + if not HAVE_DBUS: + module.fail_json(msg="This module requires dbus python bindings") # noqa: F405 + + module.params['gather_subset'] = ['hardware', 'network', 'virtual', 'facter'] # noqa: F405 + module.params['gather_timeout'] = 10 # noqa: F405 + module.params['filter'] = '*' # noqa: F405 - role = module.params['role'] - local_facts = module.params['local_facts'] - additive_facts_to_overwrite = module.params['additive_facts_to_overwrite'] - openshift_env = module.params['openshift_env'] - openshift_env_structures = module.params['openshift_env_structures'] - protected_facts_to_overwrite = module.params['protected_facts_to_overwrite'] + role = module.params['role'] # noqa: F405 + local_facts = module.params['local_facts'] # noqa: F405 + additive_facts_to_overwrite = module.params['additive_facts_to_overwrite'] # noqa: F405 + openshift_env = module.params['openshift_env'] # noqa: F405 + openshift_env_structures = module.params['openshift_env_structures'] # noqa: F405 + protected_facts_to_overwrite = module.params['protected_facts_to_overwrite'] # noqa: F405 fact_file = '/etc/ansible/facts.d/openshift.fact' @@ -2286,21 +2431,15 @@ def main(): openshift_env_structures, protected_facts_to_overwrite) - file_params = module.params.copy() + file_params = module.params.copy() # noqa: F405 file_params['path'] = fact_file - file_args = module.load_file_common_arguments(file_params) - changed = module.set_fs_attributes_if_different(file_args, + file_args = module.load_file_common_arguments(file_params) # noqa: F405 + changed = module.set_fs_attributes_if_different(file_args, # noqa: F405 openshift_facts.changed) - return module.exit_json(changed=changed, + return module.exit_json(changed=changed, # noqa: F405 ansible_facts=openshift_facts.facts) -# ignore pylint errors related to the module_utils import -# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import -# import module snippets -from ansible.module_utils.basic import * -from ansible.module_utils.facts import * -from ansible.module_utils.urls import * if __name__ == '__main__': main() diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index b0785a9e4..b7b521f1a 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -10,12 +10,9 @@ - set_fact: l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}" -- name: Ensure PyYaml is installed - action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" - when: not l_is_atomic | bool - -- name: Ensure yum-utils is installed - action: "{{ ansible_pkg_mgr }} name=yum-utils state=present" +- name: Ensure various deps are installed + package: name={{ item }} state=present + with_items: "{{ required_packages }}" when: not l_is_atomic | bool - name: Gather Cluster facts and set is_containerized if needed @@ -38,6 +35,8 @@ no_proxy: "{{ openshift_no_proxy | default(None) }}" generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" + sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}" + use_openshift_sdn: "{{ openshift_use_openshift_sdn | default(None) }}" - name: Set repoquery command set_fact: diff --git a/roles/openshift_facts/vars/main.yml b/roles/openshift_facts/vars/main.yml new file mode 100644 index 000000000..9c3110ff6 --- /dev/null +++ b/roles/openshift_facts/vars/main.yml @@ -0,0 +1,7 @@ +--- +required_packages: + - iproute + - python-dbus + - python-six + - PyYAML + - yum-utils diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml index 74c50ae1d..ca5e88b15 100644 --- a/roles/openshift_hosted/meta/main.yml +++ b/roles/openshift_hosted/meta/main.yml @@ -11,4 +11,23 @@ galaxy_info: - 7 categories: - cloud -dependencies: [] +dependencies: +- role: openshift_cli +- role: openshift_hosted_facts +- role: openshift_projects + openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}" +- role: openshift_serviceaccounts + openshift_serviceaccounts_names: + - router + openshift_serviceaccounts_namespace: default + openshift_serviceaccounts_sccs: + - hostnetwork + when: openshift.common.version_gte_3_2_or_1_2 +- role: openshift_serviceaccounts + openshift_serviceaccounts_names: + - router + - registry + openshift_serviceaccounts_namespace: default + openshift_serviceaccounts_sccs: + - privileged + when: not openshift.common.version_gte_3_2_or_1_2 diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index d2f6ba5f6..d87a3847c 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -29,14 +29,14 @@ changed_when: false - set_fact: - docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift.master.default_subdomain | default('router.default.svc.cluster.local', true)) }}" + docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" - name: Create registry certificates if they do not exist command: > {{ openshift.common.client_binary }} adm ca create-server-cert - --signer-cert=/etc/origin/master/ca.crt - --signer-key=/etc/origin/master/ca.key - --signer-serial=/etc/origin/master/ca.serial.txt + --signer-cert={{ openshift_master_config_dir }}/ca.crt + --signer-key={{ openshift_master_config_dir }}/ca.key + --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt --hostnames="{{ docker_registry_service_ip.stdout }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}" --cert={{ openshift_master_config_dir }}/registry.crt --key={{ openshift_master_config_dir }}/registry.key @@ -65,12 +65,12 @@ - name: Determine if registry-certificates secret volume attached command: > {{ openshift.common.client_binary }} get dc/docker-registry - -o jsonpath='{.spec.template.spec.volumes[*].secret.secretName}' + -o jsonpath='{.spec.template.spec.volumes[?(@.secret)].secret.secretName}' --config={{ openshift_hosted_kubeconfig }} -n default register: docker_registry_volumes changed_when: false - failed_when: "'secretName is not found' not in docker_registry_volumes.stdout and docker_registry_volumes.rc != 0" + failed_when: "docker_registry_volumes.stdout != '' and 'secretName is not found' not in docker_registry_volumes.stdout and docker_registry_volumes.rc != 0" - name: Attach registry-certificates secret volume command: > diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml index 7b1b3f6ff..e56a68e27 100644 --- a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml +++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml @@ -1,3 +1,4 @@ +--- - fail: msg: > Object Storage Provider: {{ openshift.hosted.registry.storage.provider }} diff --git a/roles/openshift_hosted_logging/tasks/cleanup_logging.yaml b/roles/openshift_hosted_logging/tasks/cleanup_logging.yaml index 8754616d9..70b0d67a4 100644 --- a/roles/openshift_hosted_logging/tasks/cleanup_logging.yaml +++ b/roles/openshift_hosted_logging/tasks/cleanup_logging.yaml @@ -1,59 +1,59 @@ --- - - name: Create temp directory for kubeconfig - command: mktemp -d /tmp/openshift-ansible-XXXXXX - register: mktemp - changed_when: False +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False - - name: Copy the admin client config(s) - command: > - cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig - changed_when: False +- name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig + changed_when: False - - name: "Checking for logging project" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project logging" - register: logging_project - failed_when: "'FAILED' in logging_project.stderr" +- name: "Checking for logging project" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project logging" + register: logging_project + failed_when: "'FAILED' in logging_project.stderr" - - name: "Changing projects" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging" +- name: "Changing projects" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging" - - name: "Cleanup any previous logging infrastructure" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete --ignore-not-found all --selector logging-infra={{ item }}" - with_items: - - kibana - - fluentd - - elasticsearch - ignore_errors: yes +- name: "Cleanup any previous logging infrastructure" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete --ignore-not-found all --selector logging-infra={{ item }}" + with_items: + - kibana + - fluentd + - elasticsearch + ignore_errors: yes - - name: "Cleanup existing support infrastructure" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete --ignore-not-found all,sa,oauthclient --selector logging-infra=support" - ignore_errors: yes +- name: "Cleanup existing support infrastructure" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete --ignore-not-found all,sa,oauthclient --selector logging-infra=support" + ignore_errors: yes - - name: "Cleanup existing secrets" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete secret logging-fluentd logging-elasticsearch logging-es-proxy logging-kibana logging-kibana-proxy logging-kibana-ops-proxy" - ignore_errors: yes - register: clean_result - failed_when: clean_result.rc == 1 and 'not found' not in clean_result.stderr +- name: "Cleanup existing secrets" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete secret logging-fluentd logging-elasticsearch logging-es-proxy logging-kibana logging-kibana-proxy logging-kibana-ops-proxy" + ignore_errors: yes + register: clean_result + failed_when: clean_result.rc == 1 and 'not found' not in clean_result.stderr - - name: "Cleanup existing logging deployers" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete pods --all" +- name: "Cleanup existing logging deployers" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete pods --all" - - name: "Cleanup logging project" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete project logging" +- name: "Cleanup logging project" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete project logging" - - name: "Remove deployer template" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete template logging-deployer-template -n openshift" - register: delete_output - failed_when: delete_output.rc == 1 and 'exists' not in delete_output.stderr +- name: "Remove deployer template" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig delete template logging-deployer-template -n openshift" + register: delete_output + failed_when: delete_output.rc == 1 and 'exists' not in delete_output.stderr - - name: Delete temp directory - file: - name: "{{ mktemp.stdout }}" - state: absent - changed_when: False +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False - - debug: msg="Success!" +- debug: msg="Success!" diff --git a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml index 0162d1fb0..513a74c69 100644 --- a/roles/openshift_hosted_logging/tasks/deploy_logging.yaml +++ b/roles/openshift_hosted_logging/tasks/deploy_logging.yaml @@ -1,162 +1,175 @@ --- - - debug: msg="WARNING target_registry is deprecated, use openshift_hosted_logging_image_prefix instead" - when: target_registry is defined and target_registry - - - fail: msg="This role requires the following vars to be defined. openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, openshift_hosted_logging_elasticsearch_cluster_size" - when: "openshift_hosted_logging_hostname is not defined or - openshift_hosted_logging_elasticsearch_cluster_size is not defined or - openshift_hosted_logging_master_public_url is not defined" - - - name: Create temp directory for kubeconfig - command: mktemp -d /tmp/openshift-ansible-XXXXXX - register: mktemp - changed_when: False - - - name: Copy the admin client config(s) - command: > - cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig - changed_when: False - - - name: "Check for logging project already exists" - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project logging -o jsonpath='{.metadata.name}' - register: logging_project_result - ignore_errors: True - - - name: "Create logging project" - command: > - {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging - when: logging_project_result.stdout == "" - - - name: "Changing projects" - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging - - - name: "Creating logging deployer secret" - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }} - register: secret_output - failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr" - - - name: "Create templates for logging accounts and the deployer" - command: > - {{ openshift.common.client_binary }} create - -f {{ hosted_base }}/logging-deployer.yaml - --config={{ mktemp.stdout }}/admin.kubeconfig - -n logging - register: logging_import_template - failed_when: "'already exists' not in logging_import_template.stderr and logging_import_template.rc != 0" - changed_when: "'created' in logging_import_template.stdout" - - - name: "Process the logging accounts template" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig process logging-deployer-account-template | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f -" - register: process_deployer_accounts - failed_when: process_deployer_accounts.rc == 1 and 'already exists' not in process_deployer_accounts.stderr - - - name: "Set permissions for logging-deployer service account" - command: > - {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig policy add-cluster-role-to-user oauth-editor system:serviceaccount:logging:logging-deployer - register: permiss_output - failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr" - - - name: "Set permissions for fluentd" - command: > - {{ openshift.common.client_binary }} adm policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd - register: fluentd_output - failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr" - - - name: "Set additional permissions for fluentd" - command: > - {{ openshift.common.client_binary }} adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd - register: fluentd2_output - failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" - - - name: "Create ConfigMap for deployer parameters" - command: > - {{ openshift.common.client_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-deployer {{ deployer_cmap_params }} - register: deployer_configmap_output - failed_when: "deployer_configmap_output.rc == 1 and 'exists' not in deployer_configmap_output.stderr" - - - name: "Process the deployer template" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-app logging-deployer-template {{ oc_new_app_values }}" - register: process_deployer - failed_when: process_deployer.rc == 1 and 'already exists' not in process_deployer.stderr - - - name: "Wait for image pull and deployer pod" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods | grep logging-deployer.*Completed" - register: result - until: result.rc == 0 - retries: 20 - delay: 15 - - - name: "Process imagestream template" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-app logging-imagestream-template {{ oc_new_app_values }}" - when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry - register: process_is - failed_when: process_is.rc == 1 and 'already exists' not in process_is.stderr - - - name: "Set insecured registry" - command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig annotate is --all openshift.io/image.insecureRepository=true --overwrite" - when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry - - - name: "Wait for imagestreams to become available" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get is | grep logging-fluentd" - when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry - register: result - until: result.rc == 0 - failed_when: result.rc == 1 and 'not found' not in result.stderr - retries: 20 - delay: 5 - - - name: "Wait for component pods to be running" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component={{ item }} | grep Running" - with_items: - - es - - kibana - - curator - register: result - until: result.rc == 0 - failed_when: result.rc == 1 or 'Error' in result.stderr - retries: 20 - delay: 15 - - - name: "Wait for ops component pods to be running" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component={{ item }} | grep Running" - with_items: - - es-ops - - kibana-ops - - curator-ops - when: openshift_hosted_logging_enable_ops_cluster is defined and openshift_hosted_logging_enable_ops_cluster - register: result - until: result.rc == 0 - failed_when: result.rc == 1 or 'Error' in result.stderr - retries: 20 - delay: 15 - - - name: "Wait for fluentd DaemonSet to exist" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get daemonset logging-fluentd" - register: result - until: result.rc == 0 - failed_when: result.rc == 1 or 'Error' in result.stderr - retries: 20 - delay: 5 - - - name: "Deploy fluentd by labeling the node" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig label node --overwrite=true {{ '-l' ~ openshift_hosted_logging_fluentd_nodeselector if openshift_hosted_logging_fluentd_nodeselector is defined else '--all' }} {{ openshift_hosted_logging_fluentd_nodeselector_label if openshift_hosted_logging_fluentd_nodeselector_label is defined else 'logging-infra-fluentd=true' }}" - - - name: "Wait for fluentd to be running" - shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component=fluentd | grep Running" - register: result - until: result.rc == 0 - failed_when: result.rc == 1 or 'Error' in result.stderr - retries: 20 - delay: 15 - - - debug: - msg: "Logging components deployed. Note persistent volume for elasticsearch must be setup manually" - - - name: Delete temp directory - file: - name: "{{ mktemp.stdout }}" - state: absent - changed_when: False +- debug: msg="WARNING target_registry is deprecated, use openshift_hosted_logging_image_prefix instead" + when: target_registry is defined and target_registry + +- fail: msg="This role requires the following vars to be defined. openshift_hosted_logging_master_public_url, openshift_hosted_logging_hostname, openshift_hosted_logging_elasticsearch_cluster_size" + when: "openshift_hosted_logging_hostname is not defined or + openshift_hosted_logging_elasticsearch_cluster_size is not defined or + openshift_hosted_logging_master_public_url is not defined" + +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + +- name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig + changed_when: False + +- name: "Check for logging project already exists" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project logging -o jsonpath='{.metadata.name}' + register: logging_project_result + ignore_errors: True + +- name: "Create logging project" + command: > + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig new-project logging + when: logging_project_result.stdout == "" + +- name: "Changing projects" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig project logging + +- name: "Creating logging deployer secret" + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig secrets new logging-deployer {{ openshift_hosted_logging_secret_vars | default('nothing=/dev/null') }} + register: secret_output + failed_when: "secret_output.rc == 1 and 'exists' not in secret_output.stderr" + +- name: "Create templates for logging accounts and the deployer" + command: > + {{ openshift.common.client_binary }} create --config={{ mktemp.stdout }}/admin.kubeconfig + -f {{ hosted_base }}/logging-deployer.yaml + --config={{ mktemp.stdout }}/admin.kubeconfig + -n logging + register: logging_import_template + failed_when: "'already exists' not in logging_import_template.stderr and logging_import_template.rc != 0" + changed_when: "'created' in logging_import_template.stdout" + +- name: "Process the logging accounts template" + shell: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig + process logging-deployer-account-template | {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig create -f - + register: process_deployer_accounts + failed_when: process_deployer_accounts.rc == 1 and 'already exists' not in process_deployer_accounts.stderr + +- name: "Set permissions for logging-deployer service account" + command: > + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig + policy add-cluster-role-to-user oauth-editor system:serviceaccount:logging:logging-deployer + register: permiss_output + failed_when: "permiss_output.rc == 1 and 'exists' not in permiss_output.stderr" + +- name: "Set permissions for fluentd" + command: > + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig + policy add-scc-to-user privileged system:serviceaccount:logging:aggregated-logging-fluentd + register: fluentd_output + failed_when: "fluentd_output.rc == 1 and 'exists' not in fluentd_output.stderr" + +- name: "Set additional permissions for fluentd" + command: > + {{ openshift.common.client_binary }} adm policy --config={{ mktemp.stdout }}/admin.kubeconfig + add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd + register: fluentd2_output + failed_when: "fluentd2_output.rc == 1 and 'exists' not in fluentd2_output.stderr" + +- name: "Add rolebinding-reader to aggregated-logging-elasticsearch" + command: > + {{ openshift.common.client_binary }} adm --config={{ mktemp.stdout }}/admin.kubeconfig + policy add-cluster-role-to-user rolebinding-reader \ + system:serviceaccount:logging:aggregated-logging-elasticsearch + register: rolebinding_reader_output + failed_when: "rolebinding_reader_output == 1 and 'exists' not in rolebinding_reader_output.stderr" + +- name: "Create ConfigMap for deployer parameters" + command: > + {{ openshift.common.client_binary}} --config={{ mktemp.stdout }}/admin.kubeconfig create configmap logging-deployer {{ deployer_cmap_params }} + register: deployer_configmap_output + failed_when: "deployer_configmap_output.rc == 1 and 'exists' not in deployer_configmap_output.stderr" + +- name: "Process the deployer template" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-app logging-deployer-template {{ oc_new_app_values }}" + register: process_deployer + failed_when: process_deployer.rc == 1 and 'already exists' not in process_deployer.stderr + +- name: "Wait for image pull and deployer pod" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods | grep logging-deployer.*Completed" + register: result + until: result.rc == 0 + retries: 20 + delay: 15 + +- name: "Process imagestream template" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-app logging-imagestream-template {{ oc_new_app_values }}" + when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry + register: process_is + failed_when: process_is.rc == 1 and 'already exists' not in process_is.stderr + +- name: "Set insecured registry" + command: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig annotate is --all openshift.io/image.insecureRepository=true --overwrite" + when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry + +- name: "Wait for imagestreams to become available" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get is | grep logging-fluentd" + when: tr_or_ohlip is defined and insecure_registry is defined and insecure_registry + register: result + until: result.rc == 0 + failed_when: result.rc == 1 and 'not found' not in result.stderr + retries: 20 + delay: 5 + +- name: "Wait for component pods to be running" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component={{ item }} | grep Running" + with_items: + - es + - kibana + - curator + register: result + until: result.rc == 0 + failed_when: result.rc == 1 or 'Error' in result.stderr + retries: 20 + delay: 15 + +- name: "Wait for ops component pods to be running" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component={{ item }} | grep Running" + with_items: + - es-ops + - kibana-ops + - curator-ops + when: openshift_hosted_logging_enable_ops_cluster is defined and openshift_hosted_logging_enable_ops_cluster + register: result + until: result.rc == 0 + failed_when: result.rc == 1 or 'Error' in result.stderr + retries: 20 + delay: 15 + +- name: "Wait for fluentd DaemonSet to exist" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get daemonset logging-fluentd" + register: result + until: result.rc == 0 + failed_when: result.rc == 1 or 'Error' in result.stderr + retries: 20 + delay: 5 + +- name: "Deploy fluentd by labeling the node" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig label node --overwrite=true {{ '-l' ~ openshift_hosted_logging_fluentd_nodeselector if openshift_hosted_logging_fluentd_nodeselector is defined else '--all' }} {{ openshift_hosted_logging_fluentd_nodeselector_label if openshift_hosted_logging_fluentd_nodeselector_label is defined else 'logging-infra-fluentd=true' }}" + +- name: "Wait for fluentd to be running" + shell: "{{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get pods -l component=fluentd | grep Running" + register: result + until: result.rc == 0 + failed_when: result.rc == 1 or 'Error' in result.stderr + retries: 20 + delay: 15 + +- debug: + msg: "Logging components deployed. Note persistent volume for elasticsearch must be setup manually" + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_hosted_logging/vars/main.yaml b/roles/openshift_hosted_logging/vars/main.yaml index 11412733b..33320e9c8 100644 --- a/roles/openshift_hosted_logging/vars/main.yaml +++ b/roles/openshift_hosted_logging/vars/main.yaml @@ -1,3 +1,4 @@ +--- tr_or_ohlip: "{{ openshift_hosted_logging_deployer_prefix | default(target_registry) | default(None) }}" ip_kv: "{{ '-p IMAGE_PREFIX=' ~ tr_or_ohlip | quote if tr_or_ohlip != '' else '' }}" iv_kv: "{{ '-p IMAGE_VERSION=' ~ openshift_hosted_logging_deployer_version | quote if openshift_hosted_logging_deployer_version | default(none) is not none else '' }}" diff --git a/roles/openshift_hosted_metrics/README.md b/roles/openshift_hosted_metrics/README.md new file mode 100644 index 000000000..c2af3c494 --- /dev/null +++ b/roles/openshift_hosted_metrics/README.md @@ -0,0 +1,54 @@ +OpenShift Metrics with Hawkular +==================== + +OpenShift Metrics Installation + +Requirements +------------ + +* Ansible 2.2 +* It requires subdomain fqdn to be set. +* If persistence is enabled, then it also requires NFS. + +Role Variables +-------------- + +From this role: + +| Name | Default value | | +|-------------------------------------------------|-----------------------|-------------------------------------------------------------| +| openshift_hosted_metrics_deploy | `False` | If metrics should be deployed | +| openshift_hosted_metrics_public_url | null | Hawkular metrics public url | +| openshift_hosted_metrics_storage_nfs_directory | `/exports` | Root export directory. | +| openshift_hosted_metrics_storage_volume_name | `metrics` | Metrics volume within openshift_hosted_metrics_volume_dir | +| openshift_hosted_metrics_storage_volume_size | `10Gi` | Metrics volume size | +| openshift_hosted_metrics_storage_nfs_options | `*(rw,root_squash)` | NFS options for configured exports. | +| openshift_hosted_metrics_duration | `7` | Metrics query duration | +| openshift_hosted_metrics_resolution | `10s` | Metrics resolution | + + +Dependencies +------------ +openshift_facts +openshift_examples +openshift_master_facts + +Example Playbook +---------------- + +``` +- name: Configure openshift-metrics + hosts: oo_first_master + roles: + - role: openshift_hosted_metrics +``` + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Jose David MartÃn (j.david.nieto@gmail.com) diff --git a/roles/openshift_metrics/defaults/main.yml b/roles/openshift_hosted_metrics/defaults/main.yml index a01f24df8..a01f24df8 100644 --- a/roles/openshift_metrics/defaults/main.yml +++ b/roles/openshift_hosted_metrics/defaults/main.yml diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_hosted_metrics/handlers/main.yml index e119db1a2..69c5a1663 100644 --- a/roles/openshift_metrics/handlers/main.yml +++ b/roles/openshift_hosted_metrics/handlers/main.yml @@ -1,16 +1,16 @@ --- - name: restart master - service: name={{ openshift.common.service_type }}-master state=restarted + systemd: name={{ openshift.common.service_type }}-master state=restarted when: (openshift.master.ha is not defined or not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool)) notify: Verify API Server - name: restart master api - service: name={{ openshift.common.service_type }}-master-api state=restarted + systemd: name={{ openshift.common.service_type }}-master-api state=restarted when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server - name: restart master controllers - service: name={{ openshift.common.service_type }}-master-controllers state=restarted + systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server diff --git a/roles/openshift_hosted_metrics/meta/main.yaml b/roles/openshift_hosted_metrics/meta/main.yaml new file mode 100644 index 000000000..debca3ca6 --- /dev/null +++ b/roles/openshift_hosted_metrics/meta/main.yaml @@ -0,0 +1,18 @@ +--- +galaxy_info: + author: David MartÃn + description: + company: + license: Apache License, Version 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: openshift_examples } +- { role: openshift_facts } +- { role: openshift_master_facts } diff --git a/roles/openshift_metrics/tasks/install.yml b/roles/openshift_hosted_metrics/tasks/install.yml index 4976c7153..2c839996e 100644 --- a/roles/openshift_metrics/tasks/install.yml +++ b/roles/openshift_hosted_metrics/tasks/install.yml @@ -3,7 +3,7 @@ - name: Test if metrics-deployer service account exists command: > {{ openshift.common.client_binary }} - --config={{ openshift_metrics_kubeconfig }} + --config={{ openshift_hosted_metrics_kubeconfig }} --namespace=openshift-infra get serviceaccount metrics-deployer -o json register: serviceaccount @@ -14,7 +14,7 @@ shell: > echo {{ metrics_deployer_sa | to_json | quote }} | {{ openshift.common.client_binary }} - --config={{ openshift_metrics_kubeconfig }} + --config={{ openshift_hosted_metrics_kubeconfig }} --namespace openshift-infra create -f - when: serviceaccount.rc == 1 @@ -22,7 +22,7 @@ - name: Test edit permissions command: > {{ openshift.common.client_binary }} - --config={{ openshift_metrics_kubeconfig }} + --config={{ openshift_hosted_metrics_kubeconfig }} --namespace openshift-infra get rolebindings -o jsonpath='{.items[?(@.metadata.name == "edit")].userNames}' register: edit_rolebindings @@ -31,16 +31,34 @@ - name: Add edit permission to the openshift-infra project to metrics-deployer SA command: > {{ openshift.common.client_binary }} adm - --config={{ openshift_metrics_kubeconfig }} + --config={{ openshift_hosted_metrics_kubeconfig }} --namespace openshift-infra policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer when: "'system:serviceaccount:openshift-infra:metrics-deployer' not in edit_rolebindings.stdout" +- name: Test hawkular view permissions + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_metrics_kubeconfig }} + --namespace openshift-infra + get rolebindings -o jsonpath='{.items[?(@.metadata.name == "view")].userNames}' + register: view_rolebindings + changed_when: false + +- name: Add view permissions to hawkular SA + command: > + {{ openshift.common.client_binary }} adm + --config={{ openshift_hosted_metrics_kubeconfig }} + --namespace openshift-infra + policy add-role-to-user view + system:serviceaccount:openshift-infra:hawkular + when: "'system:serviceaccount:openshift-infra:hawkular' not in view_rolebindings" + - name: Test cluster-reader permissions command: > {{ openshift.common.client_binary }} - --config={{ openshift_metrics_kubeconfig }} + --config={{ openshift_hosted_metrics_kubeconfig }} --namespace openshift-infra get clusterrolebindings -o jsonpath='{.items[?(@.metadata.name == "cluster-reader")].userNames}' register: cluster_reader_clusterrolebindings @@ -49,7 +67,7 @@ - name: Add cluster-reader permission to the openshift-infra project to heapster SA command: > {{ openshift.common.client_binary }} adm - --config={{ openshift_metrics_kubeconfig }} + --config={{ openshift_hosted_metrics_kubeconfig }} --namespace openshift-infra policy add-cluster-role-to-user cluster-reader system:serviceaccount:openshift-infra:heapster @@ -58,7 +76,7 @@ - name: Create metrics-deployer secret command: > {{ openshift.common.client_binary }} - --config={{ openshift_metrics_kubeconfig }} + --config={{ openshift_hosted_metrics_kubeconfig }} --namespace openshift-infra secrets new metrics-deployer nothing=/dev/null register: metrics_deployer_secret @@ -71,9 +89,16 @@ set_fact: deployer_cmd: "{{ openshift.common.client_binary }} process -f \ {{ hosted_base }}/metrics-deployer.yaml -v \ - HAWKULAR_METRICS_HOSTNAME={{ metrics_hostname }},USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }},DYNAMICALLY_PROVISION_STORAGE={{metrics_dynamic_vol | string | lower }},METRIC_DURATION={{ openshift.hosted.metrics.duration }},METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }}{{ image_prefix }}{{ image_version }},MODE={{ deployment_mode }} \ + HAWKULAR_METRICS_HOSTNAME={{ g_metrics_hostname }} \ + -v USE_PERSISTENT_STORAGE={{metrics_persistence | string | lower }} \ + -v DYNAMICALLY_PROVISION_STORAGE={{metrics_dynamic_vol | string | lower }} \ + -v METRIC_DURATION={{ openshift.hosted.metrics.duration }} \ + -v METRIC_RESOLUTION={{ openshift.hosted.metrics.resolution }} + {{ image_prefix }} \ + {{ image_version }} \ + -v MODE={{ deployment_mode }} \ | {{ openshift.common.client_binary }} --namespace openshift-infra \ - --config={{ openshift_metrics_kubeconfig }} \ + --config={{ openshift_hosted_metrics_kubeconfig }} \ create -o name -f -" - name: Deploy Metrics @@ -91,7 +116,7 @@ shell: > {{ openshift.common.client_binary }} --namespace openshift-infra - --config={{ openshift_metrics_kubeconfig }} + --config={{ openshift_hosted_metrics_kubeconfig }} get {{ deploy_metrics.stdout }} register: deploy_result until: "{{ 'Completed' in deploy_result.stdout }}" @@ -103,12 +128,5 @@ modify_yaml: dest: "{{ openshift.common.config_base }}/master/master-config.yaml" yaml_key: assetConfig.metricsPublicURL - yaml_value: "https://{{ metrics_hostname }}/hawkular/metrics" + yaml_value: "{{ openshift_hosted_metrics_public_url }}" notify: restart master - -- name: Store metrics public_url - openshift_facts: - role: master - local_facts: - metrics_public_url: "https://{{ metrics_hostname }}/hawkular/metrics" - when: deploy_result | changed diff --git a/roles/openshift_hosted_metrics/tasks/main.yaml b/roles/openshift_hosted_metrics/tasks/main.yaml new file mode 100644 index 000000000..5ce8aa92b --- /dev/null +++ b/roles/openshift_hosted_metrics/tasks/main.yaml @@ -0,0 +1,75 @@ +--- +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + +- name: Record kubeconfig tmp dir + set_fact: + openshift_hosted_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + +- name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_metrics_kubeconfig }} + changed_when: False + +- name: Set hosted metrics facts + openshift_facts: + role: hosted + openshift_env: "{{ hostvars + | oo_merge_hostvars(vars, inventory_hostname) + | oo_openshift_env }}" + openshift_env_structures: + - 'openshift.hosted.metrics.*' + +- set_fact: + metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" + metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}" + metrics_template_dir: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" + image_prefix: "{{ '-v IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer.prefix if 'prefix' in openshift.hosted.metrics.deployer else '' }}" + image_version: "{{ '-v IMAGE_VERSION=' ~ openshift.hosted.metrics.deployer.version if 'version' in openshift.hosted.metrics.deployer else '' }}" + + +- name: Check for existing metrics pods + shell: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_metrics_kubeconfig }} + --namespace openshift-infra + get pods -l {{ item }} | grep -q Running + register: metrics_pods_status + with_items: + - metrics-infra=hawkular-metrics + - metrics-infra=heapster + - metrics-infra=hawkular-cassandra + failed_when: false + changed_when: false + +- name: Check for previous deployer + shell: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_metrics_kubeconfig }} + --namespace openshift-infra + get pods -l metrics-infra=deployer --sort-by='{.metadata.creationTimestamp}' | tail -1 | grep metrics-deployer- + register: metrics_deployer_status + failed_when: false + changed_when: false + +- name: Record current deployment status + set_fact: + greenfield: "{{ not metrics_deployer_status.rc == 0 }}" + failed_error: "{{ True if 'Error' in metrics_deployer_status.stdout else False }}" + metrics_running: "{{ metrics_pods_status.results | oo_collect(attribute='rc') == [0,0,0] }}" + +- name: Set deployment mode + set_fact: + deployment_mode: "{{ 'refresh' if (failed_error | bool or metrics_upgrade | bool) else 'deploy' }}" + +# TODO: handle non greenfield deployments in the future +- include: install.yml + when: greenfield + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_hosted_metrics/vars/main.yaml b/roles/openshift_hosted_metrics/vars/main.yaml new file mode 100644 index 000000000..6c207d6ac --- /dev/null +++ b/roles/openshift_hosted_metrics/vars/main.yaml @@ -0,0 +1,21 @@ +--- +hawkular_permission_oc_commands: + - policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer -n openshift-infra + - policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:heapster + +metrics_deployer_sa: + apiVersion: v1 + kind: ServiceAccount + metadata: + name: metrics-deployer + secrets: + - name: metrics-deployer + + +hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig + +hawkular_persistence: "{% if openshift.hosted.metrics.storage.kind != None %}true{% else %}false{% endif %}" + +hawkular_type: "{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" + +metrics_upgrade: openshift.hosted.metrics.upgrade | default(False) diff --git a/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml index 13cef2d66..c47d5361d 100644 --- a/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml @@ -72,7 +72,6 @@ items: metadata: name: logging-deployer-edit-role roleRef: - kind: ClusterRole name: edit subjects: - kind: ServiceAccount @@ -83,7 +82,6 @@ items: metadata: name: logging-deployer-dsadmin-role roleRef: - kind: ClusterRole name: daemonset-admin subjects: - kind: ServiceAccount diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml index 9cff9daca..c67058696 100644 --- a/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml @@ -66,13 +66,21 @@ items: - watch - delete - update + - apiVersion: v1 + kind: ClusterRole + metadata: + name: rolebinding-reader + rules: + - resources: + - clusterrolebindings + verbs: + - get - apiVersion: v1 kind: RoleBinding metadata: name: logging-deployer-edit-role roleRef: - kind: ClusterRole name: edit subjects: - kind: ServiceAccount @@ -83,11 +91,20 @@ items: metadata: name: logging-deployer-dsadmin-role roleRef: - kind: ClusterRole name: daemonset-admin subjects: - kind: ServiceAccount name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-elasticsearch-view-role + roleRef: + name: view + subjects: + - kind: ServiceAccount + name: aggregated-logging-elasticsearch - apiVersion: "v1" kind: "Template" diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml index 97a86c11d..66051755c 100644 --- a/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/metrics-deployer.yaml @@ -86,6 +86,8 @@ objects: value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION value: ${METRIC_RESOLUTION} + - name: STARTUP_TIMEOUT + value: ${STARTUP_TIMEOUT} dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: metrics-deployer @@ -160,3 +162,7 @@ parameters: description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" name: METRIC_RESOLUTION value: "15s" +- + description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart" + name: STARTUP_TIMEOUT + value: "500" diff --git a/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml index 5f2290419..54691572a 100644 --- a/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.4/origin/metrics-deployer.yaml @@ -86,6 +86,8 @@ objects: value: ${HEAPSTER_NODE_ID} - name: METRIC_RESOLUTION value: ${METRIC_RESOLUTION} + - name: STARTUP_TIMEOUT + value: ${STARTUP_TIMEOUT} dnsPolicy: ClusterFirst restartPolicy: Never serviceAccount: metrics-deployer @@ -160,3 +162,7 @@ parameters: description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" name: METRIC_RESOLUTION value: "15s" +- + description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart" + name: STARTUP_TIMEOUT + value: "500" diff --git a/roles/openshift_hosted_templates/files/v1.5/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.5/enterprise/logging-deployer.yaml new file mode 100644 index 000000000..c67058696 --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.5/enterprise/logging-deployer.yaml @@ -0,0 +1,342 @@ +apiVersion: "v1" +kind: "List" +items: +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-account-template + annotations: + description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." + tags: "infrastructure" + objects: + - + apiVersion: v1 + kind: ServiceAccount + name: logging-deployer + metadata: + name: logging-deployer + labels: + logging-infra: deployer + provider: openshift + component: deployer + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-kibana + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-elasticsearch + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-fluentd + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-curator + - apiVersion: v1 + kind: ClusterRole + metadata: + name: oauth-editor + rules: + - resources: + - oauthclients + verbs: + - create + - delete + - apiVersion: v1 + kind: ClusterRole + metadata: + name: daemonset-admin + rules: + - resources: + - daemonsets + apiGroups: + - extensions + verbs: + - create + - get + - list + - watch + - delete + - update + - apiVersion: v1 + kind: ClusterRole + metadata: + name: rolebinding-reader + rules: + - resources: + - clusterrolebindings + verbs: + - get + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-edit-role + roleRef: + name: edit + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-dsadmin-role + roleRef: + name: daemonset-admin + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-elasticsearch-view-role + roleRef: + name: view + subjects: + - kind: ServiceAccount + name: aggregated-logging-elasticsearch +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-template + annotations: + description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." + tags: "infrastructure" + labels: + logging-infra: deployer + provider: openshift + objects: + - + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployer:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: IMAGE_PULL_SECRET + value: ${IMAGE_PULL_SECRET} + - name: INSECURE_REGISTRY + value: ${INSECURE_REGISTRY} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_PVC_SIZE + value: ${ES_PVC_SIZE} + - name: ES_PVC_PREFIX + value: ${ES_PVC_PREFIX} + - name: ES_PVC_DYNAMIC + value: ${ES_PVC_DYNAMIC} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_PVC_SIZE + value: ${ES_OPS_PVC_SIZE} + - name: ES_OPS_PVC_PREFIX + value: ${ES_OPS_PVC_PREFIX} + - name: ES_OPS_PVC_DYNAMIC + value: ${ES_OPS_PVC_DYNAMIC} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: FLUENTD_NODESELECTOR + value: ${FLUENTD_NODESELECTOR} + - name: ES_NODESELECTOR + value: ${ES_NODESELECTOR} + - name: ES_OPS_NODESELECTOR + value: ${ES_OPS_NODESELECTOR} + - name: KIBANA_NODESELECTOR + value: ${KIBANA_NODESELECTOR} + - name: KIBANA_OPS_NODESELECTOR + value: ${KIBANA_OPS_NODESELECTOR} + - name: CURATOR_NODESELECTOR + value: ${CURATOR_NODESELECTOR} + - name: CURATOR_OPS_NODESELECTOR + value: ${CURATOR_OPS_NODESELECTOR} + - name: MODE + value: ${MODE} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + parameters: + - + description: "The mode that the deployer runs in." + name: MODE + value: "install" + - + description: 'Specify prefix for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.4.0", set prefix "registry.access.redhat.com/openshift3/"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" + - + description: 'Specify version for logging components; e.g. for "registry.access.redhat.com/openshift3/logging-deployer:3.4.0", set version "3.4.0"' + name: IMAGE_VERSION + value: "3.4.0" + - + description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." + name: IMAGE_PULL_SECRET + - + description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" + name: INSECURE_REGISTRY + value: "false" + - + description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" + - + description: "(Deprecated) External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + value: "kibana.example.com" + - + description: "(Deprecated) External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com + - + description: "(Deprecated) External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + value: "https://localhost:8443" + - + description: "(Deprecated) Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" + - + description: "(Deprecated) How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + value: "1" + - + description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." + name: ES_PVC_PREFIX + value: "logging-es-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' + name: ES_PVC_DYNAMIC + - + description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM + - + description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE + - + description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_OPS_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." + name: ES_OPS_PVC_PREFIX + value: "logging-es-ops-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' + name: ES_OPS_PVC_DYNAMIC + - + description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM + - + description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." + name: FLUENTD_NODESELECTOR + value: "logging-infra-fluentd=true" + - + description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." + name: ES_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." + name: ES_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana cluster (label=value)." + name: KIBANA_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana operations cluster (label=value)." + name: KIBANA_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Curator (label=value)." + name: CURATOR_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector operations Curator (label=value)." + name: CURATOR_OPS_NODESELECTOR + value: "" diff --git a/roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml new file mode 100644 index 000000000..66051755c --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.5/enterprise/metrics-deployer.yaml @@ -0,0 +1,168 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + securityContext: {} + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + securityContext: {} + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: MASTER_URL + value: ${MASTER_URL} + - name: MODE + value: ${MODE} + - name: CONTINUE_ON_ERROR + value: ${CONTINUE_ON_ERROR} + - name: REDEPLOY + value: ${REDEPLOY} + - name: IGNORE_PREFLIGHT + value: ${IGNORE_PREFLIGHT} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} + - name: HEAPSTER_NODE_ID + value: ${HEAPSTER_NODE_ID} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} + - name: STARTUP_TIMEOUT + value: ${STARTUP_TIMEOUT} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' + name: IMAGE_VERSION + value: "3.4.0" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" + name: MODE + value: "deploy" +- + description: "Set to true to continue even if the deployer runs into an error." + name: CONTINUE_ON_ERROR + value: "false" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" + name: REDEPLOY + value: "false" +- + description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." + name: IGNORE_PREFLIGHT + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "10Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" +- + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- + description: "The identifier used when generating metric ids in Hawkular" + name: HEAPSTER_NODE_ID + value: "nodename" +- + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" + name: METRIC_RESOLUTION + value: "15s" +- + description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart" + name: STARTUP_TIMEOUT + value: "500" diff --git a/roles/openshift_hosted_templates/files/v1.5/enterprise/registry-console.yaml b/roles/openshift_hosted_templates/files/v1.5/enterprise/registry-console.yaml new file mode 100644 index 000000000..11478263c --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.5/enterprise/registry-console.yaml @@ -0,0 +1,124 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_PREFIX}registry-console + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' + name: IMAGE_PREFIX + value: "registry.access.redhat.com/openshift3/" + - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:3.3", set version "3.3"' + name: IMAGE_VERSION + value: "3.3" + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_hosted_templates/files/v1.5/origin/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.5/origin/logging-deployer.yaml new file mode 100644 index 000000000..bc8c79ca1 --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.5/origin/logging-deployer.yaml @@ -0,0 +1,345 @@ +apiVersion: "v1" +kind: "List" +items: +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-account-template + annotations: + description: "Template for creating the deployer account and roles needed for the aggregated logging deployer. Create as cluster-admin." + tags: "infrastructure" + objects: + - + apiVersion: v1 + kind: ServiceAccount + name: logging-deployer + metadata: + name: logging-deployer + labels: + logging-infra: deployer + provider: openshift + component: deployer + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-kibana + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-elasticsearch + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-fluentd + - + apiVersion: v1 + kind: ServiceAccount + metadata: + name: aggregated-logging-curator + - apiVersion: v1 + kind: ClusterRole + metadata: + name: oauth-editor + rules: + - resources: + - oauthclients + verbs: + - create + - delete + - apiVersion: v1 + kind: ClusterRole + metadata: + name: daemonset-admin + rules: + - resources: + - daemonsets + apiGroups: + - extensions + verbs: + - create + - get + - list + - watch + - delete + - update + - apiVersion: v1 + kind: ClusterRole + metadata: + name: rolebinding-reader + rules: + - resources: + - clusterrolebindings + verbs: + - get + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-edit-role + roleRef: + kind: ClusterRole + name: edit + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-deployer-dsadmin-role + roleRef: + kind: ClusterRole + name: daemonset-admin + subjects: + - kind: ServiceAccount + name: logging-deployer + - + apiVersion: v1 + kind: RoleBinding + metadata: + name: logging-elasticsearch-view-role + roleRef: + kind: ClusterRole + name: view + subjects: + - kind: ServiceAccount + name: aggregated-logging-elasticsearch +- + apiVersion: "v1" + kind: "Template" + metadata: + name: logging-deployer-template + annotations: + description: "Template for running the aggregated logging deployer in a pod. Requires empowered 'logging-deployer' service account." + tags: "infrastructure" + labels: + logging-infra: deployer + provider: openshift + objects: + - + apiVersion: v1 + kind: Pod + metadata: + generateName: logging-deployer- + spec: + containers: + - image: ${IMAGE_PREFIX}logging-deployment:${IMAGE_VERSION} + imagePullPolicy: Always + name: deployer + volumeMounts: + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: IMAGE_PULL_SECRET + value: ${IMAGE_PULL_SECRET} + - name: INSECURE_REGISTRY + value: ${INSECURE_REGISTRY} + - name: ENABLE_OPS_CLUSTER + value: ${ENABLE_OPS_CLUSTER} + - name: KIBANA_HOSTNAME + value: ${KIBANA_HOSTNAME} + - name: KIBANA_OPS_HOSTNAME + value: ${KIBANA_OPS_HOSTNAME} + - name: PUBLIC_MASTER_URL + value: ${PUBLIC_MASTER_URL} + - name: MASTER_URL + value: ${MASTER_URL} + - name: ES_INSTANCE_RAM + value: ${ES_INSTANCE_RAM} + - name: ES_PVC_SIZE + value: ${ES_PVC_SIZE} + - name: ES_PVC_PREFIX + value: ${ES_PVC_PREFIX} + - name: ES_PVC_DYNAMIC + value: ${ES_PVC_DYNAMIC} + - name: ES_CLUSTER_SIZE + value: ${ES_CLUSTER_SIZE} + - name: ES_NODE_QUORUM + value: ${ES_NODE_QUORUM} + - name: ES_RECOVER_AFTER_NODES + value: ${ES_RECOVER_AFTER_NODES} + - name: ES_RECOVER_EXPECTED_NODES + value: ${ES_RECOVER_EXPECTED_NODES} + - name: ES_RECOVER_AFTER_TIME + value: ${ES_RECOVER_AFTER_TIME} + - name: ES_OPS_INSTANCE_RAM + value: ${ES_OPS_INSTANCE_RAM} + - name: ES_OPS_PVC_SIZE + value: ${ES_OPS_PVC_SIZE} + - name: ES_OPS_PVC_PREFIX + value: ${ES_OPS_PVC_PREFIX} + - name: ES_OPS_PVC_DYNAMIC + value: ${ES_OPS_PVC_DYNAMIC} + - name: ES_OPS_CLUSTER_SIZE + value: ${ES_OPS_CLUSTER_SIZE} + - name: ES_OPS_NODE_QUORUM + value: ${ES_OPS_NODE_QUORUM} + - name: ES_OPS_RECOVER_AFTER_NODES + value: ${ES_OPS_RECOVER_AFTER_NODES} + - name: ES_OPS_RECOVER_EXPECTED_NODES + value: ${ES_OPS_RECOVER_EXPECTED_NODES} + - name: ES_OPS_RECOVER_AFTER_TIME + value: ${ES_OPS_RECOVER_AFTER_TIME} + - name: FLUENTD_NODESELECTOR + value: ${FLUENTD_NODESELECTOR} + - name: ES_NODESELECTOR + value: ${ES_NODESELECTOR} + - name: ES_OPS_NODESELECTOR + value: ${ES_OPS_NODESELECTOR} + - name: KIBANA_NODESELECTOR + value: ${KIBANA_NODESELECTOR} + - name: KIBANA_OPS_NODESELECTOR + value: ${KIBANA_OPS_NODESELECTOR} + - name: CURATOR_NODESELECTOR + value: ${CURATOR_NODESELECTOR} + - name: CURATOR_OPS_NODESELECTOR + value: ${CURATOR_OPS_NODESELECTOR} + - name: MODE + value: ${MODE} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: logging-deployer + volumes: + - name: empty + emptyDir: {} + parameters: + - + description: "The mode that the deployer runs in." + name: MODE + value: "install" + - + description: 'Specify prefix for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "docker.io/openshift/origin-" + - + description: 'Specify version for logging components; e.g. for "openshift/origin-logging-deployer:v1.1", set version "v1.1"' + name: IMAGE_VERSION + value: "latest" + - + description: "(Deprecated) Specify the name of an existing pull secret to be used for pulling component images from an authenticated registry." + name: IMAGE_PULL_SECRET + - + description: "(Deprecated) Allow the registry for logging component images to be non-secure (not secured with a certificate signed by a known CA)" + name: INSECURE_REGISTRY + value: "false" + - + description: "(Deprecated) If true, set up to use a second ES cluster for ops logs." + name: ENABLE_OPS_CLUSTER + value: "false" + - + description: "(Deprecated) External hostname where clients will reach kibana" + name: KIBANA_HOSTNAME + value: "kibana.example.com" + - + description: "(Deprecated) External hostname at which admins will visit the ops Kibana." + name: KIBANA_OPS_HOSTNAME + value: kibana-ops.example.com + - + description: "(Deprecated) External URL for the master, for OAuth purposes" + name: PUBLIC_MASTER_URL + value: "https://localhost:8443" + - + description: "(Deprecated) Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc.cluster.local" + - + description: "(Deprecated) How many instances of ElasticSearch to deploy." + name: ES_CLUSTER_SIZE + value: "1" + - + description: "(Deprecated) Amount of RAM to reserve per ElasticSearch instance." + name: ES_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_PVC_SIZE." + name: ES_PVC_PREFIX + value: "logging-es-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES PVC. ' + name: ES_PVC_DYNAMIC + - + description: "(Deprecated) Number of nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_NODE_QUORUM + - + description: "(Deprecated) Number of nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_CLUSTER_SIZE." + name: ES_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of nodes desired to be present before the cluster will recover from a full restart. By default, ES_CLUSTER_SIZE." + name: ES_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* nodes to be present when cluster is recovering from a full restart." + name: ES_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) How many ops instances of ElasticSearch to deploy. By default, ES_CLUSTER_SIZE." + name: ES_OPS_CLUSTER_SIZE + - + description: "(Deprecated) Amount of RAM to reserve per ops ElasticSearch instance." + name: ES_OPS_INSTANCE_RAM + value: "8G" + - + description: "(Deprecated) Size of the PersistentVolumeClaim to create per ElasticSearch ops instance, e.g. 100G. If empty, no PVCs will be created and emptyDir volumes are used instead." + name: ES_OPS_PVC_SIZE + - + description: "(Deprecated) Prefix for the names of PersistentVolumeClaims to be created; a number will be appended per instance. If they don't already exist, they will be created with size ES_OPS_PVC_SIZE." + name: ES_OPS_PVC_PREFIX + value: "logging-es-ops-" + - + description: '(Deprecated) Set to "true" to request dynamic provisioning (if enabled for your cluster) of a PersistentVolume for the ES ops PVC. ' + name: ES_OPS_PVC_DYNAMIC + - + description: "(Deprecated) Number of ops nodes required to elect a master (ES minimum_master_nodes). By default, derived from ES_CLUSTER_SIZE / 2 + 1." + name: ES_OPS_NODE_QUORUM + - + description: "(Deprecated) Number of ops nodes required to be present before the cluster will recover from a full restart. By default, one fewer than ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_AFTER_NODES + - + description: "(Deprecated) Number of ops nodes desired to be present before the cluster will recover from a full restart. By default, ES_OPS_CLUSTER_SIZE." + name: ES_OPS_RECOVER_EXPECTED_NODES + - + description: "(Deprecated) Timeout for *expected* ops nodes to be present when cluster is recovering from a full restart." + name: ES_OPS_RECOVER_AFTER_TIME + value: "5m" + - + description: "(Deprecated) The nodeSelector used for the Fluentd DaemonSet." + name: FLUENTD_NODESELECTOR + value: "logging-infra-fluentd=true" + - + description: "(Deprecated) Node selector Elasticsearch cluster (label=value)." + name: ES_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Elasticsearch operations cluster (label=value)." + name: ES_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana cluster (label=value)." + name: KIBANA_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Kibana operations cluster (label=value)." + name: KIBANA_OPS_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector Curator (label=value)." + name: CURATOR_NODESELECTOR + value: "" + - + description: "(Deprecated) Node selector operations Curator (label=value)." + name: CURATOR_OPS_NODESELECTOR + value: "" diff --git a/roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml b/roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml new file mode 100644 index 000000000..54691572a --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.5/origin/metrics-deployer.yaml @@ -0,0 +1,168 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: "v1" +kind: "Template" +metadata: + name: metrics-deployer-template + annotations: + description: "Template for deploying the required Metrics integration. Requires cluster-admin 'metrics-deployer' service account and 'metrics-deployer' secret." + tags: "infrastructure" +labels: + metrics-infra: deployer + provider: openshift + component: deployer +objects: +- + apiVersion: v1 + kind: Pod + metadata: + generateName: metrics-deployer- + spec: + securityContext: {} + containers: + - image: ${IMAGE_PREFIX}metrics-deployer:${IMAGE_VERSION} + name: deployer + securityContext: {} + volumeMounts: + - name: secret + mountPath: /secret + readOnly: true + - name: empty + mountPath: /etc/deploy + env: + - name: PROJECT + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: IMAGE_PREFIX + value: ${IMAGE_PREFIX} + - name: IMAGE_VERSION + value: ${IMAGE_VERSION} + - name: MASTER_URL + value: ${MASTER_URL} + - name: MODE + value: ${MODE} + - name: CONTINUE_ON_ERROR + value: ${CONTINUE_ON_ERROR} + - name: REDEPLOY + value: ${REDEPLOY} + - name: IGNORE_PREFLIGHT + value: ${IGNORE_PREFLIGHT} + - name: USE_PERSISTENT_STORAGE + value: ${USE_PERSISTENT_STORAGE} + - name: DYNAMICALLY_PROVISION_STORAGE + value: ${DYNAMICALLY_PROVISION_STORAGE} + - name: HAWKULAR_METRICS_HOSTNAME + value: ${HAWKULAR_METRICS_HOSTNAME} + - name: CASSANDRA_NODES + value: ${CASSANDRA_NODES} + - name: CASSANDRA_PV_SIZE + value: ${CASSANDRA_PV_SIZE} + - name: METRIC_DURATION + value: ${METRIC_DURATION} + - name: USER_WRITE_ACCESS + value: ${USER_WRITE_ACCESS} + - name: HEAPSTER_NODE_ID + value: ${HEAPSTER_NODE_ID} + - name: METRIC_RESOLUTION + value: ${METRIC_RESOLUTION} + - name: STARTUP_TIMEOUT + value: ${STARTUP_TIMEOUT} + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccount: metrics-deployer + volumes: + - name: empty + emptyDir: {} + - name: secret + secret: + secretName: metrics-deployer +parameters: +- + description: 'Specify prefix for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set prefix "openshift/origin-"' + name: IMAGE_PREFIX + value: "openshift/origin-" +- + description: 'Specify version for metrics components; e.g. for "openshift/origin-metrics-deployer:latest", set version "latest"' + name: IMAGE_VERSION + value: "latest" +- + description: "Internal URL for the master, for authentication retrieval" + name: MASTER_URL + value: "https://kubernetes.default.svc:443" +- + description: "External hostname where clients will reach Hawkular Metrics" + name: HAWKULAR_METRICS_HOSTNAME + required: true +- + description: "Can be set to: 'preflight' to perform validation before a deployment; 'deploy' to perform an initial deployment; 'refresh' to delete and redeploy all components but to keep persisted data and routes; 'redeploy' to delete and redeploy everything (losing all data in the process); 'validate' to re-run validations after a deployment" + name: MODE + value: "deploy" +- + description: "Set to true to continue even if the deployer runs into an error." + name: CONTINUE_ON_ERROR + value: "false" +- + description: "(Deprecated) Turns 'deploy' mode into 'redeploy' mode, deleting and redeploying everything (losing all data in the process)" + name: REDEPLOY + value: "false" +- + description: "If preflight validation is blocking deployment and you're sure you don't care about it, this will ignore the results and proceed to deploy." + name: IGNORE_PREFLIGHT + value: "false" +- + description: "Set to true for persistent storage, set to false to use non persistent storage" + name: USE_PERSISTENT_STORAGE + value: "true" +- + description: "Set to true to dynamically provision storage, set to false to use use pre-created persistent volumes" + name: DYNAMICALLY_PROVISION_STORAGE + value: "false" +- + description: "The number of Cassandra Nodes to deploy for the initial cluster" + name: CASSANDRA_NODES + value: "1" +- + description: "The persistent volume size for each of the Cassandra nodes" + name: CASSANDRA_PV_SIZE + value: "10Gi" +- + description: "How many days metrics should be stored for." + name: METRIC_DURATION + value: "7" +- + description: "If a user accounts should be allowed to write metrics." + name: USER_WRITE_ACCESS + value: "false" +- + description: "The identifier used when generating metric ids in Hawkular" + name: HEAPSTER_NODE_ID + value: "nodename" +- + description: "How often metrics should be gathered. Defaults value of '15s' for 15 seconds" + name: METRIC_RESOLUTION + value: "15s" +- + description: "How long in seconds we should wait until Hawkular Metrics and Heapster starts up before attempting a restart" + name: STARTUP_TIMEOUT + value: "500" diff --git a/roles/openshift_hosted_templates/files/v1.5/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v1.5/origin/registry-console.yaml new file mode 100644 index 000000000..80cc4233b --- /dev/null +++ b/roles/openshift_hosted_templates/files/v1.5/origin/registry-console.yaml @@ -0,0 +1,124 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_NAME}:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_NAME} + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: "Container image name" + name: IMAGE_NAME + value: "cockpit/kubernetes" + - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' + name: IMAGE_VERSION + value: latest + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_loadbalancer/README.md b/roles/openshift_loadbalancer/README.md index 03e837e46..bea4c509b 100644 --- a/roles/openshift_loadbalancer/README.md +++ b/roles/openshift_loadbalancer/README.md @@ -6,6 +6,8 @@ OpenShift HaProxy Loadbalancer Configuration Requirements ------------ +* Ansible 2.2 + This role is intended to be applied to the [lb] host group which is separate from OpenShift infrastructure components. diff --git a/roles/openshift_loadbalancer/handlers/main.yml b/roles/openshift_loadbalancer/handlers/main.yml index 5b8691b26..3bf052460 100644 --- a/roles/openshift_loadbalancer/handlers/main.yml +++ b/roles/openshift_loadbalancer/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart haproxy - service: + systemd: name: haproxy state: restarted when: not (haproxy_start_result_changed | default(false) | bool) diff --git a/roles/openshift_loadbalancer/meta/main.yml b/roles/openshift_loadbalancer/meta/main.yml index e1d78cfd0..0dffb545f 100644 --- a/roles/openshift_loadbalancer/meta/main.yml +++ b/roles/openshift_loadbalancer/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: OpenShift haproxy loadbalancer company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.9 + min_ansible_version: 2.2 platforms: - name: EL versions: @@ -17,4 +17,9 @@ dependencies: port: "9000/tcp" - service: haproxy balance port: "{{ openshift_master_api_port | default(8443) }}/tcp" +- role: os_firewall + os_firewall_allow: + - service: nuage mon + port: "{{ nuage_mon_rest_server_port | default(9443) }}/tcp" + when: openshift_use_nuage | default(false) | bool - role: openshift_repos diff --git a/roles/openshift_loadbalancer/tasks/main.yml b/roles/openshift_loadbalancer/tasks/main.yml index 863738143..400f80715 100644 --- a/roles/openshift_loadbalancer/tasks/main.yml +++ b/roles/openshift_loadbalancer/tasks/main.yml @@ -3,7 +3,7 @@ when: openshift.common.is_containerized | bool - name: Install haproxy - action: "{{ ansible_pkg_mgr }} name=haproxy state=present" + package: name=haproxy state=present - name: Configure systemd service directory for haproxy file: @@ -27,11 +27,6 @@ option: LimitNOFILE value: "{{ openshift_loadbalancer_limit_nofile | default(100000) }}" notify: restart haproxy - register: nofile_limit_result - -- name: Reload systemd if needed - command: systemctl daemon-reload - when: nofile_limit_result | changed - name: Configure haproxy template: @@ -43,10 +38,11 @@ notify: restart haproxy - name: Enable and start haproxy - service: + systemd: name: haproxy state: started enabled: yes + daemon_reload: yes register: start_result - set_fact: diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index 28e4e46e9..c06758833 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -3,18 +3,51 @@ command: mktemp -d /tmp/openshift-ansible-XXXXXX register: mktemp changed_when: False + delegate_to: "{{ openshift_master_host }}" + run_once: true - set_fact: openshift_manage_node_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + delegate_to: "{{ openshift_master_host }}" + run_once: true - name: Copy the admin client config(s) command: > cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_manage_node_kubeconfig }} changed_when: False + delegate_to: "{{ openshift_master_host }}" + run_once: true + +# Necessary because when you're on a node that's also a master the master will be +# restarted after the node restarts docker and it will take up to 60 seconds for +# systemd to start the master again +- name: Wait for master API to become available before proceeding + # Using curl here since the uri module requires python-httplib2 and + # wait_for port doesn't provide health information. + command: > + curl --silent --tlsv1.2 + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} + {{ openshift_node_master_api_url }}/healthz/ready + args: + # Disables the following warning: + # Consider using get_url or uri module rather than running curl + warn: no + register: api_available_output + until: api_available_output.stdout == 'ok' + retries: 120 + delay: 1 + changed_when: false + when: openshift.common.is_containerized | bool + delegate_to: "{{ openshift_master_host }}" + run_once: true - name: Wait for Node Registration command: > - {{ openshift.common.client_binary }} get node {{ hostvars[item].openshift.node.nodename }} + {{ hostvars[openshift_master_host].openshift.common.client_binary }} get node {{ openshift.node.nodename }} --config={{ openshift_manage_node_kubeconfig }} -n default register: omd_get_node @@ -22,26 +55,29 @@ retries: 50 delay: 5 changed_when: false - with_items: "{{ openshift_nodes }}" + when: "'nodename' in openshift.node" + delegate_to: "{{ openshift_master_host }}" - name: Set node schedulability command: > - {{ openshift.common.client_binary }} adm manage-node {{ hostvars[item].openshift.node.nodename }} --schedulable={{ 'true' if hostvars[item].openshift.node.schedulable | bool else 'false' }} + {{ hostvars[openshift_master_host].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename }} --schedulable={{ 'true' if openshift.node.schedulable | bool else 'false' }} --config={{ openshift_manage_node_kubeconfig }} -n default - with_items: "{{ openshift_nodes }}" - when: hostvars[item].openshift.node.nodename is defined + when: "'nodename' in openshift.node" + delegate_to: "{{ openshift_master_host }}" - name: Label nodes command: > - {{ openshift.common.client_binary }} label --overwrite node {{ hostvars[item].openshift.node.nodename }} {{ hostvars[item].openshift.node.labels | oo_combine_dict }} + {{ hostvars[openshift_master_host].openshift.common.client_binary }} label --overwrite node {{ openshift.node.nodename }} {{ openshift.node.labels | oo_combine_dict }} --config={{ openshift_manage_node_kubeconfig }} -n default - with_items: "{{ openshift_nodes }}" - when: hostvars[item].openshift.node.nodename is defined and 'labels' in hostvars[item].openshift.node and hostvars[item].openshift.node.labels != {} + when: "'nodename' in openshift.node and 'labels' in openshift.node and openshift.node.labels != {}" + delegate_to: "{{ openshift_master_host }}" - name: Delete temp directory file: name: "{{ mktemp.stdout }}" state: absent changed_when: False + delegate_to: "{{ openshift_master_host }}" + run_once: true diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index bdaf64b3f..a7214482f 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -50,6 +50,16 @@ failed_when: "'already exists' not in osmiq_create_cluster_role.stderr and osmiq_create_cluster_role.rc != 0" changed_when: osmiq_create_cluster_role.rc == 0 +- name: Create Hawkular Metrics Admin Cluster Role + shell: > + echo {{ manageiq_metrics_admin_clusterrole | to_json | quote }} | + {{ openshift.common.client_binary }} + --config={{manage_iq_tmp_conf}} + create -f - + register: oshawkular_create_cluster_role + failed_when: "'already exists' not in oshawkular_create_cluster_role.stderr and oshawkular_create_cluster_role.rc != 0" + changed_when: oshawkular_create_cluster_role.rc == 0 + - name: Configure role/user permissions command: > {{ openshift.common.client_binary }} adm {{item}} diff --git a/roles/openshift_manageiq/vars/main.yml b/roles/openshift_manageiq/vars/main.yml index 6a0c5b41b..3f24fd6be 100644 --- a/roles/openshift_manageiq/vars/main.yml +++ b/roles/openshift_manageiq/vars/main.yml @@ -1,36 +1,52 @@ +--- manageiq_cluster_role: - apiVersion: v1 - kind: ClusterRole - metadata: - name: management-infra-admin - rules: - - resources: - - pods/proxy - verbs: - - '*' + apiVersion: v1 + kind: ClusterRole + metadata: + name: management-infra-admin + rules: + - resources: + - pods/proxy + verbs: + - '*' + +manageiq_metrics_admin_clusterrole: + apiVersion: v1 + kind: ClusterRole + metadata: + name: hawkular-metrics-admin + rules: + - apiGroups: + - "" + resources: + - hawkular-metrics + - hawkular-alerts + verbs: + - '*' manageiq_service_account: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: management-admin + apiVersion: v1 + kind: ServiceAccount + metadata: + name: management-admin manageiq_image_inspector_service_account: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: inspector-admin + apiVersion: v1 + kind: ServiceAccount + metadata: + name: inspector-admin manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig manage_iq_tasks: - - policy add-role-to-user -n management-infra admin -z management-admin - - policy add-role-to-user -n management-infra management-infra-admin -z management-admin - - policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin - - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin - - policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin - - policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin - - policy add-cluster-role-to-user self-provisioner system:serviceaccount:management-infra:management-admin +- policy add-role-to-user -n management-infra admin -z management-admin +- policy add-role-to-user -n management-infra management-infra-admin -z management-admin +- policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin +- policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin +- policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin +- policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin +- policy add-cluster-role-to-user self-provisioner system:serviceaccount:management-infra:management-admin +- policy add-cluster-role-to-user hawkular-metrics-admin system:serviceaccount:management-infra:management-admin manage_iq_openshift_3_2_tasks: - - policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin +- policy add-cluster-role-to-user system:image-auditor system:serviceaccount:management-infra:management-admin diff --git a/roles/openshift_master/README.md b/roles/openshift_master/README.md index 663ac08b8..c3300a7ef 100644 --- a/roles/openshift_master/README.md +++ b/roles/openshift_master/README.md @@ -6,7 +6,8 @@ Master service installation Requirements ------------ -A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms, +* Ansible 2.2 +* A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms, rhel-7-server-extras-rpms, and rhel-7-server-ose-3.0-rpms repos. Role Variables diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index e119db1a2..69c5a1663 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -1,16 +1,16 @@ --- - name: restart master - service: name={{ openshift.common.service_type }}-master state=restarted + systemd: name={{ openshift.common.service_type }}-master state=restarted when: (openshift.master.ha is not defined or not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool)) notify: Verify API Server - name: restart master api - service: name={{ openshift.common.service_type }}-master-api state=restarted + systemd: name={{ openshift.common.service_type }}-master-api state=restarted when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server - name: restart master controllers - service: name={{ openshift.common.service_type }}-master-controllers state=restarted + systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted when: (openshift.master.ha is defined and openshift.master.ha | bool) and (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index a2f665702..56af0cf36 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -4,11 +4,41 @@ galaxy_info: description: Master company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 2.1 + min_ansible_version: 2.2 platforms: - name: EL versions: - 7 categories: - cloud -dependencies: [] +dependencies: +- role: openshift_master_facts +- role: openshift_hosted_facts +- role: openshift_master_certificates +- role: openshift_etcd_client_certificates + etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}" + etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" + etcd_cert_prefix: "master.etcd-" + when: groups.oo_etcd_to_config | default([]) | length != 0 +- role: openshift_clock +- role: openshift_cloud_provider +- role: openshift_builddefaults +- role: openshift_buildoverrides +- role: os_firewall + os_firewall_allow: + - service: api server https + port: "{{ openshift.master.api_port }}/tcp" + - service: api controllers https + port: "{{ openshift.master.controllers_port }}/tcp" + - service: skydns tcp + port: "{{ openshift.master.dns_port }}/tcp" + - service: skydns udp + port: "{{ openshift.master.dns_port }}/udp" +- role: os_firewall + os_firewall_allow: + - service: etcd embedded + port: 4001/tcp + when: groups.oo_etcd_to_config | default([]) | length == 0 +- role: nickhammond.logrotate +- role: nuage_master + when: openshift.common.use_nuage | bool diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 1d6758c4a..9cd6b6c81 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -24,16 +24,11 @@ when: openshift_master_ha | bool and openshift_master_cluster_method == "pacemaker" and openshift.common.is_containerized | bool - name: Install Master package - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + package: + name: "{{ openshift.common.service_type }}-master{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + state: present when: not openshift.common.is_containerized | bool -- name: Pull master image - command: > - docker pull {{ openshift.master.master_image }}:{{ openshift_image_tag }} - register: pull_result - changed_when: "'Downloaded newer image' in pull_result.stdout" - when: openshift.common.is_containerized | bool - - name: Create openshift.common.data_dir file: path: "{{ openshift.common.data_dir }}" @@ -62,9 +57,9 @@ args: creates: "{{ openshift_master_policy }}" notify: - - restart master - - restart master api - - restart master controllers + - restart master + - restart master api + - restart master controllers - name: Create the scheduler config copy: @@ -72,12 +67,12 @@ dest: "{{ openshift_master_scheduler_conf }}" backup: true notify: - - restart master - - restart master api - - restart master controllers + - restart master + - restart master api + - restart master controllers - name: Install httpd-tools if needed - action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present" + package: name=httpd-tools state=present when: (item.kind == 'HTPasswdPasswordIdentityProvider') and not openshift.common.is_atomic | bool with_items: "{{ openshift.master.identity_providers }}" @@ -145,8 +140,8 @@ mode: 0600 when: openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined notify: - - restart master - - restart master api + - restart master + - restart master api - set_fact: translated_identity_providers: "{{ openshift.master.identity_providers | translate_idps('v1', openshift.common.version, openshift.common.deployment_type) }}" @@ -161,9 +156,9 @@ group: root mode: 0600 notify: - - restart master - - restart master api - - restart master controllers + - restart master + - restart master api + - restart master controllers - include: set_loopback_context.yml when: openshift.common.version_gte_3_2_or_1_2 @@ -177,7 +172,10 @@ # https://github.com/openshift/origin/issues/6065 # https://github.com/openshift/origin/issues/6447 - name: Start and enable master - service: name={{ openshift.common.service_type }}-master enabled=yes state=started + systemd: + name: "{{ openshift.common.service_type }}-master" + enabled: yes + state: started when: not openshift_master_ha | bool register: start_result until: not start_result | failed @@ -185,29 +183,30 @@ delay: 60 notify: Verify API Server -- name: Check for non-HA master service presence - command: systemctl show {{ openshift.common.service_type }}-master.service - register: master_svc_show - changed_when: false - failed_when: false - - name: Stop and disable non-HA master when running HA - service: + systemd: name: "{{ openshift.common.service_type }}-master" enabled: no state: stopped - when: openshift_master_ha | bool and master_svc_show.rc == 0 and 'LoadState=not-found' not in master_svc_show.stdout + when: openshift_master_ha | bool + register: task_result + failed_when: "task_result|failed and 'could not' not in task_result.msg|lower" - set_fact: master_service_status_changed: "{{ start_result | changed }}" when: not openshift_master_ha | bool - name: Mask master service - command: systemctl mask {{ openshift.common.service_type }}-master - when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and not openshift.common.is_containerized | bool + systemd: + name: "{{ openshift.common.service_type }}-master" + masked: yes + when: > + openshift_master_ha | bool and + openshift.master.cluster_method == 'native' and + not openshift.common.is_containerized | bool - name: Start and enable master api on first master - service: + systemd: name: "{{ openshift.common.service_type }}-master-api" enabled: yes state: started @@ -226,7 +225,7 @@ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' - name: Start and enable master api all masters - service: + systemd: name: "{{ openshift.common.service_type }}-master-api" enabled: yes state: started @@ -262,7 +261,7 @@ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and master_api_service_status_changed | bool - name: Start and enable master controller on first master - service: + systemd: name: "{{ openshift.common.service_type }}-master-controllers" enabled: yes state: started @@ -272,12 +271,13 @@ retries: 1 delay: 60 -- pause: +- name: Wait for master controller service to start on first master + pause: seconds: 15 when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' - name: Start and enable master controller on all masters - service: + systemd: name: "{{ openshift.common.service_type }}-master-controllers" enabled: yes state: started @@ -292,13 +292,16 @@ when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' - name: Install cluster packages - action: "{{ ansible_pkg_mgr }} name=pcs state=present" + package: name=pcs state=present when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' and not openshift.common.is_containerized | bool register: install_result - name: Start and enable cluster service - service: name=pcsd enabled=yes state=started + systemd: + name: pcsd + enabled: yes + state: started when: openshift_master_ha | bool and openshift.master.cluster_method == 'pacemaker' and not openshift.common.is_containerized | bool diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index 56110c28f..39ea42ab3 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -1,3 +1,4 @@ +--- # This file is included both in the openshift_master role and in the upgrade # playbooks. For that reason the ha_svc variables are use set_fact instead of # the vars directory on the role. @@ -13,6 +14,14 @@ ha_svc_template_path: "docker-cluster" when: openshift.common.is_containerized | bool +# This is the image used for both HA and non-HA clusters: +- name: Pre-pull master image + command: > + docker pull {{ openshift.master.master_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" + when: openshift.common.is_containerized | bool + # workaround for missing systemd unit files - name: Create the systemd unit files template: @@ -127,16 +136,22 @@ - name: Preserve Master Proxy Config options command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master - register: master_proxy + register: master_proxy_result failed_when: false changed_when: false +- set_fact: + master_proxy: "{{ master_proxy_result.stdout_lines | default([]) }}" + - name: Preserve Master AWS options command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master - register: master_aws + register: master_aws_result failed_when: false changed_when: false +- set_fact: + master_aws: "{{ master_aws_result.stdout_lines | default([]) }}" + - name: Create the master service env file template: src: "atomic-openshift-master.j2" @@ -144,17 +159,3 @@ backup: true notify: - restart master - -- name: Restore Master Proxy Config Options - lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master - line: "{{ item }}" - with_items: "{{ master_proxy.stdout_lines | default([]) }}" - when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common - -- name: Restore Master AWS Options - lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-master - line: "{{ item }}" - with_items: "{{ master_aws.stdout_lines | default([]) }}" - when: master_aws.rc == 0 and not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 26f0240ec..7aea89578 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -8,6 +8,11 @@ IMAGE_VERSION={{ openshift_image_tag }} AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key }} AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} +{% if not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined) %} +{% for item in master_aws %} +{{ item }} +{% endfor %} +{% endif %} {% if 'api_env_vars' in openshift.master or 'controllers_env_vars' in openshift.master -%} {% for key, value in openshift.master.api_env_vars.items() | default([]) | union(openshift.master.controllers_env_vars.items() | default([])) -%} @@ -26,3 +31,8 @@ HTTPS_PROXY={{ openshift.common.https_proxy | default('')}} {% if 'no_proxy' in openshift.common %} NO_PROXY={{ openshift.common.no_proxy | default('') | join(',') }},{{ openshift.common.portal_net }},{{ openshift.master.sdn_cluster_network_cidr }} {% endif %} +{% if not ('https_proxy' in openshift.common or 'https_proxy' in openshift.common or 'no_proxy' in openshift.common) %} +{% for item in master_proxy %} +{{ item }} +{% endfor %} +{% endif %} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 4d45e8591..fcb8125e9 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -1,7 +1,4 @@ admissionConfig: -{% if 'admission_plugin_order' in openshift.master %} - pluginOrderOverride:{{ openshift.master.admission_plugin_order | to_padded_yaml(level=2) }} -{% endif %} {% if 'admission_plugin_config' in openshift.master %} pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }} {% endif %} @@ -18,8 +15,8 @@ assetConfig: {% if 'logging_public_url' in openshift.master %} loggingPublicURL: {{ openshift.master.logging_public_url }} {% endif %} -{% if 'metrics_public_url' in openshift.master %} - metricsPublicURL: {{ openshift.master.metrics_public_url }} +{% if openshift_hosted_metrics_deploy | default(false) | bool %} + metricsPublicURL: {{ openshift_hosted_metrics_public_url }} {% endif %} {% if 'extension_scripts' in openshift.master %} extensionScripts: {{ openshift.master.extension_scripts | to_padded_yaml(1, 2) }} @@ -116,13 +113,6 @@ kubernetesMasterConfig: - v1beta3 - v1 {% endif %} - admissionConfig: -{% if 'kube_admission_plugin_order' in openshift.master %} - pluginOrderOverride:{{ openshift.master.kube_admission_plugin_order | to_padded_yaml(level=3) }} -{% endif %} -{% if 'kube_admission_plugin_config' in openshift.master %} - pluginConfig:{{ openshift.master.kube_admission_plugin_config | to_padded_yaml(level=3) }} -{% endif %} apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }} controllerArguments: {{ openshift.master.controller_args | default(None) | to_padded_yaml( level=2 ) }} masterCount: {{ openshift.master.master_count if openshift.master.cluster_method | default(None) == 'native' else 1 }} @@ -131,8 +121,9 @@ kubernetesMasterConfig: proxyClientInfo: certFile: master.proxy-client.crt keyFile: master.proxy-client.key + schedulerArguments: {{ openshift_master_scheduler_args | default(None) | to_padded_yaml( level=3 ) }} schedulerConfigFile: {{ openshift_master_scheduler_conf }} - servicesNodePortRange: "" + servicesNodePortRange: "{{ openshift_node_port_range | default("") }}" servicesSubnet: {{ openshift.common.portal_net }} staticNodeNames: {{ openshift_node_ips | default([], true) }} {% endif %} @@ -158,7 +149,7 @@ masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} -{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage %} +{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage or openshift.common.sdn_network_plugin_name == 'cni' %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet @@ -211,7 +202,7 @@ projectConfig: mcsLabelsPerProject: {{ openshift.master.mcs_labels_per_project }} uidAllocatorRange: "{{ openshift.master.uid_allocator_range }}" routingConfig: - subdomain: "{{ openshift.master.default_subdomain | default("") }}" + subdomain: "{{ openshift_master_default_subdomain | default("") }}" serviceAccountConfig: limitSecretReferences: false managedNames: diff --git a/roles/openshift_master/vars/main.yml b/roles/openshift_master/vars/main.yml index 7c1d5a212..01cd28c66 100644 --- a/roles/openshift_master/vars/main.yml +++ b/roles/openshift_master/vars/main.yml @@ -1,17 +1,18 @@ --- -openshift_master_config_dir: "{{ openshift.common.config_base }}/master" -openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml" openshift_master_loopback_config: "{{ openshift_master_config_dir }}/openshift-master.kubeconfig" loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}" -openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json" openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml" openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json" scheduler_config: kind: Policy apiVersion: v1 - predicates: "{{ openshift.master.scheduler_predicates }}" - priorities: "{{ openshift.master.scheduler_priorities }}" + predicates: "{{ openshift_master_scheduler_predicates + | default(openshift_master_scheduler_current_predicates + | default(openshift_master_scheduler_default_predicates)) }}" + priorities: "{{ openshift_master_scheduler_priorities + | default(openshift_master_scheduler_current_priorities + | default(openshift_master_scheduler_default_priorities)) }}" openshift_master_valid_grant_methods: - auto diff --git a/roles/openshift_master_cluster/README.md b/roles/openshift_master_cluster/README.md index f150981fa..58dd19ac3 100644 --- a/roles/openshift_master_cluster/README.md +++ b/roles/openshift_master_cluster/README.md @@ -6,7 +6,7 @@ TODO Requirements ------------ -TODO +* Ansible 2.2 Role Variables -------------- diff --git a/roles/openshift_master_cluster/meta/main.yml b/roles/openshift_master_cluster/meta/main.yml index 0c8881521..f2a67bc54 100644 --- a/roles/openshift_master_cluster/meta/main.yml +++ b/roles/openshift_master_cluster/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.2 platforms: - name: EL versions: diff --git a/roles/openshift_master_facts/defaults/main.yml b/roles/openshift_master_facts/defaults/main.yml new file mode 100644 index 000000000..f1cbbeb2d --- /dev/null +++ b/roles/openshift_master_facts/defaults/main.yml @@ -0,0 +1,2 @@ +--- +openshift_master_default_subdomain: "{{ lookup('oo_option', 'openshift_master_default_subdomain') | default(None, true) }}" diff --git a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py new file mode 100644 index 000000000..29a59a0d3 --- /dev/null +++ b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py @@ -0,0 +1,93 @@ +# pylint: disable=missing-docstring + +import re +from ansible.errors import AnsibleError +from ansible.plugins.lookup import LookupBase + + +class LookupModule(LookupBase): + # pylint: disable=too-many-branches,too-many-statements,too-many-arguments + + def run(self, terms, variables=None, regions_enabled=True, short_version=None, + deployment_type=None, **kwargs): + + predicates = [] + + if short_version is None or deployment_type is None: + if 'openshift' not in variables: + raise AnsibleError("This lookup module requires openshift_facts to be run prior to use") + + if deployment_type is None: + if 'common' not in variables['openshift'] or 'deployment_type' not in variables['openshift']['common']: + raise AnsibleError("This lookup module requires that the deployment_type be set") + + deployment_type = variables['openshift']['common']['deployment_type'] + + if short_version is None: + if 'short_version' in variables['openshift']['common']: + short_version = variables['openshift']['common']['short_version'] + elif 'openshift_release' in variables: + release = variables['openshift_release'] + if release.startswith('v'): + short_version = release[1:] + else: + short_version = release + short_version = '.'.join(short_version.split('.')[0:2]) + elif 'openshift_version' in variables: + version = variables['openshift_version'] + short_version = '.'.join(version.split('.')[0:2]) + else: + # pylint: disable=line-too-long + raise AnsibleError("Either OpenShift needs to be installed or openshift_release needs to be specified") + if deployment_type == 'origin': + if short_version not in ['1.1', '1.2', '1.3', '1.4', '1.5', '1.6', 'latest']: + raise AnsibleError("Unknown short_version %s" % short_version) + elif deployment_type == 'openshift-enterprise': + if short_version not in ['3.1', '3.2', '3.3', '3.4', '3.5', '3.6', 'latest']: + raise AnsibleError("Unknown short_version %s" % short_version) + else: + raise AnsibleError("Unknown deployment_type %s" % deployment_type) + + if deployment_type == 'openshift-enterprise': + # convert short_version to origin short_version + short_version = re.sub('^3.', '1.', short_version) + + if short_version in ['1.1', '1.2']: + predicates.append({'name': 'PodFitsHostPorts'}) + predicates.append({'name': 'PodFitsResources'}) + + # applies to all known versions + predicates.append({'name': 'NoDiskConflict'}) + + # only 1.1 didn't include NoVolumeZoneConflict + if short_version != '1.1': + predicates.append({'name': 'NoVolumeZoneConflict'}) + + if short_version in ['1.1', '1.2']: + predicates.append({'name': 'MatchNodeSelector'}) + + if short_version != '1.1': + predicates.append({'name': 'MaxEBSVolumeCount'}) + predicates.append({'name': 'MaxGCEPDVolumeCount'}) + + if short_version not in ['1.1', '1.2']: + predicates.append({'name': 'GeneralPredicates'}) + predicates.append({'name': 'PodToleratesNodeTaints'}) + predicates.append({'name': 'CheckNodeMemoryPressure'}) + + if short_version not in ['1.1', '1.2', '1.3']: + predicates.append({'name': 'CheckNodeDiskPressure'}) + predicates.append({'name': 'MatchInterPodAffinity'}) + + if regions_enabled: + region_predicate = { + 'name': 'Region', + 'argument': { + 'serviceAffinity': { + 'labels': ['region'] + } + } + } + predicates.append(region_predicate) + + return predicates diff --git a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py new file mode 100644 index 000000000..36022597f --- /dev/null +++ b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py @@ -0,0 +1,85 @@ +# pylint: disable=missing-docstring + +import re +from ansible.errors import AnsibleError +from ansible.plugins.lookup import LookupBase + + +class LookupModule(LookupBase): + # pylint: disable=too-many-branches,too-many-statements,too-many-arguments + + def run(self, terms, variables=None, zones_enabled=True, short_version=None, + deployment_type=None, **kwargs): + + priorities = [ + {'name': 'LeastRequestedPriority', 'weight': 1}, + {'name': 'BalancedResourceAllocation', 'weight': 1}, + {'name': 'SelectorSpreadPriority', 'weight': 1} + ] + + if short_version is None or deployment_type is None: + if 'openshift' not in variables: + raise AnsibleError("This lookup module requires openshift_facts to be run prior to use") + + if deployment_type is None: + if 'common' not in variables['openshift'] or 'deployment_type' not in variables['openshift']['common']: + raise AnsibleError("This lookup module requires that the deployment_type be set") + + deployment_type = variables['openshift']['common']['deployment_type'] + + if short_version is None: + if 'short_version' in variables['openshift']['common']: + short_version = variables['openshift']['common']['short_version'] + elif 'openshift_release' in variables: + release = variables['openshift_release'] + if release.startswith('v'): + short_version = release[1:] + else: + short_version = release + short_version = '.'.join(short_version.split('.')[0:2]) + elif 'openshift_version' in variables: + version = variables['openshift_version'] + short_version = '.'.join(version.split('.')[0:2]) + else: + # pylint: disable=line-too-long + raise AnsibleError("Either OpenShift needs to be installed or openshift_release needs to be specified") + + if deployment_type == 'origin': + if short_version not in ['1.1', '1.2', '1.3', '1.4', '1.5', '1.6', 'latest']: + raise AnsibleError("Unknown short_version %s" % short_version) + elif deployment_type == 'openshift-enterprise': + if short_version not in ['3.1', '3.2', '3.3', '3.4', '3.5', '3.6', 'latest']: + raise AnsibleError("Unknown short_version %s" % short_version) + else: + raise AnsibleError("Unknown deployment_type %s" % deployment_type) + + if deployment_type == 'openshift-enterprise': + # convert short_version to origin short_version + short_version = re.sub('^3.', '1.', short_version) + + if short_version == '1.4': + priorities.append({'name': 'NodePreferAvoidPodsPriority', 'weight': 10000}) + + # only 1.1 didn't include NodeAffinityPriority + if short_version != '1.1': + priorities.append({'name': 'NodeAffinityPriority', 'weight': 1}) + + if short_version not in ['1.1', '1.2']: + priorities.append({'name': 'TaintTolerationPriority', 'weight': 1}) + + if short_version not in ['1.1', '1.2', '1.3']: + priorities.append({'name': 'InterPodAffinityPriority', 'weight': 1}) + + if zones_enabled: + zone_priority = { + 'name': 'Zone', + 'argument': { + 'serviceAntiAffinity': { + 'label': 'zone' + } + }, + 'weight': 2 + } + priorities.append(zone_priority) + + return priorities diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index e0c0fc644..0dba4b3ba 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -1,4 +1,32 @@ --- + +# Ensure the default sub-domain is set: +- name: Migrate legacy osm_default_subdomain fact + set_fact: + openshift_master_default_subdomain: "{{ osm_default_subdomain | default(None) }}" + when: openshift_master_default_subdomain is not defined + +- fail: + msg: openshift_master_default_subdomain must be set to deploy metrics + when: openshift_hosted_metrics_deploy | default(false) | bool and openshift_master_default_subdomain | default("") == "" + +# NOTE: These metrics variables are unfortunately needed by both the master and the metrics roles +# to properly configure the master-config.yaml file. +# +# NOTE: Today only changing the hostname for the metrics public URL is supported, the +# path must stay consistent. As such if openshift_hosted_metrics_public_url is set in +# inventory, we extract the hostname, and then reset openshift_hosted_metrics_public_url +# to the format that we know is valid. (This may change in future) +- set_fact: + g_metrics_hostname: "{{ openshift_hosted_metrics_public_url + | default('hawkular-metrics.' ~ (openshift_master_default_subdomain)) + | oo_hostname_from_url }}" + when: openshift_hosted_metrics_deploy | default(false) | bool + +- set_fact: + openshift_hosted_metrics_public_url: "https://{{ g_metrics_hostname }}/hawkular/metrics" + when: openshift_hosted_metrics_deploy | default(false) | bool + - name: Set master facts openshift_facts: role: master @@ -49,7 +77,6 @@ oauth_grant_method: "{{ openshift_master_oauth_grant_method | default(None) }}" sdn_cluster_network_cidr: "{{ osm_cluster_network_cidr | default(None) }}" sdn_host_subnet_length: "{{ osm_host_subnet_length | default(None) }}" - default_subdomain: "{{ openshift_master_default_subdomain | default(osm_default_subdomain | default(None), true) }}" custom_cors_origins: "{{ osm_custom_cors_origins | default(None) }}" default_node_selector: "{{ osm_default_node_selector | default(None) }}" project_request_message: "{{ osm_project_request_message | default(None) }}" @@ -64,13 +91,9 @@ master_count: "{{ openshift_master_count | default(None) }}" controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}" master_image: "{{ osm_image | default(None) }}" - scheduler_predicates: "{{ openshift_master_scheduler_predicates | default(None) }}" - scheduler_priorities: "{{ openshift_master_scheduler_priorities | default(None) }}" - admission_plugin_order: "{{openshift_master_admission_plugin_order | default(None) }}" admission_plugin_config: "{{openshift_master_admission_plugin_config | default(None) }}" - kube_admission_plugin_order: "{{openshift_master_kube_admission_plugin_order | default(None) }}" - kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}" - oauth_template: "{{ openshift_master_oauth_template | default(None) }}" # deprecated in origin 1.2 / OSE 3.2 + kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}" # deprecated, merged with admission_plugin_config + oauth_template: "{{ openshift_master_oauth_template | default(None) }}" # deprecated in origin 1.2 / OSE 3.2 oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}" oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}" image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}" @@ -79,4 +102,31 @@ api_env_vars: "{{ openshift_master_api_env_vars | default(None) }}" controllers_env_vars: "{{ openshift_master_controllers_env_vars | default(None) }}" audit_config: "{{ openshift_master_audit_config | default(None) }}" - metrics_public_url: "{% if openshift_hosted_metrics_deploy | default(false) %}https://{{ metrics_hostname }}/hawkular/metrics{% endif %}" + scheduler_args: "{{ openshift_master_scheduler_args | default(None) }}" + +- name: Determine if scheduler config present + stat: + path: "{{ openshift_master_scheduler_conf }}" + register: scheduler_config_stat + +- set_fact: + openshift_master_scheduler_default_predicates: "{{ lookup('openshift_master_facts_default_predicates') }}" + openshift_master_scheduler_default_priorities: "{{ lookup('openshift_master_facts_default_priorities') }}" + +- block: + - name: Retrieve current scheduler config + slurp: + src: "{{ openshift_master_scheduler_conf }}" + register: current_scheduler_config + + - set_fact: + openshift_master_scheduler_current_config: "{{ current_scheduler_config.content | b64decode | from_json }}" + + - fail: + msg: "Unknown scheduler config apiVersion {{ openshift_master_scheduler_config.apiVersion }}" + when: "{{ openshift_master_scheduler_current_config.apiVersion | default(None) != 'v1' }}" + + - set_fact: + openshift_master_scheduler_current_predicates: "{{ openshift_master_scheduler_current_config.predicates }}" + openshift_master_scheduler_current_priorities: "{{ openshift_master_scheduler_current_config.priorities }}" + when: "{{ scheduler_config_stat.stat.exists }}" diff --git a/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py b/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py new file mode 100644 index 000000000..07bac6826 --- /dev/null +++ b/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py @@ -0,0 +1,251 @@ +import copy +import os +import sys + +from ansible.errors import AnsibleError +from nose.tools import raises, assert_equal + +sys.path = [os.path.abspath(os.path.dirname(__file__) + "/../lookup_plugins/")] + sys.path + +from openshift_master_facts_default_predicates import LookupModule # noqa: E402 + +DEFAULT_PREDICATES_1_1 = [ + {'name': 'PodFitsHostPorts'}, + {'name': 'PodFitsResources'}, + {'name': 'NoDiskConflict'}, + {'name': 'MatchNodeSelector'}, +] + +DEFAULT_PREDICATES_1_2 = [ + {'name': 'PodFitsHostPorts'}, + {'name': 'PodFitsResources'}, + {'name': 'NoDiskConflict'}, + {'name': 'NoVolumeZoneConflict'}, + {'name': 'MatchNodeSelector'}, + {'name': 'MaxEBSVolumeCount'}, + {'name': 'MaxGCEPDVolumeCount'} +] + +DEFAULT_PREDICATES_1_3 = [ + {'name': 'NoDiskConflict'}, + {'name': 'NoVolumeZoneConflict'}, + {'name': 'MaxEBSVolumeCount'}, + {'name': 'MaxGCEPDVolumeCount'}, + {'name': 'GeneralPredicates'}, + {'name': 'PodToleratesNodeTaints'}, + {'name': 'CheckNodeMemoryPressure'} +] + +DEFAULT_PREDICATES_1_4 = [ + {'name': 'NoDiskConflict'}, + {'name': 'NoVolumeZoneConflict'}, + {'name': 'MaxEBSVolumeCount'}, + {'name': 'MaxGCEPDVolumeCount'}, + {'name': 'GeneralPredicates'}, + {'name': 'PodToleratesNodeTaints'}, + {'name': 'CheckNodeMemoryPressure'}, + {'name': 'CheckNodeDiskPressure'}, + {'name': 'MatchInterPodAffinity'} +] + +REGION_PREDICATE = { + 'name': 'Region', + 'argument': { + 'serviceAffinity': { + 'labels': ['region'] + } + } +} + +TEST_VARS = [ + ('1.1', 'origin', DEFAULT_PREDICATES_1_1), + ('3.1', 'openshift-enterprise', DEFAULT_PREDICATES_1_1), + ('1.2', 'origin', DEFAULT_PREDICATES_1_2), + ('3.2', 'openshift-enterprise', DEFAULT_PREDICATES_1_2), + ('1.3', 'origin', DEFAULT_PREDICATES_1_3), + ('3.3', 'openshift-enterprise', DEFAULT_PREDICATES_1_3), + ('1.4', 'origin', DEFAULT_PREDICATES_1_4), + ('3.4', 'openshift-enterprise', DEFAULT_PREDICATES_1_4), + ('1.5', 'origin', DEFAULT_PREDICATES_1_4), + ('3.5', 'openshift-enterprise', DEFAULT_PREDICATES_1_4), + ('1.6', 'origin', DEFAULT_PREDICATES_1_4), + ('3.6', 'openshift-enterprise', DEFAULT_PREDICATES_1_4), +] + + +class TestOpenShiftMasterFactsDefaultPredicates(object): + def setUp(self): + self.lookup = LookupModule() + self.default_facts = { + 'openshift': { + 'common': {} + } + } + + @raises(AnsibleError) + def test_missing_short_version_and_missing_openshift_release(self): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['deployment_type'] = 'origin' + self.lookup.run(None, variables=facts) + + def check_defaults_short_version(self, short_version, deployment_type, default_predicates, + regions_enabled): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = short_version + facts['openshift']['common']['deployment_type'] = deployment_type + results = self.lookup.run(None, variables=facts, + regions_enabled=regions_enabled) + if regions_enabled: + assert_equal(results, default_predicates + [REGION_PREDICATE]) + else: + assert_equal(results, default_predicates) + + def check_defaults_short_version_kwarg(self, short_version, deployment_type, default_predicates, + regions_enabled): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['deployment_type'] = deployment_type + results = self.lookup.run(None, variables=facts, + regions_enabled=regions_enabled, + short_version=short_version) + if regions_enabled: + assert_equal(results, default_predicates + [REGION_PREDICATE]) + else: + assert_equal(results, default_predicates) + + def check_defaults_deployment_type_kwarg(self, short_version, deployment_type, + default_predicates, regions_enabled): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = short_version + results = self.lookup.run(None, variables=facts, + regions_enabled=regions_enabled, + deployment_type=deployment_type) + if regions_enabled: + assert_equal(results, default_predicates + [REGION_PREDICATE]) + else: + assert_equal(results, default_predicates) + + def check_defaults_only_kwargs(self, short_version, deployment_type, + default_predicates, regions_enabled): + facts = copy.deepcopy(self.default_facts) + results = self.lookup.run(None, variables=facts, + regions_enabled=regions_enabled, + short_version=short_version, + deployment_type=deployment_type) + if regions_enabled: + assert_equal(results, default_predicates + [REGION_PREDICATE]) + else: + assert_equal(results, default_predicates) + + def check_defaults_release(self, release, deployment_type, default_predicates, + regions_enabled): + facts = copy.deepcopy(self.default_facts) + facts['openshift_release'] = release + facts['openshift']['common']['deployment_type'] = deployment_type + results = self.lookup.run(None, variables=facts, + regions_enabled=regions_enabled) + if regions_enabled: + assert_equal(results, default_predicates + [REGION_PREDICATE]) + else: + assert_equal(results, default_predicates) + + def check_defaults_version(self, version, deployment_type, default_predicates, + regions_enabled): + facts = copy.deepcopy(self.default_facts) + facts['openshift_version'] = version + facts['openshift']['common']['deployment_type'] = deployment_type + results = self.lookup.run(None, variables=facts, + regions_enabled=regions_enabled) + if regions_enabled: + assert_equal(results, default_predicates + [REGION_PREDICATE]) + else: + assert_equal(results, default_predicates) + + def check_defaults_override_vars(self, release, deployment_type, + default_predicates, regions_enabled, + extra_facts=None): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = release + facts['openshift']['common']['deployment_type'] = deployment_type + if extra_facts is not None: + for fact in extra_facts: + facts[fact] = extra_facts[fact] + results = self.lookup.run(None, variables=facts, + regions_enabled=regions_enabled, + return_set_vars=False) + if regions_enabled: + assert_equal(results, default_predicates + [REGION_PREDICATE]) + else: + assert_equal(results, default_predicates) + + def test_openshift_version(self): + for regions_enabled in (True, False): + for release, deployment_type, default_predicates in TEST_VARS: + release = release + '.1' + yield self.check_defaults_version, release, deployment_type, default_predicates, regions_enabled + + def test_v_release_defaults(self): + for regions_enabled in (True, False): + for release, deployment_type, default_predicates in TEST_VARS: + yield self.check_defaults_release, 'v' + release, deployment_type, default_predicates, regions_enabled + + def test_release_defaults(self): + for regions_enabled in (True, False): + for release, deployment_type, default_predicates in TEST_VARS: + yield self.check_defaults_release, release, deployment_type, default_predicates, regions_enabled + + def test_short_version_defaults(self): + for regions_enabled in (True, False): + for release, deployment_type, default_predicates in TEST_VARS: + yield self.check_defaults_short_version, release, deployment_type, default_predicates, regions_enabled + + def test_short_version_kwarg(self): + for regions_enabled in (True, False): + for release, deployment_type, default_predicates in TEST_VARS: + yield self.check_defaults_short_version_kwarg, release, deployment_type, default_predicates, regions_enabled + + def test_only_kwargs(self): + for regions_enabled in (True, False): + for release, deployment_type, default_predicates in TEST_VARS: + yield self.check_defaults_only_kwargs, release, deployment_type, default_predicates, regions_enabled + + def test_deployment_type_kwarg(self): + for regions_enabled in (True, False): + for release, deployment_type, default_predicates in TEST_VARS: + yield self.check_defaults_deployment_type_kwarg, release, deployment_type, default_predicates, regions_enabled + + def test_trunc_openshift_release(self): + for release, deployment_type, default_predicates in TEST_VARS: + release = release + '.1' + yield self.check_defaults_release, release, deployment_type, default_predicates, False + + @raises(AnsibleError) + def test_unknown_deployment_types(self): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = '1.1' + facts['openshift']['common']['deployment_type'] = 'bogus' + self.lookup.run(None, variables=facts) + + @raises(AnsibleError) + def test_unknown_origin_version(self): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = '0.1' + facts['openshift']['common']['deployment_type'] = 'origin' + self.lookup.run(None, variables=facts) + + @raises(AnsibleError) + def test_unknown_ocp_version(self): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = '0.1' + facts['openshift']['common']['deployment_type'] = 'openshift-enterprise' + self.lookup.run(None, variables=facts) + + @raises(AnsibleError) + def test_missing_deployment_type(self): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = '10.10' + self.lookup.run(None, variables=facts) + + @raises(AnsibleError) + def testMissingOpenShiftFacts(self): + facts = {} + self.lookup.run(None, variables=facts) diff --git a/roles/openshift_master_facts/test/openshift_master_facts_default_priorities_tests.py b/roles/openshift_master_facts/test/openshift_master_facts_default_priorities_tests.py new file mode 100644 index 000000000..5427a07a1 --- /dev/null +++ b/roles/openshift_master_facts/test/openshift_master_facts_default_priorities_tests.py @@ -0,0 +1,238 @@ +import copy +import os +import sys + +from ansible.errors import AnsibleError +from nose.tools import raises, assert_equal + +sys.path = [os.path.abspath(os.path.dirname(__file__) + "/../lookup_plugins/")] + sys.path + +from openshift_master_facts_default_priorities import LookupModule # noqa: E402 + +DEFAULT_PRIORITIES_1_1 = [ + {'name': 'LeastRequestedPriority', 'weight': 1}, + {'name': 'BalancedResourceAllocation', 'weight': 1}, + {'name': 'SelectorSpreadPriority', 'weight': 1} +] + +DEFAULT_PRIORITIES_1_2 = [ + {'name': 'LeastRequestedPriority', 'weight': 1}, + {'name': 'BalancedResourceAllocation', 'weight': 1}, + {'name': 'SelectorSpreadPriority', 'weight': 1}, + {'name': 'NodeAffinityPriority', 'weight': 1} +] + +DEFAULT_PRIORITIES_1_3 = [ + {'name': 'LeastRequestedPriority', 'weight': 1}, + {'name': 'BalancedResourceAllocation', 'weight': 1}, + {'name': 'SelectorSpreadPriority', 'weight': 1}, + {'name': 'NodeAffinityPriority', 'weight': 1}, + {'name': 'TaintTolerationPriority', 'weight': 1} +] + +DEFAULT_PRIORITIES_1_4 = [ + {'name': 'LeastRequestedPriority', 'weight': 1}, + {'name': 'BalancedResourceAllocation', 'weight': 1}, + {'name': 'SelectorSpreadPriority', 'weight': 1}, + {'name': 'NodePreferAvoidPodsPriority', 'weight': 10000}, + {'name': 'NodeAffinityPriority', 'weight': 1}, + {'name': 'TaintTolerationPriority', 'weight': 1}, + {'name': 'InterPodAffinityPriority', 'weight': 1} +] + +ZONE_PRIORITY = { + 'name': 'Zone', + 'argument': { + 'serviceAntiAffinity': { + 'label': 'zone' + } + }, + 'weight': 2 +} + +TEST_VARS = [ + ('1.1', 'origin', DEFAULT_PRIORITIES_1_1), + ('3.1', 'openshift-enterprise', DEFAULT_PRIORITIES_1_1), + ('1.2', 'origin', DEFAULT_PRIORITIES_1_2), + ('3.2', 'openshift-enterprise', DEFAULT_PRIORITIES_1_2), + ('1.3', 'origin', DEFAULT_PRIORITIES_1_3), + ('3.3', 'openshift-enterprise', DEFAULT_PRIORITIES_1_3), + ('1.4', 'origin', DEFAULT_PRIORITIES_1_4), + ('3.4', 'openshift-enterprise', DEFAULT_PRIORITIES_1_4) +] + + +class TestOpenShiftMasterFactsDefaultPredicates(object): + def setUp(self): + self.lookup = LookupModule() + self.default_facts = { + 'openshift': { + 'common': {} + } + } + + @raises(AnsibleError) + def test_missing_short_version_and_missing_openshift_release(self): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['deployment_type'] = 'origin' + self.lookup.run(None, variables=facts) + + def check_defaults_short_version(self, release, deployment_type, + default_priorities, zones_enabled): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = release + facts['openshift']['common']['deployment_type'] = deployment_type + results = self.lookup.run(None, variables=facts, zones_enabled=zones_enabled) + if zones_enabled: + assert_equal(results, default_priorities + [ZONE_PRIORITY]) + else: + assert_equal(results, default_priorities) + + def check_defaults_short_version_kwarg(self, release, deployment_type, + default_priorities, zones_enabled): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['deployment_type'] = deployment_type + results = self.lookup.run(None, variables=facts, + zones_enabled=zones_enabled, + short_version=release) + if zones_enabled: + assert_equal(results, default_priorities + [ZONE_PRIORITY]) + else: + assert_equal(results, default_priorities) + + def check_defaults_deployment_type_kwarg(self, release, deployment_type, + default_priorities, zones_enabled): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = release + results = self.lookup.run(None, variables=facts, + zones_enabled=zones_enabled, + deployment_type=deployment_type) + if zones_enabled: + assert_equal(results, default_priorities + [ZONE_PRIORITY]) + else: + assert_equal(results, default_priorities) + + def check_defaults_only_kwargs(self, release, deployment_type, + default_priorities, zones_enabled): + facts = copy.deepcopy(self.default_facts) + results = self.lookup.run(None, variables=facts, + zones_enabled=zones_enabled, + short_version=release, + deployment_type=deployment_type) + if zones_enabled: + assert_equal(results, default_priorities + [ZONE_PRIORITY]) + else: + assert_equal(results, default_priorities) + + def check_defaults_release(self, release, deployment_type, default_priorities, + zones_enabled): + facts = copy.deepcopy(self.default_facts) + facts['openshift_release'] = release + facts['openshift']['common']['deployment_type'] = deployment_type + results = self.lookup.run(None, variables=facts, zones_enabled=zones_enabled) + if zones_enabled: + assert_equal(results, default_priorities + [ZONE_PRIORITY]) + else: + assert_equal(results, default_priorities) + + def check_defaults_version(self, release, deployment_type, default_priorities, + zones_enabled): + facts = copy.deepcopy(self.default_facts) + facts['openshift_version'] = release + facts['openshift']['common']['deployment_type'] = deployment_type + results = self.lookup.run(None, variables=facts, zones_enabled=zones_enabled) + if zones_enabled: + assert_equal(results, default_priorities + [ZONE_PRIORITY]) + else: + assert_equal(results, default_priorities) + + def check_defaults_override_vars(self, release, deployment_type, + default_priorities, zones_enabled, + extra_facts=None): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = release + facts['openshift']['common']['deployment_type'] = deployment_type + if extra_facts is not None: + for fact in extra_facts: + facts[fact] = extra_facts[fact] + results = self.lookup.run(None, variables=facts, + zones_enabled=zones_enabled, + return_set_vars=False) + if zones_enabled: + assert_equal(results, default_priorities + [ZONE_PRIORITY]) + else: + assert_equal(results, default_priorities) + + def test_openshift_version(self): + for zones_enabled in (True, False): + for release, deployment_type, default_priorities in TEST_VARS: + release = release + '.1' + yield self.check_defaults_version, release, deployment_type, default_priorities, zones_enabled + + def test_v_release_defaults(self): + for zones_enabled in (True, False): + for release, deployment_type, default_priorities in TEST_VARS: + release = 'v' + release + yield self.check_defaults_release, release, deployment_type, default_priorities, zones_enabled + + def test_release_defaults(self): + for zones_enabled in (True, False): + for release, deployment_type, default_priorities in TEST_VARS: + yield self.check_defaults_release, release, deployment_type, default_priorities, zones_enabled + + def test_short_version_defaults(self): + for zones_enabled in (True, False): + for short_version, deployment_type, default_priorities in TEST_VARS: + yield self.check_defaults_short_version, short_version, deployment_type, default_priorities, zones_enabled + + def test_only_kwargs(self): + for zones_enabled in (True, False): + for short_version, deployment_type, default_priorities in TEST_VARS: + yield self.check_defaults_only_kwargs, short_version, deployment_type, default_priorities, zones_enabled + + def test_deployment_type_kwarg(self): + for zones_enabled in (True, False): + for short_version, deployment_type, default_priorities in TEST_VARS: + yield self.check_defaults_deployment_type_kwarg, short_version, deployment_type, default_priorities, zones_enabled + + def test_release_kwarg(self): + for zones_enabled in (True, False): + for short_version, deployment_type, default_priorities in TEST_VARS: + yield self.check_defaults_short_version_kwarg, short_version, deployment_type, default_priorities, zones_enabled + + def test_trunc_openshift_release(self): + for release, deployment_type, default_priorities in TEST_VARS: + release = release + '.1' + yield self.check_defaults_release, release, deployment_type, default_priorities, False + + @raises(AnsibleError) + def test_unknown_origin_version(self): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = '0.1' + facts['openshift']['common']['deployment_type'] = 'origin' + self.lookup.run(None, variables=facts) + + @raises(AnsibleError) + def test_unknown_ocp_version(self): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = '0.1' + facts['openshift']['common']['deployment_type'] = 'openshift-enterprise' + self.lookup.run(None, variables=facts) + + @raises(AnsibleError) + def test_unknown_deployment_types(self): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = '1.1' + facts['openshift']['common']['deployment_type'] = 'bogus' + self.lookup.run(None, variables=facts) + + @raises(AnsibleError) + def test_missing_deployment_type(self): + facts = copy.deepcopy(self.default_facts) + facts['openshift']['common']['short_version'] = '10.10' + self.lookup.run(None, variables=facts) + + @raises(AnsibleError) + def test_missing_openshift_facts(self): + facts = {} + self.lookup.run(None, variables=facts) diff --git a/roles/openshift_master_facts/vars/main.yml b/roles/openshift_master_facts/vars/main.yml index 406d50c24..bf6d2402d 100644 --- a/roles/openshift_master_facts/vars/main.yml +++ b/roles/openshift_master_facts/vars/main.yml @@ -1,25 +1,4 @@ -builddefaults_yaml: - BuildDefaults: - configuration: - apiVersion: v1 - kind: BuildDefaultsConfig - gitHTTPProxy: "{{ openshift.master.builddefaults_git_http_proxy | default(omit, true) }}" - gitHTTPSProxy: "{{ openshift.master.builddefaults_git_https_proxy | default(omit, true) }}" - env: - - name: HTTP_PROXY - value: "{{ openshift.master.builddefaults_http_proxy | default(omit, true) }}" - - name: HTTPS_PROXY - value: "{{ openshift.master.builddefaults_https_proxy | default(omit, true) }}" - - name: NO_PROXY - value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}" - - name: http_proxy - value: "{{ openshift.master.builddefaults_http_proxy | default(omit, true) }}" - - name: https_proxy - value: "{{ openshift.master.builddefaults_https_proxy | default(omit, true) }}" - - name: no_proxy - value: "{{ openshift.master.builddefaults_no_proxy | default(omit, true) | join(',') }}" - -metrics_hostname: "{{ openshift_hosted_metrics_public_url - | default('hawkular-metrics.' ~ (openshift.master.default_subdomain - | default(openshift_master_default_subdomain ))) - | oo_hostname_from_url }}" +--- +openshift_master_config_dir: "{{ openshift.common.config_base }}/master" +openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml" +openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json" diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index 30a0a608d..f4c47c7bb 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -5,37 +5,81 @@ OpenShift Metrics Installation Requirements ------------ -It requires subdomain fqdn to be set. -If persistence is enabled, then it also requires NFS. + +The following variables need to be set and will be validated: + +- `openshift_metrics_hostname`: hostname used on the hawkular metrics route. + +- `openshift_metrics_project`: project (i.e. namespace) where the components will be + deployed. + Role Variables -------------- -From this role: +For default values, see [`defaults/main.yaml`](defaults/main.yaml). + +- `openshift_metrics_image_prefix`: Specify prefix for metrics components; e.g for + "openshift/origin-metrics-deployer:v1.1", set prefix "openshift/origin-". + +- `openshift_metrics_image_version`: Specify version for metrics components; e.g. for + "openshift/origin-metrics-deployer:v1.1", set version "v1.1". + +- `openshift_metrics_hawkular_cert:` The certificate used for re-encrypting the route + to Hawkular metrics. The certificate must contain the hostname used by the route. + The default router certificate will be used if unspecified + +- `openshift_metrics_hawkular_key:` The key used with the Hawkular certificate + +- `openshift_metrics_hawkular_ca:` An optional certificate used to sign the Hawkular certificate. + +- `openshift_metrics_hawkular_replicas:` The number of replicas for Hawkular metrics. -| Name | Default value | | -|-------------------------------------------------|-----------------------|-------------------------------------------------------------| -| openshift_hosted_metrics_deploy | `False` | If metrics should be deployed | -| openshift_hosted_metrics_public_url | null | Hawkular metrics public url | -| openshift_hosted_metrics_storage_nfs_directory | `/exports` | Root export directory. | -| openshift_hosted_metrics_storage_volume_name | `metrics` | Metrics volume within openshift_hosted_metrics_volume_dir | -| openshift_hosted_metrics_storage_volume_size | `10Gi` | Metrics volume size | -| openshift_hosted_metrics_storage_nfs_options | `*(rw,root_squash)` | NFS options for configured exports. | -| openshift_hosted_metrics_duration | `7` | Metrics query duration | -| openshift_hosted_metrics_resolution | `10s` | Metrics resolution | +- `openshift_metrics_cassandra_replicas`: The number of Cassandra nodes to deploy for the + initial cluster. +- `openshift_metrics_cassandra_storage_type`: Use `emptydir` for ephemeral storage (for + testing), `pv` to use persistent volumes (which need to be created before the + installation) or `dynamic` for dynamic persistent volumes. -From openshift_common: +- `openshift_metrics_cassandra_pv_prefix`: The name of persistent volume claims created + for cassandra will be this with a serial number appended to the end, starting + from 1. -| Name | Default Value | | -|---------------------------------------|----------------|----------------------------------------| -| openshift_master_default_subdomain | null | Subdomain FQDN (Mandatory) | +- `openshift_metrics_cassandra_pv_size`: The persistent volume size for each of the + Cassandra nodes. +- `openshift_metrics_heapster_standalone`: Deploy only heapster, without the Hawkular Metrics and + Cassandra components. + +- `openshift_metrics_heapster_allowed_users`: A comma-separated list of CN to accept. By + default, this is set to allow the OpenShift service proxy to connect. If you + override this, make sure to add `system:master-proxy` to the list in order to + allow horizontal pod autoscaling to function properly. + +- `openshift_metrics_startup_timeout`: How long in seconds we should wait until + Hawkular Metrics and Heapster starts up before attempting a restart. + +- `openshift_metrics_duration`: How many days metrics should be stored for. + +- `openshift_metrics_resolution`: How often metrics should be gathered. + +## Additional variables to control resource limits +Each metrics component (hawkular, cassandra, heapster) can specify a cpu and memory limits and requests by setting +the corresponding role variable: +``` +openshift_metrics_<COMPONENT>_(limits|requests)_(memory|cpu): <VALUE> +``` +e.g +``` +openshift_metrics_cassandra_limits_memory: 1G +openshift_metrics_hawkular_requests_cpu: 100 +``` Dependencies ------------ openshift_facts -openshift_examples + Example Playbook ---------------- diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml new file mode 100644 index 000000000..b99adf779 --- /dev/null +++ b/roles/openshift_metrics/defaults/main.yaml @@ -0,0 +1,48 @@ +--- +openshift_metrics_start_cluster: True +openshift_metrics_install_metrics: True +openshift_metrics_image_prefix: docker.io/openshift/origin- +openshift_metrics_image_version: latest +openshift_metrics_startup_timeout: 500 + +openshift_metrics_hawkular_replicas: 1 +openshift_metrics_hawkular_limits_memory: 2.5G +openshift_metrics_hawkular_limits_cpu: null +openshift_metrics_hawkular_requests_memory: 1.5G +openshift_metrics_hawkular_requests_cpu: null +openshift_metrics_hawkular_cert: "" +openshift_metrics_hawkular_key: "" +openshift_metrics_hawkular_ca: "" + +openshift_metrics_cassandra_replicas: 1 +openshift_metrics_cassandra_storage_type: emptydir +openshift_metrics_cassandra_pv_size: 10Gi +openshift_metrics_cassandra_limits_memory: 2G +openshift_metrics_cassandra_limits_cpu: null +openshift_metrics_cassandra_requests_memory: 1G +openshift_metrics_cassandra_requests_cpu: null + +openshift_metrics_heapster_standalone: False +openshift_metrics_heapster_limits_memory: 3.75G +openshift_metrics_heapster_limits_cpu: null +openshift_metrics_heapster_requests_memory: 0.9375G +openshift_metrics_heapster_requests_cpu: null + +openshift_metrics_duration: 7 +openshift_metrics_resolution: 15s + +##### +# Caution should be taken for the following defaults before +# overriding the values here +##### + +openshift_metrics_certs_dir: "{{ openshift.common.config_base }}/master/metrics" +openshift_metrics_master_url: https://kubernetes.default.svc.cluster.local +openshift_metrics_node_id: nodename +openshift_metrics_project: openshift-infra + +openshift_metrics_cassandra_pv_prefix: metrics-cassandra + +openshift_metrics_hawkular_user_write_access: False + +openshift_metrics_heapster_allowed_users: system:master-proxy diff --git a/roles/openshift_metrics/files/import_jks_certs.sh b/roles/openshift_metrics/files/import_jks_certs.sh new file mode 100755 index 000000000..bb046df87 --- /dev/null +++ b/roles/openshift_metrics/files/import_jks_certs.sh @@ -0,0 +1,118 @@ +#!/bin/bash +# +# Copyright 2014-2015 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +set -ex + +function import_certs() { + dir=$CERT_DIR + hawkular_metrics_keystore_password=$(echo $METRICS_KEYSTORE_PASSWD | base64 -d) + hawkular_cassandra_keystore_password=$(echo $CASSANDRA_KEYSTORE_PASSWD | base64 -d) + hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 -d) + hawkular_cassandra_truststore_password=$(echo $CASSANDRA_TRUSTSTORE_PASSWD | base64 -d) + hawkular_jgroups_password=$(echo $JGROUPS_PASSWD | base64 -d) + + cassandra_alias=`keytool -noprompt -list -keystore $dir/hawkular-cassandra.truststore -storepass ${hawkular_cassandra_truststore_password} | sed -n '7~2s/,.*$//p'` + hawkular_alias=`keytool -noprompt -list -keystore $dir/hawkular-metrics.truststore -storepass ${hawkular_metrics_truststore_password} | sed -n '7~2s/,.*$//p'` + + if [ ! -f $dir/hawkular-metrics.keystore ]; then + echo "Creating the Hawkular Metrics keystore from the PEM file" + keytool -importkeystore -v \ + -srckeystore $dir/hawkular-metrics.pkcs12 \ + -destkeystore $dir/hawkular-metrics.keystore \ + -srcstoretype PKCS12 \ + -deststoretype JKS \ + -srcstorepass $hawkular_metrics_keystore_password \ + -deststorepass $hawkular_metrics_keystore_password + fi + + if [ ! -f $dir/hawkular-cassandra.keystore ]; then + echo "Creating the Hawkular Cassandra keystore from the PEM file" + keytool -importkeystore -v \ + -srckeystore $dir/hawkular-cassandra.pkcs12 \ + -destkeystore $dir/hawkular-cassandra.keystore \ + -srcstoretype PKCS12 \ + -deststoretype JKS \ + -srcstorepass $hawkular_cassandra_keystore_password \ + -deststorepass $hawkular_cassandra_keystore_password + fi + + if [[ ! ${cassandra_alias[*]} =~ hawkular-metrics ]]; then + echo "Importing the Hawkular Certificate into the Cassandra Truststore" + keytool -noprompt -import -v -trustcacerts -alias hawkular-metrics \ + -file $dir/hawkular-metrics.crt \ + -keystore $dir/hawkular-cassandra.truststore \ + -trustcacerts \ + -storepass $hawkular_cassandra_truststore_password + fi + + if [[ ! ${hawkular_alias[*]} =~ hawkular-cassandra ]]; then + echo "Importing the Cassandra Certificate into the Hawkular Truststore" + keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \ + -file $dir/hawkular-cassandra.crt \ + -keystore $dir/hawkular-metrics.truststore \ + -trustcacerts \ + -storepass $hawkular_metrics_truststore_password + fi + + if [[ ! ${cassandra_alias[*]} =~ hawkular-cassandra ]]; then + echo "Importing the Hawkular Cassandra Certificate into the Cassandra Truststore" + keytool -noprompt -import -v -trustcacerts -alias hawkular-cassandra \ + -file $dir/hawkular-cassandra.crt \ + -keystore $dir/hawkular-cassandra.truststore \ + -trustcacerts \ + -storepass $hawkular_cassandra_truststore_password + fi + + cert_alias_names=(ca metricca cassandraca) + + for cert_alias in ${cert_alias_names[*]}; do + if [[ ! ${cassandra_alias[*]} =~ "$cert_alias" ]]; then + echo "Importing the CA Certificate with alias $cert_alias into the Cassandra Truststore" + keytool -noprompt -import -v -trustcacerts -alias $cert_alias \ + -file ${dir}/ca.crt \ + -keystore $dir/hawkular-cassandra.truststore \ + -trustcacerts \ + -storepass $hawkular_cassandra_truststore_password + fi + done + + for cert_alias in ${cert_alias_names[*]}; do + if [[ ! ${hawkular_alias[*]} =~ "$cert_alias" ]]; then + echo "Importing the CA Certificate with alias $cert_alias into the Hawkular Metrics Truststore" + keytool -noprompt -import -v -trustcacerts -alias $cert_alias \ + -file ${dir}/ca.crt \ + -keystore $dir/hawkular-metrics.truststore \ + -trustcacerts \ + -storepass $hawkular_metrics_truststore_password + fi + done + + if [ ! -f $dir/hawkular-jgroups.keystore ]; then + echo "Generating the jgroups keystore" + keytool -genseckey -alias hawkular -keypass ${hawkular_jgroups_password} \ + -storepass ${hawkular_jgroups_password} \ + -keyalg Blowfish \ + -keysize 56 \ + -keystore $dir/hawkular-jgroups.keystore \ + -storetype JCEKS + fi +} + +import_certs + +exit 0 diff --git a/roles/openshift_metrics/meta/main.yaml b/roles/openshift_metrics/meta/main.yaml index 5f8d4f5c5..68e94992e 100644 --- a/roles/openshift_metrics/meta/main.yaml +++ b/roles/openshift_metrics/meta/main.yaml @@ -1,3 +1,18 @@ +--- +galaxy_info: + author: OpenShift Development <dev@lists.openshift.redhat.com> + description: Deploy OpenShift metrics integration for the cluster + company: Red Hat, Inc. + license: license (Apache) + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + - name: Fedora + versions: + - all + categories: + - openshift dependencies: -- { role: openshift_examples } -- { role: openshift_facts }
\ No newline at end of file +- { role: openshift_facts } diff --git a/roles/openshift_metrics/tasks/generate_certificates.yaml b/roles/openshift_metrics/tasks/generate_certificates.yaml new file mode 100644 index 000000000..16a967aa7 --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_certificates.yaml @@ -0,0 +1,26 @@ +--- +- name: create certificate output directory + file: + path: "{{ openshift_metrics_certs_dir }}" + state: directory + mode: 0700 + +- name: list existing secrets + command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get secrets -o name + register: metrics_secrets + changed_when: false + +- name: generate ca certificate chain + shell: > + {{ openshift.common.admin_binary }} ca create-signer-cert + --config={{ mktemp.stdout }}/admin.kubeconfig + --key='{{ openshift_metrics_certs_dir }}/ca.key' + --cert='{{ openshift_metrics_certs_dir }}/ca.crt' + --serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt' + --name="metrics-signer@$(date +%s)" + when: not '{{ openshift_metrics_certs_dir }}/ca.key' | exists +- include: generate_heapster_certificates.yaml +- include: generate_hawkular_certificates.yaml diff --git a/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml new file mode 100644 index 000000000..9cf4afee0 --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_hawkular_certificates.yaml @@ -0,0 +1,166 @@ +--- +- name: generate hawkular-metrics certificates + include: setup_certificate.yaml + vars: + component: hawkular-metrics + hostnames: "hawkular-metrics,{{ openshift_metrics_hawkular_hostname }}" + changed_when: no + +- name: generate hawkular-cassandra certificates + include: setup_certificate.yaml + vars: + component: hawkular-cassandra + hostnames: hawkular-cassandra + changed_when: no + +- slurp: src={{ openshift_metrics_certs_dir }}/hawkular-cassandra-truststore.pwd + register: cassandra_truststore_password + +- slurp: src={{ openshift_metrics_certs_dir }}/hawkular-metrics-truststore.pwd + register: hawkular_truststore_password + +- name: generate password for hawkular metrics and jgroups + copy: + dest: '{{ openshift_metrics_certs_dir }}/{{ item }}.pwd' + content: "{{ 15 | oo_random_word }}" + with_items: + - hawkular-metrics + - hawkular-jgroups-keystore + when: not '{{ openshift_metrics_certs_dir }}/{{ item }}.pwd'|exists + +- name: generate htpasswd file for hawkular metrics + shell: > + htpasswd -ci + '{{ openshift_metrics_certs_dir }}/hawkular-metrics.htpasswd' hawkular + < '{{ openshift_metrics_certs_dir }}/hawkular-metrics.pwd' + when: > + not '{{ openshift_metrics_certs_dir }}/hawkular-metrics.htpasswd'|exists + +- include: import_jks_certs.yaml + +- name: read files for the hawkular-metrics secret + shell: > + printf '%s: ' '{{ item }}' + && base64 --wrap 0 '{{ openshift_metrics_certs_dir }}/{{ item }}' + register: hawkular_secrets + with_items: + - ca.crt + - hawkular-metrics.crt + - hawkular-metrics.keystore + - hawkular-metrics-keystore.pwd + - hawkular-metrics.truststore + - hawkular-metrics-truststore.pwd + - hawkular-metrics.pwd + - hawkular-metrics.htpasswd + - hawkular-jgroups.keystore + - hawkular-jgroups-keystore.pwd + - hawkular-cassandra.crt + - hawkular-cassandra.pem + - hawkular-cassandra.keystore + - hawkular-cassandra-keystore.pwd + - hawkular-cassandra.truststore + - hawkular-cassandra-truststore.pwd + changed_when: false + +- set_fact: + hawkular_secrets: | + {{ hawkular_secrets.results|map(attribute='stdout')|join(' + ')|from_yaml }} + +- name: generate hawkular-metrics-secrets secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_secrets.yaml" + vars: + name: hawkular-metrics-secrets + labels: + metrics-infra: hawkular-metrics + data: + hawkular-metrics.keystore: > + {{ hawkular_secrets['hawkular-metrics.keystore'] }} + hawkular-metrics.keystore.password: > + {{ hawkular_secrets['hawkular-metrics-keystore.pwd'] }} + hawkular-metrics.truststore: > + {{ hawkular_secrets['hawkular-metrics.truststore'] }} + hawkular-metrics.truststore.password: > + {{ hawkular_secrets['hawkular-metrics-truststore.pwd'] }} + hawkular-metrics.keystore.alias: "{{ 'hawkular-metrics'|b64encode }}" + hawkular-metrics.htpasswd.file: > + {{ hawkular_secrets['hawkular-metrics.htpasswd'] }} + hawkular-metrics.jgroups.keystore: > + {{ hawkular_secrets['hawkular-jgroups.keystore'] }} + hawkular-metrics.jgroups.keystore.password: > + {{ hawkular_secrets['hawkular-jgroups-keystore.pwd'] }} + hawkular-metrics.jgroups.alias: "{{ 'hawkular'|b64encode }}" + when: name not in metrics_secrets.stdout_lines + changed_when: no + +- name: generate hawkular-metrics-certificate secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_certificate.yaml" + vars: + name: hawkular-metrics-certificate + labels: + metrics-infra: hawkular-metrics + data: + hawkular-metrics.certificate: > + {{ hawkular_secrets['hawkular-metrics.crt'] }} + hawkular-metrics-ca.certificate: > + {{ hawkular_secrets['ca.crt'] }} + when: name not in metrics_secrets.stdout_lines + changed_when: no + +- name: generate hawkular-metrics-account secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_account.yaml" + vars: + name: hawkular-metrics-account + labels: + metrics-infra: hawkular-metrics + data: + hawkular-metrics.username: "{{ 'hawkular'|b64encode }}" + hawkular-metrics.password: > + {{ hawkular_secrets['hawkular-metrics.pwd'] }} + when: name not in metrics_secrets.stdout_lines + changed_when: no + +- name: generate cassandra secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/cassandra_secrets.yaml" + vars: + name: hawkular-cassandra-secrets + labels: + metrics-infra: hawkular-cassandra + data: + cassandra.keystore: > + {{ hawkular_secrets['hawkular-cassandra.keystore'] }} + cassandra.keystore.password: > + {{ hawkular_secrets['hawkular-cassandra-keystore.pwd'] }} + cassandra.keystore.alias: "{{ 'hawkular-cassandra'|b64encode }}" + cassandra.truststore: > + {{ hawkular_secrets['hawkular-cassandra.truststore'] }} + cassandra.truststore.password: > + {{ hawkular_secrets['hawkular-cassandra-truststore.pwd'] }} + cassandra.pem: > + {{ hawkular_secrets['hawkular-cassandra.pem'] }} + when: name not in metrics_secrets + changed_when: no + +- name: generate cassandra-certificate secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/cassandra_certificate.yaml" + vars: + name: hawkular-cassandra-certificate + labels: + metrics-infra: hawkular-cassandra + data: + cassandra.certificate: > + {{ hawkular_secrets['hawkular-cassandra.crt'] }} + cassandra-ca.certificate: > + {{ hawkular_secrets['hawkular-cassandra.pem'] }} + when: name not in metrics_secrets.stdout_lines + changed_when: no diff --git a/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml b/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml new file mode 100644 index 000000000..2449b1518 --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_heapster_certificates.yaml @@ -0,0 +1,41 @@ +--- +- name: generate heapster key/cert + command: > + {{ openshift.common.admin_binary }} ca create-server-cert + --config={{ mktemp.stdout }}/admin.kubeconfig + --key='{{ openshift_metrics_certs_dir }}/heapster.key' + --cert='{{ openshift_metrics_certs_dir }}/heapster.cert' + --hostnames=heapster + --signer-cert='{{ openshift_metrics_certs_dir }}/ca.crt' + --signer-key='{{ openshift_metrics_certs_dir }}/ca.key' + --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt' + when: not '{{ openshift_metrics_certs_dir }}/heapster.key' | exists + +- when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines" + block: + - name: read files for the heapster secret + slurp: src={{ item }} + register: heapster_secret + with_items: + - "{{ openshift_metrics_certs_dir }}/heapster.cert" + - "{{ openshift_metrics_certs_dir }}/heapster.key" + - "{{ client_ca }}" + vars: + custom_ca: "{{ openshift_metrics_certs_dir }}/heapster_client_ca.crt" + default_ca: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + client_ca: "{{ custom_ca|exists|ternary(custom_ca, default_ca) }}" + - name: generate heapster secret template + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/heapster_secrets.yaml" + force: no + vars: + name: heapster-secrets + labels: + metrics-infra: heapster + data: + heapster.cert: "{{ heapster_secret.results[0].content }}" + heapster.key: "{{ heapster_secret.results[1].content }}" + heapster.client-ca: "{{ heapster_secret.results[2].content }}" + heapster.allowed-users: > + {{ openshift_metrics_heapster_allowed_users|b64encode }} diff --git a/roles/openshift_metrics/tasks/generate_rolebindings.yaml b/roles/openshift_metrics/tasks/generate_rolebindings.yaml new file mode 100644 index 000000000..6524c3f32 --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_rolebindings.yaml @@ -0,0 +1,33 @@ +--- +- name: generate view role binding for the hawkular service account + template: + src: rolebinding.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-rolebinding.yaml" + vars: + obj_name: hawkular-view + labels: + metrics-infra: hawkular + roleRef: + name: view + subjects: + - kind: ServiceAccount + name: hawkular + changed_when: no + +- name: generate cluster-reader role binding for the heapster service account + template: + src: rolebinding.j2 + dest: "{{ mktemp.stdout }}/templates/heapster-rolebinding.yaml" + vars: + cluster: True + obj_name: heapster-cluster-reader + labels: + metrics-infra: heapster + roleRef: + kind: ClusterRole + name: cluster-reader + subjects: + - kind: ServiceAccount + name: heapster + namespace: "{{ openshift_metrics_project }}" + changed_when: no diff --git a/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml b/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml new file mode 100644 index 000000000..94f34d860 --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_serviceaccounts.yaml @@ -0,0 +1,27 @@ +--- +- name: Generating serviceaccounts for hawkular metrics/cassandra + template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-sa.yaml + vars: + obj_name: "{{item.name}}" + labels: + metrics-infra: support + secrets: + - hawkular-{{item.secret}}-secrets + with_items: + - name: hawkular + secret: hawkular-metrics-secrets + - name: cassandra + secret: hawkular-cassandra-secrets + changed_when: no + +- name: Generating serviceaccount for heapster + template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-sa.yaml + vars: + obj_name: heapster + labels: + metrics-infra: support + secrets: + - heapster-secrets + - hawkular-metrics-certificate + - hawkular-metrics-account + changed_when: no diff --git a/roles/openshift_metrics/tasks/generate_services.yaml b/roles/openshift_metrics/tasks/generate_services.yaml new file mode 100644 index 000000000..903d52bff --- /dev/null +++ b/roles/openshift_metrics/tasks/generate_services.yaml @@ -0,0 +1,46 @@ +--- +- name: Generate service for heapster + template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml + vars: + obj_name: heapster + ports: + - {port: 80, targetPort: http-endpoint} + selector: + name: "{{obj_name}}" + labels: + metrics-infra: "{{obj_name}}" + name: "{{obj_name}}" + changed_when: no + +- name: Generate service for hawkular-metrics + template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml + vars: + obj_name: hawkular-metrics + ports: + - {port: 443, targetPort: https-endpoint} + selector: + name: "{{obj_name}}" + labels: + metrics-infra: "{{obj_name}}" + name: "{{obj_name}}" + changed_when: no + +- name: Generate services for cassandra + template: src=service.j2 dest={{mktemp.stdout}}/templates/metrics-{{obj_name}}-svc.yaml + vars: + obj_name: hawkular-{{item}} + ports: + - {name: cql-port, port: 9042, targetPort: cql-port} + - {name: thrift-port, port: 9160, targetPort: thrift-port} + - {name: tcp-port, port: 7000, targetPort: tcp-port} + - {name: ssl-port, port: 7001, targetPort: ssl-port} + selector: + type: hawkular-cassandra + labels: + metrics-infra: hawkular-cassandra + name: hawkular-cassandra + headless: "{{ item == 'cassandra-nodes' }}" + with_items: + - cassandra + - cassandra-nodes + changed_when: no diff --git a/roles/openshift_metrics/tasks/import_jks_certs.yaml b/roles/openshift_metrics/tasks/import_jks_certs.yaml new file mode 100644 index 000000000..f6bf6c1a6 --- /dev/null +++ b/roles/openshift_metrics/tasks/import_jks_certs.yaml @@ -0,0 +1,120 @@ +--- +- name: Check for jks-generator service account + command: > + {{ openshift.common.client_binary }} + --config={{ mktemp.stdout }}/admin.kubeconfig + -n {{openshift_metrics_project}} + get serviceaccount/jks-generator --no-headers + register: serviceaccount_result + ignore_errors: yes + when: not ansible_check_mode + changed_when: no + +- name: Create jks-generator service account + command: > + {{ openshift.common.client_binary }} + --config={{ mktemp.stdout }}/admin.kubeconfig + -n {{openshift_metrics_project}} + create serviceaccount jks-generator + when: not ansible_check_mode and "not found" in serviceaccount_result.stderr + +- name: Check for hostmount-anyuid scc entry + command: > + {{ openshift.common.client_binary }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get scc hostmount-anyuid + -o jsonpath='{.users}' + register: scc_result + when: not ansible_check_mode + changed_when: no + +- name: Add to hostmount-anyuid scc + command: > + {{ openshift.common.admin_binary }} + --config={{ mktemp.stdout }}/admin.kubeconfig + -n {{openshift_metrics_project}} + policy add-scc-to-user hostmount-anyuid + -z jks-generator + when: + - not ansible_check_mode + - scc_result.stdout.find("system:serviceaccount:{{openshift_metrics_project}}:jks-generator") == -1 + +- name: Copy JKS generation script + copy: + src: import_jks_certs.sh + dest: "{{openshift_metrics_certs_dir}}/import_jks_certs.sh" + check_mode: no + +- slurp: src={{ openshift_metrics_certs_dir }}/hawkular-metrics-keystore.pwd + register: metrics_keystore_password + +- slurp: src={{ openshift_metrics_certs_dir }}/hawkular-cassandra-keystore.pwd + register: cassandra_keystore_password + +- slurp: src={{ openshift_metrics_certs_dir }}/hawkular-jgroups-keystore.pwd + register: jgroups_keystore_password + +- name: Generate JKS pod template + template: + src: jks_pod.j2 + dest: "{{mktemp.stdout}}/jks_pod.yaml" + vars: + metrics_keystore_passwd: "{{metrics_keystore_password.content}}" + cassandra_keystore_passwd: "{{cassandra_keystore_password.content}}" + metrics_truststore_passwd: "{{hawkular_truststore_password.content}}" + cassandra_truststore_passwd: "{{cassandra_truststore_password.content}}" + jgroups_passwd: "{{jgroups_keystore_password.content}}" + check_mode: no + changed_when: no + +- stat: path="{{openshift_metrics_certs_dir}}/hawkular-metrics.keystore" + register: metrics_keystore + check_mode: no + +- stat: path="{{openshift_metrics_certs_dir}}/hawkular-cassandra.keystore" + register: cassandra_keystore + check_mode: no + +- stat: path="{{openshift_metrics_certs_dir}}/hawkular-cassandra.truststore" + register: cassandra_truststore + check_mode: no + +- stat: path="{{openshift_metrics_certs_dir}}/hawkular-metrics.truststore" + register: metrics_truststore + check_mode: no + +- stat: path="{{openshift_metrics_certs_dir}}/hawkular-jgroups.keystore" + register: jgroups_keystore + check_mode: no + +- name: create JKS pod + command: > + {{ openshift.common.client_binary }} + --config={{ mktemp.stdout }}/admin.kubeconfig + -n {{openshift_metrics_project}} + create -f {{mktemp.stdout}}/jks_pod.yaml + -o name + register: podoutput + check_mode: no + when: not metrics_keystore.stat.exists or + not metrics_truststore.stat.exists or + not cassandra_keystore.stat.exists or + not cassandra_truststore.stat.exists or + not jgroups_keystore.stat.exists + +- command: > + {{ openshift.common.client_binary }} + --config={{ mktemp.stdout }}/admin.kubeconfig + -n {{openshift_metrics_project}} + get {{podoutput.stdout}} + -o jsonpath='{.status.phase}' + register: result + until: result.stdout.find("Succeeded") != -1 + retries: 5 + delay: 10 + changed_when: no + when: not metrics_keystore.stat.exists or + not metrics_truststore.stat.exists or + not cassandra_keystore.stat.exists or + not cassandra_truststore.stat.exists or + not jgroups_keystore.stat.exists diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml new file mode 100644 index 000000000..a9340acc3 --- /dev/null +++ b/roles/openshift_metrics/tasks/install_cassandra.yaml @@ -0,0 +1,54 @@ +--- +- shell: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get rc hawkular-cassandra-{{node}} -o jsonpath='{.spec.replicas}' || echo 0 + vars: + node: "{{ item }}" + register: cassandra_replica_count + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + changed_when: false + failed_when: false + +- name: generate hawkular-cassandra replication controllers + template: + src: hawkular_cassandra_rc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-rc{{ item }}.yaml" + vars: + node: "{{ item }}" + master: "{{ (item == '1')|string|lower }}" + replica_count: "{{cassandra_replica_count.results[item|int - 1].stdout}}" + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + changed_when: false + +- name: generate hawkular-cassandra persistent volume claims + template: + src: pvc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" + vars: + obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}" + labels: + metrics-infra: hawkular-cassandra + access_modes: + - ReadWriteOnce + size: "{{ openshift_metrics_cassandra_pv_size }}" + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + when: openshift_metrics_cassandra_storage_type == 'pv' + changed_when: false + +- name: generate hawkular-cassandra persistent volume claims (dynamic) + template: + src: pvc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-cassandra-pvc{{ item }}.yaml" + vars: + obj_name: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ item }}" + labels: + metrics-infra: hawkular-cassandra + annotations: + volume.alpha.kubernetes.io/storage-class: dynamic + access_modes: + - ReadWriteOnce + size: "{{ openshift_metrics_cassandra_pv_size }}" + with_sequence: count={{ openshift_metrics_cassandra_replicas }} + when: openshift_metrics_cassandra_storage_type == 'dynamic' + changed_when: false diff --git a/roles/openshift_metrics/tasks/install_hawkular.yaml b/roles/openshift_metrics/tasks/install_hawkular.yaml new file mode 100644 index 000000000..00f7b2554 --- /dev/null +++ b/roles/openshift_metrics/tasks/install_hawkular.yaml @@ -0,0 +1,54 @@ +--- +- command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get rc hawkular-metrics -o jsonpath='{.spec.replicas}' + register: hawkular_metrics_replica_count + failed_when: false + changed_when: false + +- name: generate hawkular-metrics replication controller + template: + src: hawkular_metrics_rc.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular_metrics_rc.yaml" + vars: + replica_count: "{{hawkular_metrics_replica_count.stdout | default(0)}}" + changed_when: false + +- name: read hawkular-metrics route destination ca certificate + slurp: src={{ openshift_metrics_certs_dir }}/ca.crt + register: metrics_route_dest_ca_cert + changed_when: false + +- block: + - set_fact: hawkular_key={{ lookup('file', openshift_metrics_hawkular_key) }} + when: openshift_metrics_hawkular_key | exists + changed_when: false + + - set_fact: hawkular_cert={{ lookup('file', openshift_metrics_hawkular_cert) }} + when: openshift_metrics_hawkular_cert | exists + changed_when: false + + - set_fact: hawkular_ca={{ lookup('file', openshift_metrics_hawkular_ca) }} + when: openshift_metrics_hawkular_ca | exists + changed_when: false + + - name: generate the hawkular-metrics route + template: + src: route.j2 + dest: "{{ mktemp.stdout }}/templates/hawkular-metrics-route.yaml" + vars: + name: hawkular-metrics + labels: + metrics-infra: hawkular-metrics + host: "{{ openshift_metrics_hawkular_hostname }}" + to: + kind: Service + name: hawkular-metrics + tls: + termination: reencrypt + key: "{{ hawkular_key | default('') }}" + certificate: "{{ hawkular_cert | default('') }}" + ca_certificate: "{{ hawkular_ca | default('') }}" + destination_ca_certificate: "{{ metrics_route_dest_ca_cert.content | b64decode }}" + changed_when: false diff --git a/roles/openshift_metrics/tasks/install_heapster.yaml b/roles/openshift_metrics/tasks/install_heapster.yaml new file mode 100644 index 000000000..39df797ab --- /dev/null +++ b/roles/openshift_metrics/tasks/install_heapster.yaml @@ -0,0 +1,14 @@ +--- +- command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project | quote }} + --config={{ mktemp.stdout }}/admin.kubeconfig + get rc heapster -o jsonpath='{.spec.replicas}' + register: heapster_replica_count + failed_when: false + changed_when: no + +- name: Generate heapster replication controller + template: src=heapster.j2 dest={{mktemp.stdout}}/templates/metrics-heapster-rc.yaml + vars: + replica_count: "{{heapster_replica_count.stdout | default(0)}}" + changed_when: no diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml new file mode 100644 index 000000000..bab37dbfb --- /dev/null +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -0,0 +1,37 @@ +--- +- name: Check that hawkular_metrics_hostname is set + fail: msg='the openshift_metrics_hawkular_hostname variable is required' + when: openshift_metrics_hawkular_hostname is not defined + +- name: Check the value of openshift_metrics_cassandra_storage_type + fail: + msg: > + openshift_metrics_cassandra_storage_type ({{ openshift_metrics_cassandra_storage_type }}) + is invalid, must be one of: emptydir, pv, dynamic + when: openshift_metrics_cassandra_storage_type not in openshift_metrics_cassandra_storage_types + +- name: Install Metrics + include: "{{ role_path }}/tasks/install_{{ include_file }}.yaml" + with_items: + - support + - heapster + - hawkular + - cassandra + loop_control: + loop_var: include_file + +- name: Create objects + include: oc_apply.yaml + vars: + kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + namespace: "{{ openshift_metrics_project }}" + file_name: "{{ item }}" + file_content: "{{ lookup('file',item) | from_yaml }}" + with_fileglob: + - "{{ mktemp.stdout }}/templates/*.yaml" + +- name: Scaling up cluster + include: start_metrics.yaml + tags: openshift_metrics_start_cluster + when: + - openshift_metrics_start_cluster | default(true) | bool diff --git a/roles/openshift_metrics/tasks/install_support.yaml b/roles/openshift_metrics/tasks/install_support.yaml new file mode 100644 index 000000000..b0e4bec80 --- /dev/null +++ b/roles/openshift_metrics/tasks/install_support.yaml @@ -0,0 +1,5 @@ +--- +- include: generate_certificates.yaml +- include: generate_serviceaccounts.yaml +- include: generate_services.yaml +- include: generate_rolebindings.yaml diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 88432a9f8..c42440130 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -1,87 +1,22 @@ --- -- fail: - msg: This role required openshift_master_default_subdomain or openshift_hosted_metrics_public_url be set - when: openshift.master.metrics_public_url | default(openshift_hosted_metrics_public_url | default(openshift.master.default_subdomain | default(openshift_master_default_subdomain | default(none)))) is none - -- name: Create temp directory for kubeconfig - command: mktemp -d /tmp/openshift-ansible-XXXXXX +- name: Create temp directory for doing work in + command: mktemp -td openshift-metrics-ansible-XXXXXX register: mktemp changed_when: False -- name: Record kubeconfig tmp dir - set_fact: - openshift_metrics_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" +- name: Create temp directory for all our templates + file: path={{mktemp.stdout}}/templates state=directory mode=0755 + changed_when: False - name: Copy the admin client config(s) command: > - cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_metrics_kubeconfig }} + cp {{ openshift.common.config_base}}/master/admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig changed_when: False + check_mode: no + tags: metrics_init -- name: Set hosted metrics facts - openshift_facts: - role: hosted - openshift_env: "{{ hostvars - | oo_merge_hostvars(vars, inventory_hostname) - | oo_openshift_env }}" - openshift_env_structures: - - 'openshift.hosted.metrics.*' - -- set_fact: - # Prefer the master facts over bare variables if present, prefer - # metrics_public_url over creating a default using default_subdomain - metrics_hostname: "{{ openshift.hosted.metrics.public_url - | default('hawkular-metrics.' ~ (openshift.master.default_subdomain - | default(openshift_master_default_subdomain ))) - | oo_hostname_from_url }}" - metrics_persistence: "{{ openshift.hosted.metrics.storage_kind | default(none) is not none }}" - metrics_dynamic_vol: "{{ openshift.hosted.metrics.storage_kind | default(none) == 'dynamic' }}" - metrics_template_dir: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples/infrastructure-templates/{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" - cassandra_nodes: "{{ ',CASSANDRA_NODES=' ~ openshift.hosted.metrics.cassandra_nodes if 'cassandra' in openshift.hosted.metrics else '' }}" - cassandra_pv_size: "{{ ',CASSANDRA_PV_SIZE=' ~ openshift.hosted.metrics.storage_volume_size if openshift.hosted.metrics.storage_volume_size | default(none) is not none else '' }}" - image_prefix: "{{ ',IMAGE_PREFIX=' ~ openshift.hosted.metrics.deployer_prefix if 'deployer_prefix' in openshift.hosted.metrics else '' }}" - image_version: "{{ ',IMAGE_VERSION=' ~ openshift.hosted.metrics.deployer_version if 'deployer_version' in openshift.hosted.metrics else '' }}" - - -- name: Check for existing metrics pods - shell: > - {{ openshift.common.client_binary }} - --config={{ openshift_metrics_kubeconfig }} - --namespace openshift-infra - get pods -l {{ item }} | grep -q Running - register: metrics_pods_status - with_items: - - metrics-infra=hawkular-metrics - - metrics-infra=heapster - - metrics-infra=hawkular-cassandra - failed_when: false - changed_when: false +- include: install_metrics.yaml + when: openshift_metrics_install_metrics | default(false) | bool -- name: Check for previous deployer - shell: > - {{ openshift.common.client_binary }} - --config={{ openshift_metrics_kubeconfig }} - --namespace openshift-infra - get pods -l metrics-infra=deployer --sort-by='{.metadata.creationTimestamp}' | tail -1 | grep metrics-deployer- - register: metrics_deployer_status - failed_when: false - changed_when: false - -- name: Record current deployment status - set_fact: - greenfield: "{{ not metrics_deployer_status.rc == 0 }}" - failed_error: "{{ True if 'Error' in metrics_deployer_status.stdout else False }}" - metrics_running: "{{ metrics_pods_status.results | oo_collect(attribute='rc') == [0,0,0] }}" - -- name: Set deployment mode - set_fact: - deployment_mode: "{{ 'refresh' if (failed_error | bool or metrics_upgrade | bool) else 'deploy' }}" - -# TODO: handle non greenfield deployments in the future -- include: install.yml - when: greenfield - -- name: Delete temp directory - file: - name: "{{ mktemp.stdout }}" - state: absent - changed_when: False +- include: uninstall_metrics.yaml + when: not openshift_metrics_install_metrics | default(false) | bool diff --git a/roles/openshift_metrics/tasks/oc_apply.yaml b/roles/openshift_metrics/tasks/oc_apply.yaml new file mode 100644 index 000000000..dd67703b4 --- /dev/null +++ b/roles/openshift_metrics/tasks/oc_apply.yaml @@ -0,0 +1,32 @@ +--- +- name: Checking generation of {{file_content.kind}} {{file_content.metadata.name}} + command: > + {{ openshift.common.client_binary }} + --config={{ kubeconfig }} + get {{file_content.kind}} {{file_content.metadata.name}} + -o jsonpath='{.metadata.resourceVersion}' + -n {{namespace}} + register: generation_init + failed_when: false + changed_when: no + +- name: Applying {{file_name}} + command: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + apply -f {{ file_name }} + -n {{ openshift_metrics_project }} + register: generation_apply + failed_when: "'error' in generation_apply.stderr" + changed_when: no + +- name: Determine change status of {{file_content.kind}} {{file_content.metadata.name}} + command: > + {{ openshift.common.client_binary }} --config={{ kubeconfig }} + get {{file_content.kind}} {{file_content.metadata.name}} + -o jsonpath='{.metadata.resourceVersion}' + -n {{namespace}} + register: version_changed + vars: + init_version: "{{ (generation_init is defined) | ternary(generation_init.stdout, '0') }}" + failed_when: "'error' in version_changed.stderr" + changed_when: version_changed.stdout | int > init_version | int diff --git a/roles/openshift_metrics/tasks/scale.yaml b/roles/openshift_metrics/tasks/scale.yaml new file mode 100644 index 000000000..bb4fa621b --- /dev/null +++ b/roles/openshift_metrics/tasks/scale.yaml @@ -0,0 +1,30 @@ +--- +- command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get {{object}} + -o jsonpath='{.spec.replicas}' -n {{openshift_metrics_project}} + register: replica_count + failed_when: "replica_count.rc == 1 and 'exists' not in replica_count.stderr" + when: not ansible_check_mode + changed_when: no + +- command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig scale {{object}} + --replicas={{desired}} -n {{openshift_metrics_project}} + register: scale_result + failed_when: scale_result.rc == 1 and 'exists' not in scale_result.stderr + when: + - replica_count.stdout != (desired | string) + - not ansible_check_mode + changed_when: no + +- name: Waiting for {{object}} to scale to {{desired}} + command: > + {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig + get {{object}} -n {{openshift_metrics_project|quote}} -o jsonpath='{.status.replicas}' + register: replica_counts + until: replica_counts.stdout.find("{{desired}}") != -1 + retries: 30 + delay: 10 + when: + - replica_count.stdout != (desired | string) + - not ansible_check_mode diff --git a/roles/openshift_metrics/tasks/setup_certificate.yaml b/roles/openshift_metrics/tasks/setup_certificate.yaml new file mode 100644 index 000000000..5ca8f4462 --- /dev/null +++ b/roles/openshift_metrics/tasks/setup_certificate.yaml @@ -0,0 +1,52 @@ +--- +- name: generate {{ component }} keys + command: > + {{ openshift.common.admin_binary }} ca create-server-cert + --config={{ mktemp.stdout }}/admin.kubeconfig + --key='{{ openshift_metrics_certs_dir }}/{{ component }}.key' + --cert='{{ openshift_metrics_certs_dir }}/{{ component }}.crt' + --hostnames='{{ hostnames }}' + --signer-cert='{{ openshift_metrics_certs_dir }}/ca.crt' + --signer-key='{{ openshift_metrics_certs_dir }}/ca.key' + --signer-serial='{{ openshift_metrics_certs_dir }}/ca.serial.txt' + when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.key'|exists + +- slurp: src={{item}} + register: component_certs + with_items: + - '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.key' + - '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}.crt' + when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'|exists + +- name: generate {{ component }} certificate + copy: + dest: '{{ openshift_metrics_certs_dir }}/{{ component }}.pem' + content: "{{ component_certs.results | map(attribute='content') | map('b64decode') | join('') }}" + when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pem'|exists + +- name: generate random password for the {{ component }} keystore + copy: + content: "{{ 15 | oo_random_word }}" + dest: '{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd' + when: > + not '{{ openshift_metrics_certs_dir }}/{{ component }}-keystore.pwd'|exists + +- slurp: src={{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-keystore.pwd + register: keystore_password + +- name: create the {{ component }} pkcs12 from the pem file + command: > + openssl pkcs12 -export + -in '{{ openshift_metrics_certs_dir }}/{{ component }}.pem' + -out '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12' + -name '{{ component }}' -noiter -nomaciter + -password 'pass:{{keystore_password.content | b64decode }}' + when: not '{{ openshift_metrics_certs_dir }}/{{ component }}.pkcs12'|exists + +- name: generate random password for the {{ component }} truststore + copy: + content: "{{ 15 | oo_random_word }}" + dest: '{{ openshift_metrics_certs_dir | quote }}/{{ component|quote }}-truststore.pwd' + when: > + not + '{{ openshift_metrics_certs_dir | quote }}/{{ component| quote }}-truststore.pwd'|exists diff --git a/roles/openshift_metrics/tasks/start_metrics.yaml b/roles/openshift_metrics/tasks/start_metrics.yaml new file mode 100644 index 000000000..c4cae4aff --- /dev/null +++ b/roles/openshift_metrics/tasks/start_metrics.yaml @@ -0,0 +1,54 @@ +--- +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra=hawkular-cassandra + -o name + -n {{openshift_metrics_project}} + register: metrics_cassandra_rc + changed_when: no + +- name: Start Hawkular Cassandra + include: scale.yaml + vars: + desired: 1 + with_items: "{{metrics_cassandra_rc.stdout_lines}}" + loop_control: + loop_var: object + +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra=hawkular-metrics + -o name + -n {{openshift_metrics_project}} + register: metrics_metrics_rc + changed_when: no + +- name: Start Hawkular Metrics + include: scale.yaml + vars: + desired: "{{openshift_metrics_hawkular_replicas}}" + with_items: "{{metrics_metrics_rc.stdout_lines}}" + loop_control: + loop_var: object + +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra=heapster + -o name + -n {{openshift_metrics_project}} + register: metrics_heapster_rc + changed_when: no + +- name: Start Heapster + include: scale.yaml + vars: + desired: 1 + with_items: "{{metrics_heapster_rc.stdout_lines}}" + loop_control: + loop_var: object diff --git a/roles/openshift_metrics/tasks/stop_metrics.yaml b/roles/openshift_metrics/tasks/stop_metrics.yaml new file mode 100644 index 000000000..bae181e3e --- /dev/null +++ b/roles/openshift_metrics/tasks/stop_metrics.yaml @@ -0,0 +1,55 @@ +--- +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra=heapster + -o name + -n {{openshift_metrics_project}} + register: metrics_heapster_rc + changed_when: "'No resources found' not in metrics_heapster_rc.stderr" + check_mode: no + +- name: Stop Heapster + include: scale.yaml + vars: + desired: 0 + with_items: "{{metrics_heapster_rc.stdout_lines}}" + loop_control: + loop_var: object + +- command: > + {{openshift.common.client_binary}} + --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -l metrics-infra=hawkular-metrics + -o name + -n {{openshift_metrics_project}} + register: metrics_hawkular_rc + changed_when: "'No resources found' not in metrics_hawkular_rc.stderr" + +- name: Stop Hawkular Metrics + include: scale.yaml + vars: + desired: 0 + with_items: "{{metrics_hawkular_rc.stdout_lines}}" + loop_control: + loop_var: object + +- command: > + {{openshift.common.client_binary}} --config={{mktemp.stdout}}/admin.kubeconfig + get rc + -o name + -l metrics-infra=hawkular-cassandra + -n {{openshift_metrics_project}} + register: metrics_cassandra_rc + changed_when: "'No resources found' not in metrics_cassandra_rc.stderr" + +- name: Stop Hawkular Cassandra + include: scale.yaml + vars: + desired: 0 + with_items: "{{metrics_cassandra_rc.stdout_lines}}" + loop_control: + loop_var: object + when: metrics_cassandra_rc is defined diff --git a/roles/openshift_metrics/tasks/uninstall_metrics.yaml b/roles/openshift_metrics/tasks/uninstall_metrics.yaml new file mode 100644 index 000000000..8a6be6237 --- /dev/null +++ b/roles/openshift_metrics/tasks/uninstall_metrics.yaml @@ -0,0 +1,19 @@ +--- +- name: stop metrics + include: stop_metrics.yaml + +- name: remove metrics components + command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig + delete --ignore-not-found --selector=metrics-infra + all,sa,secrets,templates,routes,pvc,rolebindings,clusterrolebindings + register: delete_metrics + changed_when: "delete_metrics.stdout != 'No resources found'" + +- name: remove rolebindings + command: > + {{ openshift.common.client_binary }} -n {{ openshift_metrics_project }} --config={{ mktemp.stdout }}/admin.kubeconfig + delete --ignore-not-found + rolebinding/hawkular-view + clusterrolebinding/heapster-cluster-reader + changed_when: "delete_metrics.stdout != 'No resources found'" diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 new file mode 100644 index 000000000..abd4ff939 --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -0,0 +1,125 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: hawkular-cassandra-{{ node }} + labels: + metrics-infra: hawkular-cassandra + name: hawkular-cassandra + type: hawkular-cassandra +spec: + selector: + name: hawkular-cassandra-{{ node }} + replicas: {{replica_count}} + template: + version: v1 + metadata: + labels: + metrics-infra: hawkular-cassandra + name: hawkular-cassandra-{{ node }} + type: hawkular-cassandra + spec: + serviceAccount: cassandra + containers: + - image: "{{ openshift_metrics_image_prefix }}metrics-cassandra:{{ openshift_metrics_image_version }}" + name: hawkular-cassandra-{{ node }} + ports: + - name: cql-port + containerPort: 9042 + - name: thift-port + containerPort: 9160 + - name: tcp-port + containerPort: 7000 + - name: ssl-port + containerPort: 7001 + command: + - "/opt/apache-cassandra/bin/cassandra-docker.sh" + - "--cluster_name=hawkular-metrics" + - "--data_volume=/cassandra_data" + - "--internode_encryption=all" + - "--require_node_auth=true" + - "--enable_client_encryption=true" + - "--require_client_auth=true" + - "--keystore_file=/secret/cassandra.keystore" + - "--keystore_password_file=/secret/cassandra.keystore.password" + - "--truststore_file=/secret/cassandra.truststore" + - "--truststore_password_file=/secret/cassandra.truststore.password" + - "--cassandra_pem_file=/secret/cassandra.pem" + env: + - name: CASSANDRA_MASTER + value: "{{ master }}" + - name: CASSANDRA_DATA_VOLUME + value: "/cassandra_data" + - name: JVM_OPTS + value: "-Dcassandra.commitlog.ignorereplayerrors=true" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MEMORY_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: 1m + volumeMounts: + - name: cassandra-data + mountPath: "/cassandra_data" + - name: hawkular-cassandra-secrets + mountPath: "/secret" +{% if ((openshift_metrics_cassandra_limits_cpu is defined and openshift_metrics_cassandra_limits_cpu is not none) + or (openshift_metrics_cassandra_limits_memory is defined and openshift_metrics_cassandra_limits_memory is not none) + or (openshift_metrics_cassandra_requests_cpu is defined and openshift_metrics_cassandra_requests_cpu is not none) + or (openshift_metrics_cassandra_requests_memory is defined and openshift_metrics_cassandra_requests_memory is not none)) +%} + resources: +{% if (openshift_metrics_cassandra_limits_cpu is not none + or openshift_metrics_cassandra_limits_memory is not none) +%} + limits: +{% if openshift_metrics_cassandra_limits_cpu is not none %} + cpu: "{{openshift_metrics_cassandra_limits_cpu}}" +{% endif %} +{% if openshift_metrics_cassandra_limits_memory is not none %} + memory: "{{openshift_metrics_cassandra_limits_memory}}" +{% endif %} +{% endif %} +{% if (openshift_metrics_cassandra_requests_cpu is not none + or openshift_metrics_cassandra_requests_memory is not none) +%} + requests: +{% if openshift_metrics_cassandra_requests_cpu is not none %} + cpu: "{{openshift_metrics_cassandra_requests_cpu}}" +{% endif %} +{% if openshift_metrics_cassandra_requests_memory is not none %} + memory: "{{openshift_metrics_cassandra_requests_memory}}" +{% endif %} +{% endif %} +{% endif %} + readinessProbe: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-docker-ready.sh" + lifecycle: + preStop: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-prestop.sh" + postStart: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-poststart.sh" + terminationGracePeriodSeconds: 1800 + volumes: + - name: cassandra-data +{% if openshift_metrics_cassandra_storage_type == 'emptydir' %} + emptyDir: {} +{% else %} + persistentVolumeClaim: + claimName: "{{ openshift_metrics_cassandra_pv_prefix }}-{{ node }}" +{% endif %} + - name: hawkular-cassandra-secrets + secret: + secretName: hawkular-cassandra-secrets diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 new file mode 100644 index 000000000..e6954ea44 --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -0,0 +1,119 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: hawkular-metrics + labels: + metrics-infra: hawkular-metrics + name: hawkular-metrics +spec: + selector: + name: hawkular-metrics + replicas: {{replica_count}} + template: + version: v1 + metadata: + labels: + metrics-infra: hawkular-metrics + name: hawkular-metrics + spec: + serviceAccount: hawkular + containers: + - image: {{openshift_metrics_image_prefix}}metrics-hawkular-metrics:{{openshift_metrics_image_version}} + name: hawkular-metrics + ports: + - name: http-endpoint + containerPort: 8080 + - name: https-endpoint + containerPort: 8443 + - name: ping + containerPort: 8888 + command: + - "/opt/hawkular/scripts/hawkular-metrics-wrapper.sh" + - "-b" + - 0.0.0.0 + - "-Dhawkular.metrics.cassandra.nodes=hawkular-cassandra" + - "-Dhawkular.metrics.cassandra.use-ssl" + - "-Dhawkular.metrics.openshift.auth-methods=openshift-oauth,htpasswd" + - "-Dhawkular.metrics.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" + - "-Dhawkular.metrics.allowed-cors-access-control-allow-headers=authorization" + - "-Dhawkular.metrics.default-ttl={{openshift_metrics_duration}}" + - "-Dhawkular-alerts.cassandra-nodes=hawkular-cassandra" + - "-Dhawkular-alerts.cassandra-use-ssl" + - "-Dhawkular.alerts.openshift.auth-methods=openshift-oauth,htpasswd" + - "-Dhawkular.alerts.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" + - "-Dhawkular.alerts.allowed-cors-access-control-allow-headers=authorization" + - "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true" + - "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true" + - "-DKUBERNETES_MASTER_URL={{openshift_metrics_master_url}}" + - "-DUSER_WRITE_ACCESS={{openshift_metrics_hawkular_user_write_access}}" + - "--hmw.keystore=/secrets/hawkular-metrics.keystore" + - "--hmw.truststore=/secrets/hawkular-metrics.truststore" + - "--hmw.keystore_password_file=/secrets/hawkular-metrics.keystore.password" + - "--hmw.truststore_password_file=/secrets/hawkular-metrics.truststore.password" + - "--hmw.jgroups_keystore=/secrets/hawkular-metrics.jgroups.keystore" + - "--hmw.jgroups_keystore_password_file=/secrets/hawkular-metrics.jgroups.keystore.password" + - "--hmw.jgroups_alias_file=/secrets/hawkular-metrics.jgroups.alias" + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MASTER_URL + value: "{{ openshift_metrics_master_url }}" + - name: OPENSHIFT_KUBE_PING_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPENSHIFT_KUBE_PING_LABELS + value: "metrics-infra=hawkular-metrics,name=hawkular-metrics" + - name: STARTUP_TIMEOUT + value: "{{ openshift_metrics_startup_timeout }}" + volumeMounts: + - name: hawkular-metrics-secrets + mountPath: "/secrets" + - name: hawkular-metrics-client-secrets + mountPath: "/client-secrets" +{% if ((openshift_metrics_hawkular_limits_cpu is defined and openshift_metrics_hawkular_limits_cpu is not none) + or (openshift_metrics_hawkular_limits_memory is defined and openshift_metrics_hawkular_limits_memory is not none) + or (openshift_metrics_hawkular_requests_cpu is defined and openshift_metrics_hawkular_requests_cpu is not none) + or (openshift_metrics_hawkular_requests_memory is defined and openshift_metrics_hawkular_requests_memory is not none)) +%} + resources: +{% if (openshift_metrics_hawkular_limits_cpu is not none + or openshift_metrics_hawkular_limits_memory is not none) +%} + limits: +{% if openshift_metrics_hawkular_limits_cpu is not none %} + cpu: "{{openshift_metrics_hawkular_limits_cpu}}" +{% endif %} +{% if openshift_metrics_hawkular_limits_memory is not none %} + memory: "{{openshift_metrics_hawkular_limits_memory}}" +{% endif %} +{% endif %} +{% if (openshift_metrics_hawkular_requests_cpu is not none + or openshift_metrics_hawkular_requests_memory is not none) +%} + requests: +{% if openshift_metrics_hawkular_requests_cpu is not none %} + cpu: "{{openshift_metrics_hawkular_requests_cpu}}" +{% endif %} +{% if openshift_metrics_hawkular_requests_memory is not none %} + memory: "{{openshift_metrics_hawkular_requests_memory}}" +{% endif %} +{% endif %} +{% endif %} + readinessProbe: + exec: + command: + - "/opt/hawkular/scripts/hawkular-metrics-readiness.py" + livenessProbe: + exec: + command: + - "/opt/hawkular/scripts/hawkular-metrics-liveness.py" + volumes: + - name: hawkular-metrics-secrets + secret: + secretName: hawkular-metrics-secrets + - name: hawkular-metrics-client-secrets + secret: + secretName: hawkular-metrics-account diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 new file mode 100644 index 000000000..eeca03be0 --- /dev/null +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -0,0 +1,98 @@ +apiVersion: "v1" +kind: "ReplicationController" +metadata: + name: heapster + labels: + metrics-infra: heapster + name: heapster +spec: + selector: + name: heapster + replicas: {{replica_count}} + template: + version: v1 + metadata: + name: heapster + labels: + metrics-infra: heapster + name: heapster + spec: + serviceAccountName: heapster + containers: + - name: heapster + image: {{openshift_metrics_image_prefix}}metrics-heapster:{{openshift_metrics_image_version}} + ports: + - containerPort: 8082 + name: "http-endpoint" + command: + - "heapster-wrapper.sh" + - "--wrapper.allowed_users_file=/secrets/heapster.allowed-users" + - "--source=kubernetes.summary_api:${MASTER_URL}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" + - "--tls_cert=/secrets/heapster.cert" + - "--tls_key=/secrets/heapster.key" + - "--tls_client_ca=/secrets/heapster.client-ca" + - "--allowed_users=%allowed_users%" + - "--metric_resolution={{openshift_metrics_resolution}}" +{% if not openshift_metrics_heapster_standalone %} + - "--wrapper.username_file=/hawkular-account/hawkular-metrics.username" + - "--wrapper.password_file=/hawkular-account/hawkular-metrics.password" + - "--wrapper.endpoint_check=https://hawkular-metrics:443/hawkular/metrics/status" + - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{openshift_metrics_node_id}}&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" +{% endif %} + env: + - name: STARTUP_TIMEOUT + value: "{{ openshift_metrics_startup_timeout }}" +{% if ((openshift_metrics_heapster_limits_cpu is defined and openshift_metrics_heapster_limits_cpu is not none) + or (openshift_metrics_heapster_limits_memory is defined and openshift_metrics_heapster_limits_memory is not none) + or (openshift_metrics_heapster_requests_cpu is defined and openshift_metrics_heapster_requests_cpu is not none) + or (openshift_metrics_heapster_requests_memory is defined and openshift_metrics_heapster_requests_memory is not none)) +%} + resources: +{% if (openshift_metrics_heapster_limits_cpu is not none + or openshift_metrics_heapster_limits_memory is not none) +%} + limits: +{% if openshift_metrics_heapster_limits_cpu is not none %} + cpu: "{{openshift_metrics_heapster_limits_cpu}}" +{% endif %} +{% if openshift_metrics_heapster_limits_memory is not none %} + memory: "{{openshift_metrics_heapster_limits_memory}}" +{% endif %} +{% endif %} +{% if (openshift_metrics_heapster_requests_cpu is not none + or openshift_metrics_heapster_requests_memory is not none) +%} + requests: +{% if openshift_metrics_heapster_requests_cpu is not none %} + cpu: "{{openshift_metrics_heapster_requests_cpu}}" +{% endif %} +{% if openshift_metrics_heapster_requests_memory is not none %} + memory: "{{openshift_metrics_heapster_requests_memory}}" +{% endif %} +{% endif %} +{% endif %} + volumeMounts: + - name: heapster-secrets + mountPath: "/secrets" +{% if not openshift_metrics_heapster_standalone %} + - name: hawkular-metrics-certificate + mountPath: "/hawkular-cert" + - name: hawkular-metrics-account + mountPath: "/hawkular-account" + readinessProbe: + exec: + command: + - "/opt/heapster-readiness.sh" +{% endif %} + volumes: + - name: heapster-secrets + secret: + secretName: heapster-secrets +{% if not openshift_metrics_heapster_standalone %} + - name: hawkular-metrics-certificate + secret: + secretName: hawkular-metrics-certificate + - name: hawkular-metrics-account + secret: + secretName: hawkular-metrics-account +{% endif %} diff --git a/roles/openshift_metrics/templates/jks_pod.j2 b/roles/openshift_metrics/templates/jks_pod.j2 new file mode 100644 index 000000000..e86fe38a4 --- /dev/null +++ b/roles/openshift_metrics/templates/jks_pod.j2 @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Pod +metadata: + labels: + metrics-infra: support + generateName: jks-cert-gen- +spec: + containers: + - name: jks-cert-gen + image: {{openshift_metrics_image_prefix}}metrics-deployer:{{openshift_metrics_image_version}} + imagePullPolicy: Always + command: ["sh", "{{openshift_metrics_certs_dir}}/import_jks_certs.sh"] + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: {{openshift_metrics_certs_dir}} + name: certmount + env: + - name: CERT_DIR + value: {{openshift_metrics_certs_dir}} + - name: METRICS_KEYSTORE_PASSWD + value: {{metrics_keystore_passwd}} + - name: CASSANDRA_KEYSTORE_PASSWD + value: {{cassandra_keystore_passwd}} + - name: METRICS_TRUSTSTORE_PASSWD + value: {{metrics_truststore_passwd}} + - name: CASSANDRA_TRUSTSTORE_PASSWD + value: {{cassandra_truststore_passwd}} + - name: hawkular_cassandra_alias + value: {{cassandra_keystore_passwd}} + - name: JGROUPS_PASSWD + value: {{jgroups_passwd}} + restartPolicy: Never + serviceAccount: jks-generator + volumes: + - hostPath: + path: "{{openshift_metrics_certs_dir}}" + name: certmount diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2 new file mode 100644 index 000000000..8fbfa8b5d --- /dev/null +++ b/roles/openshift_metrics/templates/pvc.j2 @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{obj_name}} +{% if labels is not defined %} + labels: + logging-infra: support +{% elif labels %} + labels: +{% for key, value in labels.iteritems() %} + {{ key }}: {{ value }} +{% endfor %} +{% endif %} +{% if annotations is defined and annotations %} + annotations: +{% for key,value in annotations.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +spec: + accessModes: +{% for mode in access_modes %} + - {{ mode }} +{% endfor %} + resources: + requests: + storage: {{size}} diff --git a/roles/openshift_metrics/templates/rolebinding.j2 b/roles/openshift_metrics/templates/rolebinding.j2 new file mode 100644 index 000000000..5230f0780 --- /dev/null +++ b/roles/openshift_metrics/templates/rolebinding.j2 @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: {% if cluster is defined and cluster %}Cluster{% endif %}RoleBinding +metadata: + name: {{obj_name}} +{% if labels is defined %} + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +{% endif %} +roleRef: +{% if 'kind' in roleRef %} + kind: {{ roleRef.kind }} +{% endif %} + name: {{ roleRef.name }} +subjects: +{% for sub in subjects %} + - kind: {{ sub.kind }} + name: {{ sub.name }} +{% if 'namespace' in sub %} + namespace: {{ sub.namespace }} +{% endif %} +{% endfor %} diff --git a/roles/openshift_metrics/templates/route.j2 b/roles/openshift_metrics/templates/route.j2 new file mode 100644 index 000000000..08ca87288 --- /dev/null +++ b/roles/openshift_metrics/templates/route.j2 @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Route +metadata: + name: {{ name }} +{% if labels is defined and labels %} + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +{% endif %} +spec: + host: {{ host }} + to: + kind: {{ to.kind }} + name: {{ to.name }} +{% if tls is defined %} + tls: + termination: {{ tls.termination }} +{% if tls.ca_certificate is defined and tls.ca_certificate | length > 0 %} + CACertificate: | +{{ tls.ca_certificate|indent(6, true) }} +{% endif %} +{% if tls.key is defined and tls.key | length > 0 %} + key: | +{{ tls.key|indent(6, true) }} +{% endif %} +{% if tls.certificate is defined and tls.certificate | length > 0 %} + certificate: | +{{ tls.certificate|indent(6, true) }} +{% endif %} +{% if tls.termination == 'reencrypt' %} + destinationCACertificate: | +{{ tls.destination_ca_certificate|indent(6, true) }} +{% endif %} +{% endif %} diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2 new file mode 100644 index 000000000..370890c7d --- /dev/null +++ b/roles/openshift_metrics/templates/secret.j2 @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ name }}" + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +data: +{% for k, v in data.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} diff --git a/roles/openshift_metrics/templates/service.j2 b/roles/openshift_metrics/templates/service.j2 new file mode 100644 index 000000000..8df89127b --- /dev/null +++ b/roles/openshift_metrics/templates/service.j2 @@ -0,0 +1,32 @@ +apiVersion: "v1" +kind: "Service" +metadata: + name: "{{obj_name}}" +{% if labels is defined%} + labels: +{% for key, value in labels.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +spec: +{% if headless is defined and headless %} + portalIP: None + clusterIP: None +{% endif %} + ports: +{% for port in ports %} + - +{% for key, value in port.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% if port.targetPort is undefined %} + clusterIP: "None" +{% endif %} +{% endfor %} +{% if service_targetPort is defined %} + targetPort: {{service_targetPort}} +{% endif %} + selector: + {% for key, value in selector.iteritems() %} + {{key}}: {{value}} + {% endfor %} diff --git a/roles/openshift_metrics/templates/serviceaccount.j2 b/roles/openshift_metrics/templates/serviceaccount.j2 new file mode 100644 index 000000000..b22acc594 --- /dev/null +++ b/roles/openshift_metrics/templates/serviceaccount.j2 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{obj_name}} +{% if labels is defined%} + labels: +{% for key, value in labels.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +{% if secrets is defined %} +secrets: +{% for name in secrets %} +- name: {{ name }} +{% endfor %} +{% endif %} diff --git a/roles/openshift_metrics/vars/main.yaml b/roles/openshift_metrics/vars/main.yaml index 0331bcb89..4a3724e3f 100644 --- a/roles/openshift_metrics/vars/main.yaml +++ b/roles/openshift_metrics/vars/main.yaml @@ -1,20 +1,10 @@ -hawkular_permission_oc_commands: - - policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer -n openshift-infra - - policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:heapster - -metrics_deployer_sa: - apiVersion: v1 - kind: ServiceAccount - metadata: - name: metrics-deployer - secrets: - - name: metrics-deployer - - -hawkular_tmp_conf: /tmp/hawkular_admin.kubeconfig - -hawkular_persistence: "{% if openshift.hosted.metrics.storage.kind != None %}true{% else %}false{% endif %}" - -hawkular_type: "{{ 'origin' if deployment_type == 'origin' else 'enterprise' }}" - -metrics_upgrade: openshift.hosted.metrics.upgrade | default(False) +--- +# +# These vars are generally considered private and not expected to be altered +# by end users +# + +openshift_metrics_cassandra_storage_types: +- emptydir +- pv +- dynamic diff --git a/roles/openshift_node/README.md b/roles/openshift_node/README.md index cafecd343..b69b60c1d 100644 --- a/roles/openshift_node/README.md +++ b/roles/openshift_node/README.md @@ -6,10 +6,10 @@ Node service installation Requirements ------------ -One or more Master servers. - -A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms, -rhel-7-server-extras-rpms, and rhel-7-server-ose-3.0-rpms repos. +* Ansible 2.2 +* One or more Master servers +* A RHEL 7.1 host pre-configured with access to the rhel-7-server-rpms, +rhel-7-server-extras-rpms, and rhel-7-server-ose-3.0-rpms repos Role Variables -------------- @@ -43,10 +43,12 @@ Currently we support re-labeling nodes but we don't re-schedule running pods nor ``` oadm manage-node --schedulable=false ${NODE} -oadm manage-node --evacuate ${NODE} +oadm manage-node --drain ${NODE} oadm manage-node --schedulable=true ${NODE} ```` +> If you are using version less than 1.5/3.5 you must replace `--drain` with `--evacuate`. + TODO diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 34071964a..cb51416d4 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -1,14 +1,14 @@ --- - name: restart openvswitch - service: name=openvswitch state=restarted - when: not (ovs_service_status_changed | default(false) | bool) and openshift.common.use_openshift_sdn | bool + systemd: name=openvswitch state=restarted + when: (not skip_node_svc_handlers | default(False) | bool) and not (ovs_service_status_changed | default(false) | bool) and openshift.common.use_openshift_sdn | bool notify: - restart openvswitch pause - name: restart openvswitch pause pause: seconds=15 - when: openshift.common.is_containerized | bool + when: (not skip_node_svc_handlers | default(False) | bool) and openshift.common.is_containerized | bool - name: restart node - service: name={{ openshift.common.service_type }}-node state=restarted - when: not (node_service_status_changed | default(false) | bool) + systemd: name={{ openshift.common.service_type }}-node state=restarted + when: (not skip_node_svc_handlers | default(False) | bool) and not (node_service_status_changed | default(false) | bool) diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index c39269f33..91f118191 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -11,4 +11,35 @@ galaxy_info: - 7 categories: - cloud -dependencies: [] +dependencies: +- role: openshift_common +- role: openshift_clock +- role: openshift_docker +- role: openshift_node_certificates +- role: openshift_cloud_provider +- role: openshift_node_dnsmasq + when: openshift.common.use_dnsmasq | bool +- role: os_firewall + os_firewall_allow: + - service: Kubernetes kubelet + port: 10250/tcp + - service: http + port: 80/tcp + - service: https + port: 443/tcp + - service: Openshift kubelet ReadOnlyPort + port: 10255/tcp + - service: Openshift kubelet ReadOnlyPort udp + port: 10255/udp +- role: os_firewall + os_firewall_allow: + - service: OpenShift OVS sdn + port: 4789/udp + when: openshift.common.use_openshift_sdn | bool +- role: os_firewall + os_firewall_allow: + - service: Kubernetes service NodePort TCP + port: "{{ openshift_node_port_range | default('') }}/tcp" + - service: Kubernetes service NodePort UDP + port: "{{ openshift_node_port_range | default('') }}/udp" + when: openshift_node_port_range is defined diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 474df497e..e970c4cd1 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -2,64 +2,64 @@ # TODO: allow for overriding default ports where possible - fail: msg: "SELinux is disabled, This deployment type requires that SELinux is enabled." - when: (not ansible_selinux or ansible_selinux.status != 'enabled') and deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] + when: > + (not ansible_selinux or ansible_selinux.status != 'enabled') and + deployment_type in ['enterprise', 'online', 'atomic-enterprise', 'openshift-enterprise'] - name: Set node facts openshift_facts: role: "{{ item.role }}" local_facts: "{{ item.local_facts }}" with_items: - # Reset node labels to an empty dictionary. - - role: node - local_facts: - labels: {} - - role: node - local_facts: - annotations: "{{ openshift_node_annotations | default(none) }}" - debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" - iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}" - kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" - labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" - registry_url: "{{ oreg_url | default(none) }}" - schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" - sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" - storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" - set_node_ip: "{{ openshift_set_node_ip | default(None) }}" - node_image: "{{ osn_image | default(None) }}" - ovs_image: "{{ osn_ovs_image | default(None) }}" - proxy_mode: "{{ openshift_node_proxy_mode | default('iptables') }}" - local_quota_per_fsgroup: "{{ openshift_node_local_quota_per_fsgroup | default(None) }}" - dns_ip: "{{ openshift_dns_ip | default(none) | get_dns_ip(hostvars[inventory_hostname])}}" - env_vars: "{{ openshift_node_env_vars | default(None) }}" + # Reset node labels to an empty dictionary. + - role: node + local_facts: + labels: {} + - role: node + local_facts: + annotations: "{{ openshift_node_annotations | default(none) }}" + debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" + iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}" + kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" + labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" + registry_url: "{{ oreg_url | default(none) }}" + schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" + sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" + storage_plugin_deps: "{{ osn_storage_plugin_deps | default(None) }}" + set_node_ip: "{{ openshift_set_node_ip | default(None) }}" + node_image: "{{ osn_image | default(None) }}" + ovs_image: "{{ osn_ovs_image | default(None) }}" + proxy_mode: "{{ openshift_node_proxy_mode | default('iptables') }}" + local_quota_per_fsgroup: "{{ openshift_node_local_quota_per_fsgroup | default(None) }}" + dns_ip: "{{ openshift_dns_ip | default(none) | get_dns_ip(hostvars[inventory_hostname])}}" + env_vars: "{{ openshift_node_env_vars | default(None) }}" # We have to add tuned-profiles in the same transaction otherwise we run into depsolving # problems because the rpms don't pin the version properly. This was fixed in 3.1 packaging. - name: Install Node package - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + package: + name: "{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }},tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + state: present when: not openshift.common.is_containerized | bool +- name: Check for tuned package + command: rpm -q tuned + args: + warn: no + register: tuned_installed + changed_when: false + failed_when: false + - name: Set atomic-guest tuned profile command: "tuned-adm profile atomic-guest" - when: openshift.common.is_atomic | bool + when: tuned_installed.rc == 0 and openshift.common.is_atomic | bool - name: Install sdn-ovs package - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" + package: + name: "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version | oo_image_tag_to_rpm_version(include_dash=True) }}" + state: present when: openshift.common.use_openshift_sdn and not openshift.common.is_containerized | bool -- name: Pull node image - command: > - docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }} - register: pull_result - changed_when: "'Downloaded newer image' in pull_result.stdout" - when: openshift.common.is_containerized | bool - -- name: Pull OpenVSwitch image - command: > - docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }} - register: pull_result - changed_when: "'Downloaded newer image' in pull_result.stdout" - when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool - - name: Install the systemd units include: systemd_units.yml @@ -70,13 +70,21 @@ sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes - name: Start and enable openvswitch docker service - service: name=openvswitch.service enabled=yes state=started + systemd: + name: openvswitch.service + enabled: yes + state: started when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool register: ovs_start_result - set_fact: ovs_service_status_changed: "{{ ovs_start_result | changed }}" +- file: + dest: "{{ (openshift_node_kubelet_args|default({'config':None})).config}}" + state: directory + when: openshift_node_kubelet_args is defined and 'config' in openshift_node_kubelet_args + # TODO: add the validate parameter when there is a validation command to run - name: Create the Node config template: @@ -87,7 +95,7 @@ group: root mode: 0600 notify: - - restart node + - restart node - name: Configure AWS Cloud Provider Settings lineinfile: @@ -103,7 +111,7 @@ no_log: True when: "openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined" notify: - - restart node + - restart node - name: Configure Node Environment Variables lineinfile: @@ -113,7 +121,7 @@ create: true with_dict: "{{ openshift.node.env_vars | default({}) }}" notify: - - restart node + - restart node - name: NFS storage plugin configuration include: storage_plugins/nfs.yml @@ -153,11 +161,17 @@ when: openshift.common.is_containerized | bool - name: Start and enable node dep - service: name={{ openshift.common.service_type }}-node-dep enabled=yes state=started + systemd: + name: "{{ openshift.common.service_type }}-node-dep" + enabled: yes + state: started when: openshift.common.is_containerized | bool - name: Start and enable node - service: name={{ openshift.common.service_type }}-node enabled=yes state=started + systemd: + name: "{{ openshift.common.service_type }}-node" + enabled: yes + state: started register: node_start_result until: not node_start_result | failed retries: 1 diff --git a/roles/openshift_node/tasks/storage_plugins/ceph.yml b/roles/openshift_node/tasks/storage_plugins/ceph.yml index eed3c99a3..037efe81a 100644 --- a/roles/openshift_node/tasks/storage_plugins/ceph.yml +++ b/roles/openshift_node/tasks/storage_plugins/ceph.yml @@ -1,4 +1,4 @@ --- - name: Install Ceph storage plugin dependencies - action: "{{ ansible_pkg_mgr }} name=ceph-common state=present" - when: not openshift.common.is_atomic | bool
\ No newline at end of file + package: name=ceph-common state=present + when: not openshift.common.is_atomic | bool diff --git a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml index 4fd9cd10b..7d8c42ee2 100644 --- a/roles/openshift_node/tasks/storage_plugins/glusterfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/glusterfs.yml @@ -1,6 +1,6 @@ --- - name: Install GlusterFS storage plugin dependencies - action: "{{ ansible_pkg_mgr }} name=glusterfs-fuse state=present" + package: name=glusterfs-fuse state=present when: not openshift.common.is_atomic | bool - name: Check for existence of virt_use_fusefs seboolean diff --git a/roles/openshift_node/tasks/storage_plugins/iscsi.yml b/roles/openshift_node/tasks/storage_plugins/iscsi.yml index d6684b34a..1c5478c55 100644 --- a/roles/openshift_node/tasks/storage_plugins/iscsi.yml +++ b/roles/openshift_node/tasks/storage_plugins/iscsi.yml @@ -1,4 +1,4 @@ --- - name: Install iSCSI storage plugin dependencies - action: "{{ ansible_pkg_mgr }} name=iscsi-initiator-utils state=present" + package: name=iscsi-initiator-utils state=present when: not openshift.common.is_atomic | bool diff --git a/roles/openshift_node/tasks/storage_plugins/nfs.yml b/roles/openshift_node/tasks/storage_plugins/nfs.yml index 5f99f129c..d40ae66cb 100644 --- a/roles/openshift_node/tasks/storage_plugins/nfs.yml +++ b/roles/openshift_node/tasks/storage_plugins/nfs.yml @@ -1,6 +1,6 @@ --- - name: Install NFS storage plugin dependencies - action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" + package: name=nfs-utils state=present when: not openshift.common.is_atomic | bool - name: Check for existence of seboolean diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index f722a6e69..626c47387 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -1,6 +1,21 @@ +--- # This file is included both in the openshift_master role and in the upgrade # playbooks. +- name: Pre-pull node image + command: > + docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" + when: openshift.common.is_containerized | bool + +- name: Pre-pull openvswitch image + command: > + docker pull {{ openshift.node.ovs_image }}:{{ openshift_image_tag }} + register: pull_result + changed_when: "'Downloaded newer image' in pull_result.stdout" + when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool + - name: Install Node dependencies docker service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node-dep.service" @@ -54,12 +69,12 @@ line: "{{ item.line }}" create: true with_items: - - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift.node.debug_level | default(2) }}" - - regex: '^CONFIG_FILE=' - line: "CONFIG_FILE={{ openshift.common.config_base }}/node/node-config.yaml" - - regex: '^IMAGE_VERSION=' - line: "IMAGE_VERSION={{ openshift_image_tag }}" + - regex: '^OPTIONS=' + line: "OPTIONS=--loglevel={{ openshift.node.debug_level | default(2) }}" + - regex: '^CONFIG_FILE=' + line: "CONFIG_FILE={{ openshift.common.config_base }}/node/node-config.yaml" + - regex: '^IMAGE_VERSION=' + line: "IMAGE_VERSION={{ openshift_image_tag }}" notify: - restart node @@ -70,12 +85,12 @@ line: "{{ item.line }}" create: true with_items: - - regex: '^HTTP_PROXY=' - line: "HTTP_PROXY={{ openshift.common.http_proxy | default('') }}" - - regex: '^HTTPS_PROXY=' - line: "HTTPS_PROXY={{ openshift.common.https_proxy | default('') }}" - - regex: '^NO_PROXY=' - line: "NO_PROXY={{ openshift.common.no_proxy | default([]) | join(',') }},{{ openshift.common.portal_net }},{{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }}" + - regex: '^HTTP_PROXY=' + line: "HTTP_PROXY={{ openshift.common.http_proxy | default('') }}" + - regex: '^HTTPS_PROXY=' + line: "HTTPS_PROXY={{ openshift.common.https_proxy | default('') }}" + - regex: '^NO_PROXY=' + line: "NO_PROXY={{ openshift.common.no_proxy | default([]) | join(',') }},{{ openshift.common.portal_net }},{{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }}" when: ('http_proxy' in openshift.common and openshift.common.http_proxy != '') notify: - restart node diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 9bcaf4d84..55ae4bf54 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -27,7 +27,7 @@ networkPluginName: {{ openshift.common.sdn_network_plugin_name }} # deprecates networkPluginName above. The two should match. networkConfig: mtu: {{ openshift.node.sdn_mtu }} -{% if openshift.common.use_openshift_sdn | bool or openshift.common.use_nuage | bool %} +{% if openshift.common.use_openshift_sdn | bool or openshift.common.use_nuage | bool or openshift.common.sdn_network_plugin_name == 'cni' %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} {% if openshift.node.set_node_ip | bool %} diff --git a/roles/openshift_node_certificates/README.md b/roles/openshift_node_certificates/README.md index f56066b29..f4215950f 100644 --- a/roles/openshift_node_certificates/README.md +++ b/roles/openshift_node_certificates/README.md @@ -6,6 +6,8 @@ This role determines if OpenShift node certificates must be created, delegates c Requirements ------------ +* Ansible 2.2 + Role Variables -------------- diff --git a/roles/openshift_node_certificates/handlers/main.yml b/roles/openshift_node_certificates/handlers/main.yml index f2299cecf..a74668b13 100644 --- a/roles/openshift_node_certificates/handlers/main.yml +++ b/roles/openshift_node_certificates/handlers/main.yml @@ -2,9 +2,9 @@ - name: update ca trust command: update-ca-trust notify: - - restart docker after updating ca trust + - restart docker after updating ca trust - name: restart docker after updating ca trust - service: + systemd: name: docker state: restarted diff --git a/roles/openshift_node_certificates/meta/main.yml b/roles/openshift_node_certificates/meta/main.yml index 50a862ee9..93216c1d2 100644 --- a/roles/openshift_node_certificates/meta/main.yml +++ b/roles/openshift_node_certificates/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: OpenShift Node Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 2.1 + min_ansible_version: 2.2 platforms: - name: EL versions: diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 69bcd3668..717bf3cea 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -44,7 +44,7 @@ - name: Generate the node client config command: > - {{ openshift.common.client_binary }} adm create-api-client-config + {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-api-client-config {% for named_ca_certificate in hostvars[openshift_ca_host].openshift.master.named_certificates | default([]) | oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} @@ -63,14 +63,14 @@ - name: Generate the node server certificate command: > - {{ openshift.common.client_binary }} adm ca create-server-cert - --cert={{ openshift_node_generated_config_dir }}/server.crt - --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key - --overwrite=true - --hostnames={{ openshift.common.all_hostnames |join(",") }} - --signer-cert={{ openshift_ca_cert }} - --signer-key={{ openshift_ca_key }} - --signer-serial={{ openshift_ca_serial }} + {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-server-cert + --cert={{ openshift_node_generated_config_dir }}/server.crt + --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key + --overwrite=true + --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }},{{ openshift.common.ip }},{{ openshift.common.public_ip }} + --signer-cert={{ openshift_ca_cert }} + --signer-key={{ openshift_ca_key }} + --signer-serial={{ openshift_ca_serial }} args: creates: "{{ openshift_node_generated_config_dir }}/server.crt" when: node_certs_missing | bool diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index ced0fa663..24798d3d2 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -28,7 +28,7 @@ cd /etc/sysconfig/network-scripts [ -f ../network ] && . ../network -if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then +if [[ $2 =~ ^(up|dhcp4-change|dhcp6-change)$ ]]; then # If the origin-upstream-dns config file changed we need to restart NEEDS_RESTART=0 UPSTREAM_DNS='/etc/dnsmasq.d/origin-upstream-dns.conf' @@ -36,6 +36,7 @@ if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then UPSTREAM_DNS_TMP=`mktemp` UPSTREAM_DNS_TMP_SORTED=`mktemp` CURRENT_UPSTREAM_DNS_SORTED=`mktemp` + NEW_RESOLV_CONF=`mktemp` ###################################################################### # couldn't find an existing method to determine if the interface owns the @@ -47,7 +48,6 @@ if [[ $2 =~ ^(up|dhcp4-change)$ ]]; then -n "${IP4_NAMESERVERS}" ]]; then if [ ! -f /etc/dnsmasq.d/origin-dns.conf ]; then cat << EOF > /etc/dnsmasq.d/origin-dns.conf -strict-order no-resolv domain-needed server=/cluster.local/172.30.0.1 @@ -80,18 +80,26 @@ EOF NEEDS_RESTART=1 fi + if ! `systemctl -q is-active dnsmasq.service`; then + NEEDS_RESTART=1 + fi + ###################################################################### if [ "${NEEDS_RESTART}" -eq "1" ]; then systemctl restart dnsmasq fi - sed -i '0,/^nameserver/ s/^nameserver.*$/nameserver '"${def_route_ip}"'/g' /etc/resolv.conf - - if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then - echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> /etc/resolv.conf + # Only if dnsmasq is running properly make it our only nameserver + if `systemctl -q is-active dnsmasq.service`; then + sed -e '/^nameserver.*$/d' /etc/resolv.conf > ${NEW_RESOLV_CONF} + echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF} + if ! grep -q '99-origin-dns.sh' ${NEW_RESOLV_CONF}; then + echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF} + fi + cp -Z ${NEW_RESOLV_CONF} /etc/resolv.conf fi fi # Clean up after yourself - rm -f $UPSTREAM_DNS_TMP $UPSTREAM_DNS_TMP_SORTED $CURRENT_UPSTREAM_DNS_SORTED + rm -f $UPSTREAM_DNS_TMP $UPSTREAM_DNS_TMP_SORTED $CURRENT_UPSTREAM_DNS_SORTED $NEW_RESOLV_CONF fi diff --git a/roles/openshift_node_dnsmasq/handlers/main.yml b/roles/openshift_node_dnsmasq/handlers/main.yml index 7d43b6106..b4a0c3583 100644 --- a/roles/openshift_node_dnsmasq/handlers/main.yml +++ b/roles/openshift_node_dnsmasq/handlers/main.yml @@ -1,10 +1,10 @@ --- - name: restart NetworkManager - service: + systemd: name: NetworkManager state: restarted - name: restart dnsmasq - service: + systemd: name: dnsmasq state: restarted diff --git a/roles/openshift_node_dnsmasq/meta/main.yml b/roles/openshift_node_dnsmasq/meta/main.yml index c83d64ae4..18e04e06d 100644 --- a/roles/openshift_node_dnsmasq/meta/main.yml +++ b/roles/openshift_node_dnsmasq/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: OpenShift Node DNSMasq support company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.7 + min_ansible_version: 2.2 platforms: - name: EL versions: diff --git a/roles/openshift_node_dnsmasq/tasks/main.yml b/roles/openshift_node_dnsmasq/tasks/main.yml index 396c27295..3311f7006 100644 --- a/roles/openshift_node_dnsmasq/tasks/main.yml +++ b/roles/openshift_node_dnsmasq/tasks/main.yml @@ -4,13 +4,14 @@ systemctl show NetworkManager register: nm_show changed_when: false + ignore_errors: True - name: Set fact using_network_manager set_fact: network_manager_active: "{{ True if 'ActiveState=active' in nm_show.stdout else False }}" - name: Install dnsmasq - action: "{{ ansible_pkg_mgr }} name=dnsmasq state=installed" + package: name=dnsmasq state=installed when: not openshift.common.is_atomic | bool - name: Install dnsmasq configuration @@ -21,16 +22,16 @@ - name: Deploy additional dnsmasq.conf template: - src: "{{ openshift_node_dnsmasq_additional_config_file }}" - dest: /etc/dnsmasq.d/openshift-ansible.conf - owner: root - group: root - mode: 0644 + src: "{{ openshift_node_dnsmasq_additional_config_file }}" + dest: /etc/dnsmasq.d/openshift-ansible.conf + owner: root + group: root + mode: 0644 when: openshift_node_dnsmasq_additional_config_file is defined notify: restart dnsmasq - name: Enable dnsmasq - service: + systemd: name: dnsmasq enabled: yes state: started diff --git a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml index 4d1bd3794..d5fda7bd0 100644 --- a/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml +++ b/roles/openshift_node_dnsmasq/tasks/no-network-manager.yml @@ -1,2 +1,2 @@ --- -- fail: msg="Currently, NetworkManager must be installed and enabled prior to installation."
\ No newline at end of file +- fail: msg="Currently, NetworkManager must be installed and enabled prior to installation." diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 index 1753bb821..f397cbbf1 100644 --- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 +++ b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 @@ -1,4 +1,3 @@ -strict-order no-resolv domain-needed server=/{{ openshift.common.dns_domain }}/{{ openshift.common.kube_svc_ip }} diff --git a/roles/openshift_preflight/README.md b/roles/openshift_preflight/README.md new file mode 100644 index 000000000..b6d3542d3 --- /dev/null +++ b/roles/openshift_preflight/README.md @@ -0,0 +1,52 @@ +OpenShift Preflight Checks +========================== + +This role detects common problems prior to installing OpenShift. + +Requirements +------------ + +* Ansible 2.2+ + +Role Variables +-------------- + +None + +Dependencies +------------ + +None + +Example Playbook +---------------- + +```yaml +--- +- hosts: OSEv3 + roles: + - openshift_preflight/init + +- hosts: OSEv3 + name: checks that apply to all hosts + gather_facts: no + ignore_errors: yes + roles: + - openshift_preflight/common + +- hosts: OSEv3 + name: verify check results + gather_facts: no + roles: + - openshift_preflight/verify_status +``` + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Customer Success team (dev@lists.openshift.redhat.com) diff --git a/roles/openshift_preflight/base/library/aos_version.py b/roles/openshift_preflight/base/library/aos_version.py new file mode 100755 index 000000000..f7fcb6da5 --- /dev/null +++ b/roles/openshift_preflight/base/library/aos_version.py @@ -0,0 +1,100 @@ +#!/usr/bin/python +# vim: expandtab:tabstop=4:shiftwidth=4 +''' +An ansible module for determining if more than one minor version +of any atomic-openshift package is available, which would indicate +that multiple repos are enabled for different versions of the same +thing which may cause problems. + +Also, determine if the version requested is available down to the +precision requested. +''' + +# import os +# import sys +import yum # pylint: disable=import-error +from ansible.module_utils.basic import AnsibleModule + + +def main(): # pylint: disable=missing-docstring + module = AnsibleModule( + argument_spec=dict( + version=dict(required=True) + ), + supports_check_mode=True + ) + + # NOTE(rhcarvalho): sosiouxme added _unmute, but I couldn't find a case yet + # for when it is actually necessary. Leaving it commented out for now, + # though this comment and the commented out code related to _unmute should + # be deleted later if not proven necessary. + + # sys.stdout = os.devnull # mute yum so it doesn't break our output + # sys.stderr = os.devnull # mute yum so it doesn't break our output + + # def _unmute(): # pylint: disable=missing-docstring + # sys.stdout = sys.__stdout__ + + def bail(error): # pylint: disable=missing-docstring + # _unmute() + module.fail_json(msg=error) + + yb = yum.YumBase() # pylint: disable=invalid-name + + # search for package versions available for aos pkgs + expected_pkgs = [ + 'atomic-openshift', + 'atomic-openshift-master', + 'atomic-openshift-node', + ] + try: + pkgs = yb.pkgSack.returnPackages(patterns=expected_pkgs) + except yum.Errors.PackageSackError as e: # pylint: disable=invalid-name + # you only hit this if *none* of the packages are available + bail('Unable to find any atomic-openshift packages. \nCheck your subscription and repo settings. \n%s' % e) + + # determine what level of precision we're expecting for the version + expected_version = module.params['version'] + if expected_version.startswith('v'): # v3.3 => 3.3 + expected_version = expected_version[1:] + num_dots = expected_version.count('.') + + pkgs_by_name_version = {} + pkgs_precise_version_found = {} + for pkg in pkgs: + # get expected version precision + match_version = '.'.join(pkg.version.split('.')[:num_dots + 1]) + if match_version == expected_version: + pkgs_precise_version_found[pkg.name] = True + # get x.y version precision + minor_version = '.'.join(pkg.version.split('.')[:2]) + if pkg.name not in pkgs_by_name_version: + pkgs_by_name_version[pkg.name] = {} + pkgs_by_name_version[pkg.name][minor_version] = True + + # see if any packages couldn't be found at requested version + # see if any packages are available in more than one minor version + not_found = [] + multi_found = [] + for name in expected_pkgs: + if name not in pkgs_precise_version_found: + not_found.append(name) + if name in pkgs_by_name_version and len(pkgs_by_name_version[name]) > 1: + multi_found.append(name) + if not_found: + msg = 'Not all of the required packages are available at requested version %s:\n' % expected_version + for name in not_found: + msg += ' %s\n' % name + bail(msg + 'Please check your subscriptions and enabled repositories.') + if multi_found: + msg = 'Multiple minor versions of these packages are available\n' + for name in multi_found: + msg += ' %s\n' % name + bail(msg + "There should only be one OpenShift version's repository enabled at a time.") + + # _unmute() + module.exit_json(changed=False) + + +if __name__ == '__main__': + main() diff --git a/roles/openshift_preflight/base/library/check_yum_update.py b/roles/openshift_preflight/base/library/check_yum_update.py new file mode 100755 index 000000000..296ebd44f --- /dev/null +++ b/roles/openshift_preflight/base/library/check_yum_update.py @@ -0,0 +1,116 @@ +#!/usr/bin/python +# vim: expandtab:tabstop=4:shiftwidth=4 +''' +Ansible module to test whether a yum update or install will succeed, +without actually performing it or running yum. +parameters: + packages: (optional) A list of package names to install or update. + If omitted, all installed RPMs are considered for updates. +''' + +# import os +import sys +import yum # pylint: disable=import-error +from ansible.module_utils.basic import AnsibleModule + + +def main(): # pylint: disable=missing-docstring,too-many-branches + module = AnsibleModule( + argument_spec=dict( + packages=dict(type='list', default=[]) + ), + supports_check_mode=True + ) + + # NOTE(rhcarvalho): sosiouxme added _unmute, but I couldn't find a case yet + # for when it is actually necessary. Leaving it commented out for now, + # though this comment and the commented out code related to _unmute should + # be deleted later if not proven necessary. + + # sys.stdout = os.devnull # mute yum so it doesn't break our output + + # def _unmute(): # pylint: disable=missing-docstring + # sys.stdout = sys.__stdout__ + + def bail(error): # pylint: disable=missing-docstring + # _unmute() + module.fail_json(msg=error) + + yb = yum.YumBase() # pylint: disable=invalid-name + # determine if the existing yum configuration is valid + try: + yb.repos.populateSack(mdtype='metadata', cacheonly=1) + # for error of type: + # 1. can't reach the repo URL(s) + except yum.Errors.NoMoreMirrorsRepoError as e: # pylint: disable=invalid-name + bail('Error getting data from at least one yum repository: %s' % e) + # 2. invalid repo definition + except yum.Errors.RepoError as e: # pylint: disable=invalid-name + bail('Error with yum repository configuration: %s' % e) + # 3. other/unknown + # * just report the problem verbatim + except: # pylint: disable=bare-except; # noqa + bail('Unexpected error with yum repository: %s' % sys.exc_info()[1]) + + packages = module.params['packages'] + no_such_pkg = [] + for pkg in packages: + try: + yb.install(name=pkg) + except yum.Errors.InstallError as e: # pylint: disable=invalid-name + no_such_pkg.append(pkg) + except: # pylint: disable=bare-except; # noqa + bail('Unexpected error with yum install/update: %s' % + sys.exc_info()[1]) + if not packages: + # no packages requested means test a yum update of everything + yb.update() + elif no_such_pkg: + # wanted specific packages to install but some aren't available + user_msg = 'Cannot install all of the necessary packages. Unavailable:\n' + for pkg in no_such_pkg: + user_msg += ' %s\n' % pkg + user_msg += 'You may need to enable one or more yum repositories to make this content available.' + bail(user_msg) + + try: + txn_result, txn_msgs = yb.buildTransaction() + except: # pylint: disable=bare-except; # noqa + bail('Unexpected error during dependency resolution for yum update: \n %s' % + sys.exc_info()[1]) + + # find out if there are any errors with the update/install + if txn_result == 0: # 'normal exit' meaning there's nothing to install/update + pass + elif txn_result == 1: # error with transaction + user_msg = 'Could not perform a yum update.\n' + if len(txn_msgs) > 0: + user_msg += 'Errors from dependency resolution:\n' + for msg in txn_msgs: + user_msg += ' %s\n' % msg + user_msg += 'You should resolve these issues before proceeding with an install.\n' + user_msg += 'You may need to remove or downgrade packages or enable/disable yum repositories.' + bail(user_msg) + # TODO: it would be nice depending on the problem: + # 1. dependency for update not found + # * construct the dependency tree + # * find the installed package(s) that required the missing dep + # * determine if any of these packages matter to openshift + # * build helpful error output + # 2. conflicts among packages in available content + # * analyze dependency tree and build helpful error output + # 3. other/unknown + # * report the problem verbatim + # * add to this list as we come across problems we can clearly diagnose + elif txn_result == 2: # everything resolved fine + pass + else: + bail('Unknown error(s) from dependency resolution. Exit Code: %d:\n%s' % + (txn_result, txn_msgs)) + + # _unmute() + module.exit_json(changed=False) + + +if __name__ == '__main__': + main() diff --git a/roles/openshift_preflight/common/meta/main.yml b/roles/openshift_preflight/common/meta/main.yml new file mode 100644 index 000000000..6f23cbf3b --- /dev/null +++ b/roles/openshift_preflight/common/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: openshift_preflight/base diff --git a/roles/openshift_preflight/common/tasks/main.yml b/roles/openshift_preflight/common/tasks/main.yml new file mode 100644 index 000000000..f1a4a160e --- /dev/null +++ b/roles/openshift_preflight/common/tasks/main.yml @@ -0,0 +1,21 @@ +--- +# check content available on all hosts +- when: not openshift.common.is_containerized | bool + block: + + - name: determine if yum update will work + action: check_yum_update + register: r + + - set_fact: + oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'determine if yum update will work'})] }}" + + - name: determine if expected version matches what is available + aos_version: + version: "{{ openshift_release }}" + when: + - deployment_type == "openshift-enterprise" + register: r + + - set_fact: + oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'determine if expected version matches what is available'})] }}" diff --git a/roles/openshift_preflight/init/meta/main.yml b/roles/openshift_preflight/init/meta/main.yml new file mode 100644 index 000000000..0bbeadd34 --- /dev/null +++ b/roles/openshift_preflight/init/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: openshift_facts diff --git a/roles/openshift_preflight/init/tasks/main.yml b/roles/openshift_preflight/init/tasks/main.yml new file mode 100644 index 000000000..bf2d82196 --- /dev/null +++ b/roles/openshift_preflight/init/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: set common variables + set_fact: + oo_preflight_check_results: "{{ oo_preflight_check_results | default([]) }}" diff --git a/roles/openshift_preflight/masters/meta/main.yml b/roles/openshift_preflight/masters/meta/main.yml new file mode 100644 index 000000000..6f23cbf3b --- /dev/null +++ b/roles/openshift_preflight/masters/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: openshift_preflight/base diff --git a/roles/openshift_preflight/masters/tasks/main.yml b/roles/openshift_preflight/masters/tasks/main.yml new file mode 100644 index 000000000..35fb1e3ca --- /dev/null +++ b/roles/openshift_preflight/masters/tasks/main.yml @@ -0,0 +1,31 @@ +--- +# determine if yum install of master pkgs will work +- when: not openshift.common.is_containerized | bool + block: + + - name: main master packages availability + check_yum_update: + packages: + - "{{ openshift.common.service_type }}" + - "{{ openshift.common.service_type }}-clients" + - "{{ openshift.common.service_type }}-master" + register: r + + - set_fact: + oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'main master packages availability'})] }}" + + - name: other master packages availability + check_yum_update: + packages: + - etcd + - bash-completion + - cockpit-bridge + - cockpit-docker + - cockpit-kubernetes + - cockpit-shell + - cockpit-ws + - httpd-tools + register: r + + - set_fact: + oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'other master packages availability'})] }}" diff --git a/roles/openshift_preflight/nodes/meta/main.yml b/roles/openshift_preflight/nodes/meta/main.yml new file mode 100644 index 000000000..6f23cbf3b --- /dev/null +++ b/roles/openshift_preflight/nodes/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: openshift_preflight/base diff --git a/roles/openshift_preflight/nodes/tasks/main.yml b/roles/openshift_preflight/nodes/tasks/main.yml new file mode 100644 index 000000000..a10e69024 --- /dev/null +++ b/roles/openshift_preflight/nodes/tasks/main.yml @@ -0,0 +1,41 @@ +--- +# determine if yum install of node pkgs will work +- when: not openshift.common.is_containerized | bool + block: + + - name: main node packages availability + check_yum_update: + packages: + - "{{ openshift.common.service_type }}" + - "{{ openshift.common.service_type }}-node" + - "{{ openshift.common.service_type }}-sdn-ovs" + register: r + + - set_fact: + oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'main node packages availability'})] }}" + + - name: other node packages availability + check_yum_update: + packages: + - docker + - PyYAML + - firewalld + - iptables + - iptables-services + - nfs-utils + - ntp + - yum-utils + - dnsmasq + - libselinux-python + - ceph-common + - glusterfs-fuse + - iscsi-initiator-utils + - pyparted + - python-httplib2 + - openssl + - flannel + - bind + register: r + + - set_fact: + oo_preflight_check_results: "{{ oo_preflight_check_results + [r|combine({'_task': 'other node packages availability'})] }}" diff --git a/roles/openshift_preflight/verify_status/callback_plugins/zz_failure_summary.py b/roles/openshift_preflight/verify_status/callback_plugins/zz_failure_summary.py new file mode 100644 index 000000000..180ed8d8f --- /dev/null +++ b/roles/openshift_preflight/verify_status/callback_plugins/zz_failure_summary.py @@ -0,0 +1,96 @@ +# vim: expandtab:tabstop=4:shiftwidth=4 +''' +Ansible callback plugin. +''' + +from ansible.plugins.callback import CallbackBase +from ansible import constants as C +from ansible.utils.color import stringc + + +class CallbackModule(CallbackBase): + ''' + This callback plugin stores task results and summarizes failures. + The file name is prefixed with `zz_` to make this plugin be loaded last by + Ansible, thus making its output the last thing that users see. + ''' + + CALLBACK_VERSION = 2.0 + CALLBACK_TYPE = 'aggregate' + CALLBACK_NAME = 'failure_summary' + CALLBACK_NEEDS_WHITELIST = False + + def __init__(self): + super(CallbackModule, self).__init__() + self.__failures = [] + + def v2_runner_on_failed(self, result, ignore_errors=False): + super(CallbackModule, self).v2_runner_on_failed(result, ignore_errors) + self.__failures.append(dict(result=result, ignore_errors=ignore_errors)) + + def v2_playbook_on_stats(self, stats): + super(CallbackModule, self).v2_playbook_on_stats(stats) + # TODO: update condition to consider a host var or env var to + # enable/disable the summary, so that we can control the output from a + # play. + if self.__failures: + self._print_failure_summary() + + def _print_failure_summary(self): + '''Print a summary of failed tasks (including ignored failures).''' + self._display.display(u'\nFailure summary:\n') + + # TODO: group failures by host or by task. If grouped by host, it is + # easy to see all problems of a given host. If grouped by task, it is + # easy to see what hosts needs the same fix. + + width = len(str(len(self.__failures))) + initial_indent_format = u' {{:>{width}}}. '.format(width=width) + initial_indent_len = len(initial_indent_format.format(0)) + subsequent_indent = u' ' * initial_indent_len + subsequent_extra_indent = u' ' * (initial_indent_len + 10) + + for i, failure in enumerate(self.__failures, 1): + lines = _format_failure(failure) + self._display.display(u'\n{}{}'.format(initial_indent_format.format(i), lines[0])) + for line in lines[1:]: + line = line.replace(u'\n', u'\n' + subsequent_extra_indent) + indented = u'{}{}'.format(subsequent_indent, line) + self._display.display(indented) + + +# Reason: disable pylint protected-access because we need to access _* +# attributes of a task result to implement this method. +# Status: permanently disabled unless Ansible's API changes. +# pylint: disable=protected-access +def _format_failure(failure): + '''Return a list of pretty-formatted lines describing a failure, including + relevant information about it. Line separators are not included.''' + result = failure['result'] + host = result._host.get_name() + play = _get_play(result._task) + if play: + play = play.get_name() + task = result._task.get_name() + msg = result._result.get('msg', u'???') + rows = ( + (u'Host', host), + (u'Play', play), + (u'Task', task), + (u'Message', stringc(msg, C.COLOR_ERROR)), + ) + row_format = '{:10}{}' + return [row_format.format(header + u':', body) for header, body in rows] + + +# Reason: disable pylint protected-access because we need to access _* +# attributes of obj to implement this function. +# This is inspired by ansible.playbook.base.Base.dump_me. +# Status: permanently disabled unless Ansible's API changes. +# pylint: disable=protected-access +def _get_play(obj): + '''Given a task or block, recursively tries to find its parent play.''' + if hasattr(obj, '_play'): + return obj._play + if getattr(obj, '_parent'): + return _get_play(obj._parent) diff --git a/roles/openshift_preflight/verify_status/tasks/main.yml b/roles/openshift_preflight/verify_status/tasks/main.yml new file mode 100644 index 000000000..36ccf648a --- /dev/null +++ b/roles/openshift_preflight/verify_status/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: find check failures + set_fact: + oo_preflight_check_failures: "{{ oo_preflight_check_results | select('failed', 'equalto', True) | list }}" + +- name: ensure all checks succeed + action: fail + when: oo_preflight_check_failures diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index 9be168611..23dcd0440 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -12,7 +12,7 @@ when: not openshift.common.is_containerized | bool - name: Ensure libselinux-python is installed - action: "{{ ansible_pkg_mgr }} name=libselinux-python state=present" + package: name=libselinux-python state=present when: not openshift.common.is_containerized | bool - name: Create any additional repos that are defined @@ -37,6 +37,7 @@ when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora" and openshift_deployment_type == 'origin' and not openshift.common.is_containerized | bool + and openshift_enable_origin_repo | default(true) | bool - name: Configure origin yum repositories RHEL/CentOS copy: @@ -46,3 +47,4 @@ when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora" and openshift_deployment_type == 'origin' and not openshift.common.is_containerized | bool + and openshift_enable_origin_repo | default(true) | bool diff --git a/roles/openshift_repos/templates/yum_repo.j2 b/roles/openshift_repos/templates/yum_repo.j2 index 2d9243545..ef2cd6603 100644 --- a/roles/openshift_repos/templates/yum_repo.j2 +++ b/roles/openshift_repos/templates/yum_repo.j2 @@ -2,9 +2,9 @@ [{{ repo.id }}] name={{ repo.name | default(repo.id) }} baseurl={{ repo.baseurl }} -{% set enable_repo = repo.enabled | default('1') %} +{% set enable_repo = repo.enabled | default(1) %} enabled={{ 1 if ( enable_repo == 1 or enable_repo == True ) else 0 }} -{% set enable_gpg_check = repo.gpgcheck | default('1') %} +{% set enable_gpg_check = repo.gpgcheck | default(1) %} gpgcheck={{ 1 if ( enable_gpg_check == 1 or enable_gpg_check == True ) else 0 }} {% for key, value in repo.iteritems() %} {% if key not in ['id', 'name', 'baseurl', 'enabled', 'gpgcheck'] and value is defined %} diff --git a/roles/openshift_repos/vars/main.yml b/roles/openshift_repos/vars/main.yml index 319611a0b..da48e42c1 100644 --- a/roles/openshift_repos/vars/main.yml +++ b/roles/openshift_repos/vars/main.yml @@ -4,4 +4,4 @@ # enterprise is used for OSE 3.0 < 3.1 which uses packages named 'openshift' # atomic-enterprise uses Red Hat packages named 'atomic-openshift' # openshift-enterprise uses Red Hat packages named 'atomic-openshift' starting with OSE 3.1 -known_openshift_deployment_types: ['origin', 'online', 'enterprise','atomic-enterprise','openshift-enterprise'] +known_openshift_deployment_types: ['origin', 'online', 'enterprise', 'atomic-enterprise', 'openshift-enterprise'] diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml index 8715fc64e..b8cbe9a84 100644 --- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml +++ b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml @@ -1,3 +1,4 @@ +--- #### # # OSE 3.0.z did not have 'oadm policy add-scc-to-user'. @@ -9,7 +10,7 @@ path: /tmp/openshift state: directory owner: root - mode: 700 + mode: 0700 - name: Create service account configs template: diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml index 1ff9e6dcb..d83ccf7de 100644 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ b/roles/openshift_serviceaccounts/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: test if service accounts exists command: > {{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }} diff --git a/roles/openshift_storage_nfs/README.md b/roles/openshift_storage_nfs/README.md index b0480a958..817b007e8 100644 --- a/roles/openshift_storage_nfs/README.md +++ b/roles/openshift_storage_nfs/README.md @@ -6,10 +6,10 @@ OpenShift NFS Server Installation Requirements ------------ -This role is intended to be applied to the [nfs] host group which is +* Ansible 2.2 +* This role is intended to be applied to the [nfs] host group which is separate from OpenShift infrastructure components. - -Requires access to the 'nfs-utils' package. +* Requires access to the 'nfs-utils' package. Role Variables -------------- diff --git a/roles/openshift_storage_nfs/handlers/main.yml b/roles/openshift_storage_nfs/handlers/main.yml index a1377a203..0d1149db8 100644 --- a/roles/openshift_storage_nfs/handlers/main.yml +++ b/roles/openshift_storage_nfs/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart nfs-server - service: + systemd: name: nfs-server state: restarted when: not (nfs_service_status_changed | default(false)) diff --git a/roles/openshift_storage_nfs/meta/main.yml b/roles/openshift_storage_nfs/meta/main.yml index 865865d9c..62e38bd8c 100644 --- a/roles/openshift_storage_nfs/meta/main.yml +++ b/roles/openshift_storage_nfs/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: OpenShift NFS Server company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.9 + min_ansible_version: 2.2 platforms: - name: EL versions: diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index 4716c77ae..fd935f105 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install nfs-utils - action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" + package: name=nfs-utils state=present - name: Configure NFS lineinfile: @@ -10,7 +10,7 @@ register: nfs_config - name: Restart nfs-config - service: name=nfs-config state=restarted + systemd: name=nfs-config state=restarted when: nfs_config | changed - name: Ensure exports directory exists @@ -26,9 +26,9 @@ owner: nfsnobody group: nfsnobody with_items: - - "{{ openshift.hosted.registry }}" - - "{{ openshift.hosted.metrics }}" - - "{{ openshift.hosted.logging }}" + - "{{ openshift.hosted.registry }}" + - "{{ openshift.hosted.metrics }}" + - "{{ openshift.hosted.logging }}" - name: Configure exports @@ -36,7 +36,7 @@ dest: /etc/exports.d/openshift-ansible.exports src: exports.j2 notify: - - restart nfs-server + - restart nfs-server # Now that we're putting our exports in our own file clean up the old ones - name: register exports @@ -51,16 +51,14 @@ with_items: "{{ exports_out.stdout_lines | default([]) }}" when: exports_out.rc == 0 notify: - - restart nfs-server + - restart nfs-server - name: Enable and start services - service: - name: "{{ item }}" + systemd: + name: nfs-server state: started enabled: yes register: start_result - with_items: - - nfs-server - set_fact: nfs_service_status_changed: "{{ start_result | changed }}" diff --git a/roles/openshift_storage_nfs_lvm/README.md b/roles/openshift_storage_nfs_lvm/README.md index 3680ef5b5..cc674d3fd 100644 --- a/roles/openshift_storage_nfs_lvm/README.md +++ b/roles/openshift_storage_nfs_lvm/README.md @@ -8,10 +8,9 @@ create persistent volumes. ## Requirements -* NFS server with NFS, iptables, and everything setup. - +* Ansible 2.2 +* NFS server with NFS, iptables, and everything setup * A lvm volume group created on the nfs server (default: openshiftvg) - * The lvm volume needs to have as much free space as you are allocating ## Role Variables @@ -49,6 +48,13 @@ osnl_volume_num_start: 3 # How many volumes/partitions to build, with the size we stated. osnl_number_of_volumes: 2 +# osnl_volume_reclaim_policy +# Volume reclaim policy of a PersistentVolume tells the cluster +# what to do with the volume after it is released. +# +# Valid values are "Retain" or "Recycle" (default). +osnl_volume_reclaim_policy: "Recycle" + ``` ## Dependencies @@ -72,6 +78,7 @@ exported via NFS. json files are created in /root. osnl_volume_size: 5 osnl_volume_num_start: 3 osnl_number_of_volumes: 2 + osnl_volume_reclaim_policy: "Recycle" ## Full example @@ -97,6 +104,7 @@ exported via NFS. json files are created in /root. osnl_volume_size: 5 osnl_volume_num_start: 3 osnl_number_of_volumes: 2 + osnl_volume_reclaim_policy: "Recycle" * Run the playbook: ``` diff --git a/roles/openshift_storage_nfs_lvm/defaults/main.yml b/roles/openshift_storage_nfs_lvm/defaults/main.yml index f81cdc724..48352187c 100644 --- a/roles/openshift_storage_nfs_lvm/defaults/main.yml +++ b/roles/openshift_storage_nfs_lvm/defaults/main.yml @@ -8,3 +8,10 @@ osnl_mount_dir: /exports/openshift # Volume Group to use. osnl_volume_group: openshiftvg + +# Volume reclaim policy of a PersistentVolume tells the cluster +# what to do with the volume after it is released. +# +# Valid values are "Retain" or "Recycle". +# See https://docs.openshift.com/enterprise/3.0/architecture/additional_concepts/storage.html#pv-recycling-policy +osnl_volume_reclaim_policy: "Recycle" diff --git a/roles/openshift_storage_nfs_lvm/handlers/main.yml b/roles/openshift_storage_nfs_lvm/handlers/main.yml index 52f3ceffe..9ce8b783d 100644 --- a/roles/openshift_storage_nfs_lvm/handlers/main.yml +++ b/roles/openshift_storage_nfs_lvm/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: restart nfs - service: name=nfs-server state=restarted + systemd: name=nfs-server state=restarted diff --git a/roles/openshift_storage_nfs_lvm/meta/main.yml b/roles/openshift_storage_nfs_lvm/meta/main.yml index 62ea54883..50d94f6a3 100644 --- a/roles/openshift_storage_nfs_lvm/meta/main.yml +++ b/roles/openshift_storage_nfs_lvm/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: Create LVM volumes and use them as openshift persistent volumes. company: Red Hat, Inc. license: license (Apache) - min_ansible_version: 1.4 + min_ansible_version: 2.2 platforms: - name: EL versions: @@ -13,5 +13,6 @@ galaxy_info: versions: - all categories: - - openshift -dependencies: [] + - openshift +dependencies: +- role: openshift_facts diff --git a/roles/openshift_storage_nfs_lvm/tasks/main.yml b/roles/openshift_storage_nfs_lvm/tasks/main.yml index ea0cc2a94..49dd657b5 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/main.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/main.yml @@ -2,7 +2,7 @@ # TODO -- this may actually work on atomic hosts - fail: msg: "openshift_storage_nfs_lvm is not compatible with atomic host" - when: openshift.common.is_atomic | true + when: openshift.common.is_atomic | bool - name: Create lvm volumes lvol: vg={{osnl_volume_group}} lv={{ item }} size={{osnl_volume_size}}G diff --git a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml index fc8de1cb5..03f4fcec0 100644 --- a/roles/openshift_storage_nfs_lvm/tasks/nfs.yml +++ b/roles/openshift_storage_nfs_lvm/tasks/nfs.yml @@ -1,17 +1,26 @@ --- - name: Install NFS server - action: "{{ ansible_pkg_mgr }} name=nfs-utils state=present" + package: name=nfs-utils state=present when: not openshift.common.is_containerized | bool - + - name: Start rpcbind - service: name=rpcbind state=started enabled=yes + systemd: + name: rpcbind + state: started + enabled: yes - name: Start nfs - service: name=nfs-server state=started enabled=yes + systemd: + name: nfs-server + state: started + enabled: yes - name: Export the directories lineinfile: dest=/etc/exports regexp="^{{ osnl_mount_dir }}/{{ item }} " line="{{ osnl_mount_dir }}/{{ item }} {{osnl_nfs_export_options}}" - with_sequence: start={{osnl_volume_num_start}} count={{osnl_number_of_volumes}} format={{osnl_volume_prefix}}{{osnl_volume_size}}g%04d + with_sequence: + start: "{{osnl_volume_num_start}}" + count: "{{osnl_number_of_volumes}}" + format: "{{osnl_volume_prefix}}{{osnl_volume_size}}g%04d" notify: restart nfs diff --git a/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 b/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 index 0f3d84e75..c273aca9f 100644 --- a/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 +++ b/roles/openshift_storage_nfs_lvm/templates/nfs.json.j2 @@ -11,11 +11,11 @@ "capacity": { "storage": "{{ osnl_volume_size }}Gi" }, - "accessModes": [ "ReadWriteMany" ], - "persistentVolumeReclaimPolicy": "Recycle", + "accessModes": [ "ReadWriteOnce", "ReadWriteMany" ], + "persistentVolumeReclaimPolicy": "{{ osnl_volume_reclaim_policy }}", "nfs": { - "Server": "{{ inventory_hostname }}", - "Path": "{{ osnl_mount_dir }}/{{ item }}" + "server": "{{ inventory_hostname }}", + "path": "{{ osnl_mount_dir }}/{{ item }}" } } } diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index a3a99d248..0f2a660a7 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -22,7 +22,7 @@ - set_fact: openshift_image_tag: "{{ 'v' + openshift_image_tag }}" - when: openshift_image_tag is defined and openshift_image_tag[0] != 'v' + when: openshift_image_tag is defined and openshift_image_tag[0] != 'v' and openshift_image_tag != 'latest' - set_fact: openshift_pkg_version: "{{ '-' + openshift_pkg_version }}" diff --git a/roles/openshift_version/tasks/set_version_containerized.yml b/roles/openshift_version/tasks/set_version_containerized.yml index 8e2702391..cd0f20ae9 100644 --- a/roles/openshift_version/tasks/set_version_containerized.yml +++ b/roles/openshift_version/tasks/set_version_containerized.yml @@ -1,8 +1,9 @@ --- - name: Set containerized version to configure if openshift_image_tag specified set_fact: - # Expects a leading "v" in inventory, strip it off here: - openshift_version: "{{ openshift_image_tag[1:].split('-')[0] }}" + # Expects a leading "v" in inventory, strip it off here unless + # openshift_image_tag=latest + openshift_version: "{{ openshift_image_tag[1:].split('-')[0] if openshift_image_tag != 'latest' else openshift_image_tag }}" when: openshift_image_tag is defined and openshift_version is not defined - name: Set containerized version to configure if openshift_release specified @@ -37,3 +38,8 @@ openshift_version: "{{ cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0:2][1:] | join('-') if openshift.common.deployment_type == 'origin' else cli_image_version.stdout_lines[0].split(' ')[1].split('-')[0][1:] }}" when: openshift_version is defined and openshift_version.split('.') | length == 2 +# We finally have the specific version. Now we clean up any strange +# dangly +c0mm1t-offset tags in the version. See also, +# openshift_facts.py +- set_fact: + openshift_version: "{{ openshift_version | oo_chomp_commit_offset }}" diff --git a/roles/os_firewall/README.md b/roles/os_firewall/README.md index 187d74b06..43db3cc74 100644 --- a/roles/os_firewall/README.md +++ b/roles/os_firewall/README.md @@ -4,10 +4,13 @@ OS Firewall OS Firewall manages firewalld and iptables firewall settings for a minimal use case (Adding/Removing rules based on protocol and port number). +Note: firewalld is not supported on Atomic Host +https://bugzilla.redhat.com/show_bug.cgi?id=1403331 + Requirements ------------ -None. +Ansible 2.2 Role Variables -------------- diff --git a/roles/os_firewall/defaults/main.yml b/roles/os_firewall/defaults/main.yml index c870a301a..4c544122f 100644 --- a/roles/os_firewall/defaults/main.yml +++ b/roles/os_firewall/defaults/main.yml @@ -1,9 +1,7 @@ --- os_firewall_enabled: True -# TODO: Upstream kubernetes only supports iptables currently -# TODO: it might be possible to still use firewalld if we wire up the created -# chains with the public zone (or the zone associated with the correct -# interfaces) -os_firewall_use_firewalld: False +# firewalld is not supported on Atomic Host +# https://bugzilla.redhat.com/show_bug.cgi?id=1403331 +os_firewall_use_firewalld: "{{ False if openshift.common.is_atomic | bool else True }}" os_firewall_allow: [] os_firewall_deny: [] diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py index bd638b69b..8ba650994 100755 --- a/roles/os_firewall/library/os_firewall_manage_iptables.py +++ b/roles/os_firewall/library/os_firewall_manage_iptables.py @@ -2,7 +2,7 @@ # -*- coding: utf-8 -*- # vim: expandtab:tabstop=4:shiftwidth=4 # pylint: disable=fixme, missing-docstring -from subprocess import call, check_output +import subprocess DOCUMENTATION = ''' --- @@ -29,7 +29,10 @@ class IpTablesAddRuleError(IpTablesError): class IpTablesRemoveRuleError(IpTablesError): - pass + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name + super(IpTablesRemoveRuleError, self).__init__(msg, cmd, exit_code, + output) + self.chain = chain class IpTablesSaveError(IpTablesError): @@ -37,14 +40,14 @@ class IpTablesSaveError(IpTablesError): class IpTablesCreateChainError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateChainError, self).__init__(msg, cmd, exit_code, output) self.chain = chain class IpTablesCreateJumpRuleError(IpTablesError): - def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name + def __init__(self, chain, msg, cmd, exit_code, output): # pylint: disable=too-many-arguments, line-too-long, redefined-outer-name super(IpTablesCreateJumpRuleError, self).__init__(msg, cmd, exit_code, output) self.chain = chain @@ -53,7 +56,7 @@ class IpTablesCreateJumpRuleError(IpTablesError): # TODO: implement rollbacks for any events that were successful and an # exception was thrown later. For example, when the chain is created # successfully, but the add/remove rule fails. -class IpTablesManager(object): # pylint: disable=too-many-instance-attributes +class IpTablesManager(object): # pylint: disable=too-many-instance-attributes def __init__(self, module): self.module = module self.ip_version = module.params['ip_version'] @@ -68,8 +71,7 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes def save(self): try: - self.output.append(check_output(self.save_cmd, - stderr=subprocess.STDOUT)) + self.output.append(subprocess.check_output(self.save_cmd, stderr=subprocess.STDOUT)) except subprocess.CalledProcessError as ex: raise IpTablesSaveError( msg="Failed to save iptables rules", @@ -92,7 +94,7 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes else: cmd = self.cmd + ['-A'] + rule try: - self.output.append(check_output(cmd)) + self.output.append(subprocess.check_output(cmd)) self.changed = True self.save() except subprocess.CalledProcessError as ex: @@ -112,7 +114,7 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes else: cmd = self.cmd + ['-D'] + rule try: - self.output.append(check_output(cmd)) + self.output.append(subprocess.check_output(cmd)) self.changed = True self.save() except subprocess.CalledProcessError as ex: @@ -123,11 +125,19 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes def rule_exists(self, rule): check_cmd = self.cmd + ['-C'] + rule - return True if call(check_cmd) == 0 else False + return True if subprocess.call(check_cmd) == 0 else False + + @staticmethod + def port_as_argument(port): + if isinstance(port, int): + return str(port) + if isinstance(port, basestring): # noqa: F405 + return port.replace('-', ":") + return port def gen_rule(self, port, proto): return [self.chain, '-p', proto, '-m', 'state', '--state', 'NEW', - '-m', proto, '--dport', str(port), '-j', 'ACCEPT'] + '-m', proto, '--dport', IpTablesManager.port_as_argument(port), '-j', 'ACCEPT'] def create_jump(self): if self.check_mode: @@ -136,10 +146,10 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes else: try: cmd = self.cmd + ['-L', self.jump_rule_chain, '--line-numbers'] - output = check_output(cmd, stderr=subprocess.STDOUT) + output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) # break the input rules into rows and columns - input_rules = [s.split() for s in output.split('\n')] + input_rules = [s.split() for s in to_native(output).split('\n')] # Find the last numbered rule last_rule_num = None @@ -155,8 +165,7 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes # Naively assume that if the last row is a REJECT or DROP rule, # then we can insert our rule right before it, otherwise we # assume that we can just append the rule. - if (last_rule_num and last_rule_target - and last_rule_target in ['REJECT', 'DROP']): + if (last_rule_num and last_rule_target and last_rule_target in ['REJECT', 'DROP']): # insert rule cmd = self.cmd + ['-I', self.jump_rule_chain, str(last_rule_num)] @@ -164,7 +173,7 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes # append rule cmd = self.cmd + ['-A', self.jump_rule_chain] cmd += ['-j', self.chain] - output = check_output(cmd, stderr=subprocess.STDOUT) + output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) self.changed = True self.output.append(output) self.save() @@ -192,8 +201,7 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes else: try: cmd = self.cmd + ['-N', self.chain] - self.output.append(check_output(cmd, - stderr=subprocess.STDOUT)) + self.output.append(subprocess.check_output(cmd, stderr=subprocess.STDOUT)) self.changed = True self.output.append("Successfully created chain %s" % self.chain) @@ -203,26 +211,26 @@ class IpTablesManager(object): # pylint: disable=too-many-instance-attributes chain=self.chain, msg="Failed to create chain: %s" % self.chain, cmd=ex.cmd, exit_code=ex.returncode, output=ex.output - ) + ) def jump_rule_exists(self): cmd = self.cmd + ['-C', self.jump_rule_chain, '-j', self.chain] - return True if call(cmd) == 0 else False + return True if subprocess.call(cmd) == 0 else False def chain_exists(self): cmd = self.cmd + ['-L', self.chain] - return True if call(cmd) == 0 else False + return True if subprocess.call(cmd) == 0 else False def gen_cmd(self): cmd = 'iptables' if self.ip_version == 'ipv4' else 'ip6tables' return ["/usr/sbin/%s" % cmd] - def gen_save_cmd(self): # pylint: disable=no-self-use + def gen_save_cmd(self): # pylint: disable=no-self-use return ['/usr/libexec/iptables/iptables.init', 'save'] def main(): - module = AnsibleModule( + module = AnsibleModule( # noqa: F405 argument_spec=dict( name=dict(required=True), action=dict(required=True, choices=['add', 'remove', @@ -231,7 +239,7 @@ def main(): create_jump_rule=dict(required=False, type='bool', default=True), jump_rule_chain=dict(required=False, default='INPUT'), protocol=dict(required=False, choices=['tcp', 'udp']), - port=dict(required=False, type='int'), + port=dict(required=False, type='str'), ip_version=dict(required=False, default='ipv4', choices=['ipv4', 'ipv6']), ), @@ -266,8 +274,9 @@ def main(): output=iptables_manager.output) -# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import +# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import, wrong-import-position # import module snippets -from ansible.module_utils.basic import * +from ansible.module_utils.basic import * # noqa: F403,E402 +from ansible.module_utils._text import to_native # noqa: E402 if __name__ == '__main__': main() diff --git a/roles/os_firewall/meta/main.yml b/roles/os_firewall/meta/main.yml index c93335b7b..dca5fc5ff 100644 --- a/roles/os_firewall/meta/main.yml +++ b/roles/os_firewall/meta/main.yml @@ -4,12 +4,13 @@ galaxy_info: description: os_firewall company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.7 + min_ansible_version: 2.2 platforms: - - name: EL - versions: - - 7 + - name: EL + versions: + - 7 categories: - - system + - system +allow_duplicates: yes dependencies: -- { role: openshift_facts } + - role: openshift_facts diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml index 5ddca1fc0..1101870be 100644 --- a/roles/os_firewall/tasks/firewall/firewalld.yml +++ b/roles/os_firewall/tasks/firewall/firewalld.yml @@ -1,88 +1,45 @@ --- - name: Install firewalld packages - action: "{{ ansible_pkg_mgr }} name=firewalld state=present" + package: name=firewalld state=present when: not openshift.common.is_containerized | bool - register: install_result - -- name: Check if iptables-services is installed - command: rpm -q iptables-services - register: pkg_check - failed_when: pkg_check.rc > 1 - changed_when: no - name: Ensure iptables services are not enabled - service: + systemd: name: "{{ item }}" state: stopped enabled: no + masked: yes with_items: - - iptables - - ip6tables - when: pkg_check.rc == 0 - -- name: Reload systemd units - command: systemctl daemon-reload - when: install_result | changed - -- name: Determine if firewalld service masked - command: > - systemctl is-enabled firewalld - register: os_firewall_firewalld_masked_output - changed_when: false - failed_when: false - -- name: Unmask firewalld service - command: > - systemctl unmask firewalld - when: os_firewall_firewalld_masked_output.stdout == "masked" + - iptables + - ip6tables + register: task_result + failed_when: "task_result|failed and 'could not' not in task_result.msg|lower" - name: Start and enable firewalld service - service: + systemd: name: firewalld state: started enabled: yes + masked: no + daemon_reload: yes register: result - name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail pause: seconds=10 when: result | changed -- name: Mask iptables services - command: systemctl mask "{{ item }}" - register: result - changed_when: "'iptables' in result.stdout" - with_items: - - iptables - - ip6tables - when: pkg_check.rc == 0 - ignore_errors: yes - -# TODO: Ansible 1.9 will eliminate the need for separate firewalld tasks for -# enabling rules and making them permanent with the immediate flag - name: Add firewalld allow rules firewalld: port: "{{ item.port }}" - permanent: false - state: enabled - with_items: "{{ os_firewall_allow }}" - -- name: Persist firewalld allow rules - firewalld: - port: "{{ item.port }}" permanent: true + immediate: true state: enabled with_items: "{{ os_firewall_allow }}" - name: Remove firewalld allow rules firewalld: port: "{{ item.port }}" - permanent: false - state: disabled - with_items: "{{ os_firewall_deny }}" - -- name: Persist removal of firewalld allow rules - firewalld: - port: "{{ item.port }}" permanent: true + immediate: true state: disabled with_items: "{{ os_firewall_deny }}" diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 470d4f4f9..930b32cf2 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -1,64 +1,28 @@ --- -- name: Check if firewalld is installed - command: rpm -q firewalld - args: - # Disables the following warning: - # Consider using yum, dnf or zypper module rather than running rpm - warn: no - register: pkg_check - failed_when: pkg_check.rc > 1 - changed_when: no - name: Ensure firewalld service is not enabled - service: + systemd: name: firewalld state: stopped enabled: no - when: pkg_check.rc == 0 - -# TODO: submit PR upstream to add mask/unmask to service module -- name: Mask firewalld service - command: systemctl mask firewalld - register: result - changed_when: "'firewalld' in result.stdout" - when: pkg_check.rc == 0 - ignore_errors: yes + masked: yes + register: task_result + failed_when: "task_result|failed and 'could not' not in task_result.msg|lower" - name: Install iptables packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + package: name={{ item }} state=present with_items: - - iptables - - iptables-services - register: install_result + - iptables + - iptables-services when: not openshift.common.is_atomic | bool -- name: Reload systemd units - command: systemctl daemon-reload - when: install_result | changed - -- name: Determine if iptables service masked - command: > - systemctl is-enabled {{ item }} - with_items: - - iptables - - ip6tables - register: os_firewall_iptables_masked_output - changed_when: false - failed_when: false - -- name: Unmask iptables service - command: > - systemctl unmask {{ item }} - with_items: - - iptables - - ip6tables - when: "'masked' in os_firewall_iptables_masked_output.results | map(attribute='stdout')" - - name: Start and enable iptables service - service: + systemd: name: iptables state: started enabled: yes + masked: no + daemon_reload: yes register: result - name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail diff --git a/roles/os_firewall/tasks/main.yml b/roles/os_firewall/tasks/main.yml index 076e5e311..20efe5b0d 100644 --- a/roles/os_firewall/tasks/main.yml +++ b/roles/os_firewall/tasks/main.yml @@ -1,4 +1,10 @@ --- +- name: Assert - Do not use firewalld on Atomic Host + assert: + that: not os_firewall_use_firewalld | bool + msg: "Firewalld is not supported on Atomic Host" + when: openshift.common.is_atomic | bool + - include: firewall/firewalld.yml when: os_firewall_enabled | bool and os_firewall_use_firewalld | bool diff --git a/roles/os_update_latest/tasks/main.yml b/roles/os_update_latest/tasks/main.yml index ff2b52275..6b5fd0106 100644 --- a/roles/os_update_latest/tasks/main.yml +++ b/roles/os_update_latest/tasks/main.yml @@ -1,3 +1,3 @@ --- - name: Update all packages - action: "{{ ansible_pkg_mgr }} name=* state=latest" + package: name=* state=latest diff --git a/roles/rhel_subscribe/meta/main.yml b/roles/rhel_subscribe/meta/main.yml index 6204a5aa5..0bbeadd34 100644 --- a/roles/rhel_subscribe/meta/main.yml +++ b/roles/rhel_subscribe/meta/main.yml @@ -1,2 +1,3 @@ +--- dependencies: -- role: openshift_facts + - role: openshift_facts |