From e05e6eafbf50761fdc67148162ef9a0fe2c2cfb0 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 26 Jul 2016 10:13:02 -0400 Subject: xPaaS v1.3.2 release --- roles/openshift_examples/examples-sync.sh | 2 +- .../v1.2/xpaas-streams/jboss-image-streams.json | 35 +- .../examples/v1.2/xpaas-templates/amq62-basic.json | 10 + .../v1.2/xpaas-templates/amq62-persistent-ssl.json | 10 + .../v1.2/xpaas-templates/amq62-persistent.json | 10 + .../examples/v1.2/xpaas-templates/amq62-ssl.json | 10 + .../datagrid65-postgresql-persistent.json | 8 +- .../xpaas-templates/datagrid65-postgresql.json | 8 +- .../xpaas-templates/decisionserver62-amq-s2i.json | 4 +- .../decisionserver62-basic-s2i.json | 4 +- .../decisionserver62-https-s2i.json | 4 +- .../xpaas-templates/eap64-amq-persistent-s2i.json | 78 ++- .../v1.2/xpaas-templates/eap64-amq-s2i.json | 90 ++- .../v1.2/xpaas-templates/eap64-basic-s2i.json | 20 +- .../v1.2/xpaas-templates/eap64-https-s2i.json | 38 +- .../eap64-mongodb-persistent-s2i.json | 38 +- .../v1.2/xpaas-templates/eap64-mongodb-s2i.json | 38 +- .../eap64-mysql-persistent-s2i.json | 42 +- .../v1.2/xpaas-templates/eap64-mysql-s2i.json | 42 +- .../eap64-postgresql-persistent-s2i.json | 46 +- .../v1.2/xpaas-templates/eap64-postgresql-s2i.json | 46 +- .../v1.2/xpaas-templates/eap64-sso-s2i.json | 193 ++++-- .../xpaas-templates/eap70-amq-persistent-s2i.json | 82 ++- .../v1.2/xpaas-templates/eap70-amq-s2i.json | 90 ++- .../v1.2/xpaas-templates/eap70-basic-s2i.json | 33 +- .../v1.2/xpaas-templates/eap70-https-s2i.json | 51 +- .../eap70-mongodb-persistent-s2i.json | 51 +- .../v1.2/xpaas-templates/eap70-mongodb-s2i.json | 51 +- .../eap70-mysql-persistent-s2i.json | 51 +- .../v1.2/xpaas-templates/eap70-mysql-s2i.json | 51 +- .../eap70-postgresql-persistent-s2i.json | 55 +- .../v1.2/xpaas-templates/eap70-postgresql-s2i.json | 55 +- .../v1.2/xpaas-templates/eap70-sso-s2i.json | 767 +++++++++++++++++++++ .../xpaas-templates/jws30-tomcat7-basic-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat7-https-s2i.json | 4 +- .../jws30-tomcat7-mongodb-persistent-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat7-mongodb-s2i.json | 4 +- .../jws30-tomcat7-mysql-persistent-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat7-mysql-s2i.json | 4 +- .../jws30-tomcat7-postgresql-persistent-s2i.json | 12 +- .../jws30-tomcat7-postgresql-s2i.json | 12 +- .../xpaas-templates/jws30-tomcat8-basic-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat8-https-s2i.json | 4 +- .../jws30-tomcat8-mongodb-persistent-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat8-mongodb-s2i.json | 4 +- .../jws30-tomcat8-mysql-persistent-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat8-mysql-s2i.json | 4 +- .../jws30-tomcat8-postgresql-persistent-s2i.json | 12 +- .../jws30-tomcat8-postgresql-s2i.json | 12 +- .../examples/v1.2/xpaas-templates/sso70-basic.json | 446 ------------ .../examples/v1.2/xpaas-templates/sso70-https.json | 514 ++++++++++++++ .../xpaas-templates/sso70-mysql-persistent.json | 186 +++-- .../examples/v1.2/xpaas-templates/sso70-mysql.json | 186 +++-- .../sso70-postgresql-persistent.json | 190 +++-- .../v1.2/xpaas-templates/sso70-postgresql.json | 194 ++++-- .../v1.3/xpaas-streams/jboss-image-streams.json | 35 +- .../examples/v1.3/xpaas-templates/amq62-basic.json | 10 + .../v1.3/xpaas-templates/amq62-persistent-ssl.json | 10 + .../v1.3/xpaas-templates/amq62-persistent.json | 10 + .../examples/v1.3/xpaas-templates/amq62-ssl.json | 10 + .../datagrid65-postgresql-persistent.json | 8 +- .../xpaas-templates/datagrid65-postgresql.json | 8 +- .../xpaas-templates/decisionserver62-amq-s2i.json | 4 +- .../decisionserver62-basic-s2i.json | 4 +- .../decisionserver62-https-s2i.json | 4 +- .../xpaas-templates/eap64-amq-persistent-s2i.json | 78 ++- .../v1.3/xpaas-templates/eap64-amq-s2i.json | 90 ++- .../v1.3/xpaas-templates/eap64-basic-s2i.json | 20 +- .../v1.3/xpaas-templates/eap64-https-s2i.json | 38 +- .../eap64-mongodb-persistent-s2i.json | 38 +- .../v1.3/xpaas-templates/eap64-mongodb-s2i.json | 38 +- .../eap64-mysql-persistent-s2i.json | 42 +- .../v1.3/xpaas-templates/eap64-mysql-s2i.json | 42 +- .../eap64-postgresql-persistent-s2i.json | 46 +- .../v1.3/xpaas-templates/eap64-postgresql-s2i.json | 46 +- .../v1.3/xpaas-templates/eap64-sso-s2i.json | 193 ++++-- .../xpaas-templates/eap70-amq-persistent-s2i.json | 82 ++- .../v1.3/xpaas-templates/eap70-amq-s2i.json | 90 ++- .../v1.3/xpaas-templates/eap70-basic-s2i.json | 33 +- .../v1.3/xpaas-templates/eap70-https-s2i.json | 51 +- .../eap70-mongodb-persistent-s2i.json | 51 +- .../v1.3/xpaas-templates/eap70-mongodb-s2i.json | 51 +- .../eap70-mysql-persistent-s2i.json | 51 +- .../v1.3/xpaas-templates/eap70-mysql-s2i.json | 51 +- .../eap70-postgresql-persistent-s2i.json | 55 +- .../v1.3/xpaas-templates/eap70-postgresql-s2i.json | 55 +- .../v1.3/xpaas-templates/eap70-sso-s2i.json | 767 +++++++++++++++++++++ .../xpaas-templates/jws30-tomcat7-basic-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat7-https-s2i.json | 4 +- .../jws30-tomcat7-mongodb-persistent-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat7-mongodb-s2i.json | 4 +- .../jws30-tomcat7-mysql-persistent-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat7-mysql-s2i.json | 4 +- .../jws30-tomcat7-postgresql-persistent-s2i.json | 12 +- .../jws30-tomcat7-postgresql-s2i.json | 12 +- .../xpaas-templates/jws30-tomcat8-basic-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat8-https-s2i.json | 4 +- .../jws30-tomcat8-mongodb-persistent-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat8-mongodb-s2i.json | 4 +- .../jws30-tomcat8-mysql-persistent-s2i.json | 4 +- .../xpaas-templates/jws30-tomcat8-mysql-s2i.json | 4 +- .../jws30-tomcat8-postgresql-persistent-s2i.json | 12 +- .../jws30-tomcat8-postgresql-s2i.json | 12 +- .../examples/v1.3/xpaas-templates/sso70-basic.json | 446 ------------ .../examples/v1.3/xpaas-templates/sso70-https.json | 514 ++++++++++++++ .../xpaas-templates/sso70-mysql-persistent.json | 186 +++-- .../examples/v1.3/xpaas-templates/sso70-mysql.json | 186 +++-- .../sso70-postgresql-persistent.json | 190 +++-- .../v1.3/xpaas-templates/sso70-postgresql.json | 194 ++++-- 109 files changed, 5979 insertions(+), 1869 deletions(-) create mode 100644 roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json delete mode 100644 roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json create mode 100644 roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json create mode 100644 roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json delete mode 100644 roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json create mode 100644 roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json (limited to 'roles/openshift_examples') diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index ef2da946a..ff53a0a4f 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -5,7 +5,7 @@ # # This script should be run from openshift-ansible/roles/openshift_examples -XPAAS_VERSION=ose-v1.3.1 +XPAAS_VERSION=ose-v1.3.2 ORIGIN_VERSION=${1:-v1.3} EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} find ${EXAMPLES_BASE} -name '*.json' -delete diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json index 46f93823c..8c21683dc 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json @@ -127,6 +127,19 @@ "sampleRef": "6.4.x", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.4" + } } ] } @@ -152,6 +165,19 @@ "sampleRef": "7.0.0.GA", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.0,javaee:7,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.4" + } } ] } @@ -255,19 +281,16 @@ } }, "spec": { + "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift", "tags": [ { - "name": "1.3-TP", + "name": "1.3", "annotations": { - "description": "Red Hat SSO 7.0 Tech Preview", + "description": "Red Hat SSO 7.0", "iconClass": "icon-jboss", "tags": "sso,keycloak,redhat", "supports":"sso:7.0,xpaas:1.3", "version": "1.3" - }, - "from": { - "kind": "DockerImage", - "name": "registry.access.redhat.com/redhat-sso-7-tech-preview/sso70-openshift:1.3" } } ] diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json index ce953c05f..ab35afead 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json @@ -39,6 +39,12 @@ "value": "", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", @@ -280,6 +286,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json index 7d41a29ad..c12f06dec 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json @@ -45,6 +45,12 @@ "value": "", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", @@ -450,6 +456,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json index 5d5dd9840..897ce0395 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json @@ -45,6 +45,12 @@ "value": "", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", @@ -298,6 +304,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json index 4122a02a1..97d110286 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json @@ -39,6 +39,12 @@ "value": "", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", @@ -434,6 +440,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json index d0e272a8d..12720eb19 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql-persistent" }, "labels": { "template": "datagrid65-postgresql-persistent", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -709,6 +709,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json index 55a68db40..da8015fb0 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql" }, "labels": { "template": "datagrid65-postgresql", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -697,6 +697,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json index 219b8ece7..f09900491 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json @@ -391,8 +391,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json index 097720375..7f694e0e1 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json @@ -245,8 +245,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json index e5e2dee63..ea1fcd5dc 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json @@ -334,8 +334,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json index c9ecee9cb..72dbb4302 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-persistent-s2i" }, "labels": { "template": "eap64-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -87,6 +87,18 @@ "value": "HELLOWORLDMDBTopic", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -99,6 +111,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount::default' where is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -507,6 +529,10 @@ "name": "MQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" @@ -527,6 +553,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -712,6 +746,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json index 99724db94..9dd847451 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-s2i" }, "labels": { "template": "eap64-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,18 @@ "value": "HELLOWORLDMDBTopic", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount::default' where is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -495,6 +517,10 @@ "name": "MQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" @@ -515,6 +541,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json index 2e3849e2a..7b1800b7b 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-basic-s2i" }, "labels": { "template": "eap64-basic-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -318,6 +324,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json index 2517be3ca..31716d84c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-https-s2i" }, "labels": { "template": "eap64-https-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -63,6 +63,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -75,6 +81,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,7 +368,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -430,6 +448,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -473,6 +495,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json index 97cc465d2..212431056 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-persistent-s2i" }, "labels": { "template": "eap64-mongodb-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,7 +461,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -559,6 +577,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -602,6 +624,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json index 8bdd85546..13fbbdd93 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-s2i" }, "labels": { "template": "eap64-mongodb-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,7 +455,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -553,6 +571,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -596,6 +618,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json index dcc591836..69fdec206 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-persistent-s2i" }, "labels": { "template": "eap64-mysql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,7 +464,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -562,6 +580,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -605,6 +627,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json index 372802eea..2bd3c249f 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-s2i" }, "labels": { "template": "eap64-mysql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,7 +458,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -556,6 +574,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -599,6 +621,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json index 1ba00e3b5..31f245950 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-persistent-s2i" }, "labels": { "template": "eap64-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,7 +449,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -547,6 +565,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -590,6 +612,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,6 +722,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json index 860374d3c..eac964697 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-s2i" }, "labels": { "template": "eap64-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,7 +443,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -541,6 +559,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -584,6 +606,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -680,6 +710,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json index 6c644553e..09023be71 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json @@ -6,13 +6,13 @@ "iconClass" : "icon-jboss", "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", - "version": "1.3.0" + "version": "1.3.2" }, "name": "eap64-sso-s2i" }, "labels": { "template": "eap64-sso-s2i", - "xpaas": "1.3.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -22,27 +22,27 @@ "required": true }, { - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTP", "value": "", - "required": false + "required": true }, { - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTPS", "value": "", - "required": false + "required": true }, { "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/keycloak/keycloak-examples", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", "required": true }, { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "0.4-openshift", + "value": "7.0.x-ose", "required": false }, { @@ -63,6 +63,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -76,15 +82,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -127,15 +139,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -146,31 +158,43 @@ "required": true }, { - "description": "SSO Location", - "name": "SSO_URI", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", "value": "https://secure-sso:8443/auth", "required": false }, { - "description": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", "name": "SSO_REALM", - "value": "demo", - "required": false + "value": "", + "required": true }, { - "description": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", "name": "SSO_USERNAME", "value": "", "required": false }, { - "description": "SSO Password", + "description": "The password for the SSO service user.", "name": "SSO_PASSWORD", "value": "", "required": false }, { - "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.", "name": "SSO_PUBLIC_KEY", "value": "", "required": false @@ -182,21 +206,9 @@ "required": false }, { - "description": "Routes", - "name": "APPLICATION_ROUTES", - "value": "", - "required": false - }, - { - "description": "Artifacts", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", "name": "ARTIFACT_DIR", - "value": "app-jee/target,service-jaxrs/target,app-profile-jee/target,app-profile-jee-saml/target", - "required": false - }, - { - "description": "maven", - "name": "MAVEN_ARGS_APPEND", - "value": "", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", "required": false }, { @@ -208,7 +220,7 @@ { "description": "The name of the keystore file within the secret", "name": "SSO_SAML_KEYSTORE", - "value": "/etc/sso-saml-secret-volume/keystore.jks", + "value": "keystore.jks", "required": false }, { @@ -235,6 +247,36 @@ "name": "SSO_ENABLE_CORS", "value": "false", "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap-app-secret", + "required": false } ], "objects": [ @@ -364,7 +406,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.3" + "name": "jboss-eap64-openshift:1.4" }, "env": [ { @@ -373,7 +415,7 @@ }, { "name": "MAVEN_ARGS_APPEND", - "value": "${MAVEN_ARGS_APPEND}" + "value": "" } ] } @@ -429,8 +471,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -451,7 +493,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -473,6 +515,11 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], "livenessProbe": { @@ -528,6 +575,14 @@ } } }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, { "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" @@ -536,6 +591,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -581,8 +640,16 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "SSO_URI", - "value": "${SSO_URI}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" }, { "name": "SSO_REALM", @@ -604,10 +671,6 @@ "name": "SSO_BEARER_ONLY", "value": "${SSO_BEARER_ONLY}" }, - { - "name": "APPLICATION_ROUTES", - "value": "${APPLICATION_ROUTES}" - }, { "name": "SSO_SAML_KEYSTORE_SECRET", "value": "${SSO_SAML_KEYSTORE_SECRET}" @@ -616,6 +679,10 @@ "name": "SSO_SAML_KEYSTORE", "value": "${SSO_SAML_KEYSTORE}" }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, { "name": "SSO_SAML_CERTIFICATE_NAME", "value": "${SSO_SAML_CERTIFICATE_NAME}" @@ -631,6 +698,26 @@ { "name": "SSO_ENABLE_CORS", "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -653,6 +740,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json index d9607ddd7..f08cdf2f9 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-persistent-s2i" }, "labels": { "template": "eap70-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -87,10 +87,22 @@ "value": "HELLOWORLDMDBTopic", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -99,6 +111,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount::default' where is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -162,7 +178,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -507,6 +529,10 @@ "name": "MQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" @@ -527,6 +553,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -712,6 +746,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json index 552b637b8..3ca9e9fab 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-s2i" }, "labels": { "template": "eap70-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,18 @@ "value": "HELLOWORLDMDBTopic", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount::default' where is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -495,6 +517,10 @@ "name": "MQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" @@ -515,6 +541,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json index f03fc69fa..83b4d5b24 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-basic-s2i" }, "labels": { "template": "eap70-basic-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -249,12 +255,23 @@ } }, "spec": { - "terminationGracePeriodSeconds": 60, + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -318,6 +335,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json index 27d9b656d..1292442a4 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-https-s2i" }, "labels": { "template": "eap70-https-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -63,6 +63,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -75,6 +81,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,8 +368,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -369,6 +387,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -430,6 +459,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -473,6 +506,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json index 9cc786416..99db77d58 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-persistent-s2i" }, "labels": { "template": "eap70-mongodb-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,8 +461,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -462,6 +480,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -559,6 +588,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -602,6 +635,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json index 4db6adcf8..c8150c231 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-s2i" }, "labels": { "template": "eap70-mongodb-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,8 +455,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -456,6 +474,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -553,6 +582,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -596,6 +629,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json index 91a79d797..f8e5c2b04 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-persistent-s2i" }, "labels": { "template": "eap70-mysql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,8 +464,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -465,6 +483,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -562,6 +591,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -606,6 +639,10 @@ "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json index 63e4ecd2b..1edeb62e7 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-s2i" }, "labels": { "template": "eap70-mysql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,8 +458,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -459,6 +477,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -556,6 +585,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -600,6 +633,10 @@ "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json index ea681d847..d11df06ee 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-persistent-s2i" }, "labels": { "template": "eap70-postgresql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,8 +449,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -450,6 +468,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -547,6 +576,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -591,6 +624,10 @@ "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" @@ -700,6 +737,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json index df95d823e..6b7f6d707 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-s2i" }, "labels": { "template": "eap70-postgresql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,8 +443,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -444,6 +462,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -541,6 +570,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -585,6 +618,10 @@ "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" @@ -688,6 +725,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json new file mode 100644 index 000000000..811602220 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json @@ -0,0 +1,767 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-jboss", + "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", + "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", + "version": "1.3.2" + }, + "name": "eap70-sso-s2i" + }, + "labels": { + "template": "eap70-sso-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json index 376f2f61b..413a6de87 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json index 0090d4090..610ea9441 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json index f0abc9b24..6ef9d6e4c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json index dc43fbea3..9b48f8ae7 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json index 6d02c7487..30af703ce 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json index cb23d32a7..c2843af63 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json index 82096ab12..b8372f374 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -586,6 +586,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json index 6c2e42564..cd5bb9fa4 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -574,6 +574,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json index b425891c6..cb1e49d29 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json index 7a5414fd7..21d5662c7 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json index 020c32d31..34657d826 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json index 48371db95..974cfaddb 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json index b1e847c60..7a8231cc5 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json index ca501102f..cda21f237 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json index 9050874ab..4dfc98015 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -586,6 +586,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json index dba4d8b26..f6c85668c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -572,6 +572,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json deleted file mode 100644 index 7f320bace..000000000 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json +++ /dev/null @@ -1,446 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for SSO 7.0", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,java,jboss,xpaas", - "version" : "1.3" - }, - "name": "sso70-basic" - }, - "labels": { - "template": "sso70-basic", - "xpaas" : "1.3.0" - }, - "parameters": [ - { - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "sso", - "required": true - }, - { - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: ..", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: ..", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "description": "The name of the secret containing the keystore file", - "name": "HTTPS_SECRET", - "value": "sso-app-secret", - "required": false - }, - { - "description": "The name of the keystore file within the secret", - "name": "HTTPS_KEYSTORE", - "value": "keystore.jks", - "required": false - }, - { - "description": "The name associated with the server certificate", - "name": "HTTPS_NAME", - "value": "jboss", - "required": false - }, - { - "description": "The password for the keystore and certificate", - "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", - "required": false - }, - { - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { - "description": "The name of the secret containing the keystore file", - "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", - "required": false - }, - { - "description": "The name of the keystore file within the secret", - "name": "JGROUPS_ENCRYPT_KEYSTORE", - "value": "jgroups.jceks", - "required": false - }, - { - "description": "The name associated with the server certificate", - "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", - "required": false - }, - { - "description": "The password for the keystore and certificate", - "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", - "required": false - }, - { - "description": "JGroups cluster password", - "name": "JGROUPS_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-basic" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-basic", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "eap-keystore-volume", - "mountPath": "/etc/eap-secret-volume", - "readOnly": true - }, - { - "name": "eap-jgroups-keystore-volume", - "mountPath": "/etc/jgroups-encrypt-secret-volume", - "readOnly": true - } - ], - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "OPENSHIFT_KUBE_PING_LABELS", - "value": "application=${APPLICATION_NAME}" - }, - { - "name": "OPENSHIFT_KUBE_PING_NAMESPACE", - "valueFrom": { - "fieldRef": { - "fieldPath": "metadata.namespace" - } - } - }, - { - "name": "EAP_HTTPS_KEYSTORE_DIR", - "value": "/etc/eap-secret-volume" - }, - { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" - }, - { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" - }, - { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" - }, - { - "name": "JGROUPS_ENCRYPT_SECRET", - "value": "${JGROUPS_ENCRYPT_SECRET}" - }, - { - "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", - "value": "/etc/jgroups-encrypt-secret-volume" - }, - { - "name": "JGROUPS_ENCRYPT_KEYSTORE", - "value": "${JGROUPS_ENCRYPT_KEYSTORE}" - }, - { - "name": "JGROUPS_ENCRYPT_NAME", - "value": "${JGROUPS_ENCRYPT_NAME}" - }, - { - "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "${JGROUPS_ENCRYPT_PASSWORD}" - }, - { - "name": "JGROUPS_CLUSTER_PASSWORD", - "value": "${JGROUPS_CLUSTER_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "eap-keystore-volume", - "secret": { - "secretName": "${HTTPS_SECRET}" - } - }, - { - "name": "eap-jgroups-keystore-volume", - "secret": { - "secretName": "${JGROUPS_ENCRYPT_SECRET}" - } - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json new file mode 100644 index 000000000..fb0578a67 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json @@ -0,0 +1,514 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for SSO 7.0", + "iconClass" : "icon-jboss", + "tags" : "sso,keycloak,java,jboss,xpaas", + "version" : "1.3.2" + }, + "name": "sso70-https" + }, + "labels": { + "template": "sso70-https", + "xpaas" : "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "sso", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: ..", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: ..", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "redhat-sso70-openshift:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json index dc8bd740e..dcbb24bf1 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql-persistent" }, "labels": { "template": "sso70-mysql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -45,6 +45,12 @@ "value": "root", "required": true }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -109,13 +121,6 @@ "name": "MYSQL_AIO", "required": false }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Database user name", "name": "DB_USERNAME", @@ -130,18 +135,6 @@ "generate": "expression", "required": true }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", @@ -151,7 +144,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -161,13 +154,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -184,6 +177,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -347,8 +388,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -364,8 +405,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -399,6 +456,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -451,32 +513,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -501,6 +555,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -517,6 +603,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json index 029dcee54..1768f7a1b 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql" }, "labels": { "template": "sso70-mysql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -45,6 +45,12 @@ "value": "root", "required": true }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -109,13 +121,6 @@ "name": "MYSQL_AIO", "required": false }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Database user name", "name": "DB_USERNAME", @@ -130,22 +135,10 @@ "generate": "expression", "required": true }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -155,13 +148,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -178,6 +171,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -348,8 +389,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -365,8 +406,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -400,6 +457,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -452,32 +514,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -502,6 +556,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -518,6 +604,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json index bad7e49b2..4c2f81f2e 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql-persistent" }, "labels": { "template": "sso70-postgresql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -45,6 +45,12 @@ "value": "root", "required": true }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -94,13 +106,6 @@ "name": "POSTGRESQL_SHARED_BUFFERS", "required": false }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Database user name", "name": "DB_USERNAME", @@ -115,18 +120,6 @@ "generate": "expression", "required": true }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", @@ -136,7 +129,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -146,13 +139,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -169,6 +162,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -332,8 +373,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -349,8 +390,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -384,6 +441,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -436,32 +498,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -486,6 +540,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -502,6 +588,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -588,6 +680,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json index 08257d192..d8402ef72 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql" }, "labels": { "template": "sso70-postgresql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -45,6 +45,12 @@ "value": "root", "required": true }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -94,13 +106,6 @@ "name": "POSTGRESQL_SHARED_BUFFERS", "required": false }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Database user name", "name": "DB_USERNAME", @@ -115,22 +120,10 @@ "generate": "expression", "required": true }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -140,15 +133,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -163,6 +156,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -333,8 +374,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -350,8 +391,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -385,6 +442,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -437,32 +499,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -487,6 +541,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -503,6 +589,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -585,6 +677,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json index 46f93823c..8c21683dc 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json @@ -127,6 +127,19 @@ "sampleRef": "6.4.x", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.4" + } } ] } @@ -152,6 +165,19 @@ "sampleRef": "7.0.0.GA", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.0,javaee:7,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.4" + } } ] } @@ -255,19 +281,16 @@ } }, "spec": { + "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift", "tags": [ { - "name": "1.3-TP", + "name": "1.3", "annotations": { - "description": "Red Hat SSO 7.0 Tech Preview", + "description": "Red Hat SSO 7.0", "iconClass": "icon-jboss", "tags": "sso,keycloak,redhat", "supports":"sso:7.0,xpaas:1.3", "version": "1.3" - }, - "from": { - "kind": "DockerImage", - "name": "registry.access.redhat.com/redhat-sso-7-tech-preview/sso70-openshift:1.3" } } ] diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json index ce953c05f..ab35afead 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json @@ -39,6 +39,12 @@ "value": "", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", @@ -280,6 +286,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json index 7d41a29ad..c12f06dec 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json @@ -45,6 +45,12 @@ "value": "", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", @@ -450,6 +456,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json index 5d5dd9840..897ce0395 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json @@ -45,6 +45,12 @@ "value": "", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", @@ -298,6 +304,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json index 4122a02a1..97d110286 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json @@ -39,6 +39,12 @@ "value": "", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", @@ -434,6 +440,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json index d0e272a8d..12720eb19 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql-persistent" }, "labels": { "template": "datagrid65-postgresql-persistent", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -709,6 +709,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json index 55a68db40..da8015fb0 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql" }, "labels": { "template": "datagrid65-postgresql", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -697,6 +697,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json index 219b8ece7..f09900491 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json @@ -391,8 +391,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json index 097720375..7f694e0e1 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json @@ -245,8 +245,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json index e5e2dee63..ea1fcd5dc 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json @@ -334,8 +334,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json index c9ecee9cb..72dbb4302 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-persistent-s2i" }, "labels": { "template": "eap64-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -87,6 +87,18 @@ "value": "HELLOWORLDMDBTopic", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -99,6 +111,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount::default' where is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -507,6 +529,10 @@ "name": "MQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" @@ -527,6 +553,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -712,6 +746,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json index 99724db94..9dd847451 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-s2i" }, "labels": { "template": "eap64-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,18 @@ "value": "HELLOWORLDMDBTopic", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount::default' where is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -495,6 +517,10 @@ "name": "MQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" @@ -515,6 +541,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json index 2e3849e2a..7b1800b7b 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-basic-s2i" }, "labels": { "template": "eap64-basic-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -318,6 +324,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json index 2517be3ca..31716d84c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-https-s2i" }, "labels": { "template": "eap64-https-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -63,6 +63,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -75,6 +81,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,7 +368,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -430,6 +448,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -473,6 +495,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json index 97cc465d2..212431056 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-persistent-s2i" }, "labels": { "template": "eap64-mongodb-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,7 +461,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -559,6 +577,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -602,6 +624,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json index 8bdd85546..13fbbdd93 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-s2i" }, "labels": { "template": "eap64-mongodb-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,7 +455,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -553,6 +571,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -596,6 +618,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json index dcc591836..69fdec206 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-persistent-s2i" }, "labels": { "template": "eap64-mysql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,7 +464,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -562,6 +580,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -605,6 +627,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json index 372802eea..2bd3c249f 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-s2i" }, "labels": { "template": "eap64-mysql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,7 +458,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -556,6 +574,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -599,6 +621,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json index 1ba00e3b5..31f245950 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-persistent-s2i" }, "labels": { "template": "eap64-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,7 +449,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -547,6 +565,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -590,6 +612,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,6 +722,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json index 860374d3c..eac964697 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-s2i" }, "labels": { "template": "eap64-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,7 +443,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -541,6 +559,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -584,6 +606,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -680,6 +710,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json index 6c644553e..09023be71 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json @@ -6,13 +6,13 @@ "iconClass" : "icon-jboss", "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", - "version": "1.3.0" + "version": "1.3.2" }, "name": "eap64-sso-s2i" }, "labels": { "template": "eap64-sso-s2i", - "xpaas": "1.3.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -22,27 +22,27 @@ "required": true }, { - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: -.", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTP", "value": "", - "required": false + "required": true }, { - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure--.", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTPS", "value": "", - "required": false + "required": true }, { "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/keycloak/keycloak-examples", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", "required": true }, { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "0.4-openshift", + "value": "7.0.x-ose", "required": false }, { @@ -63,6 +63,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -76,15 +82,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -127,15 +139,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -146,31 +158,43 @@ "required": true }, { - "description": "SSO Location", - "name": "SSO_URI", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", "value": "https://secure-sso:8443/auth", "required": false }, { - "description": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", "name": "SSO_REALM", - "value": "demo", - "required": false + "value": "", + "required": true }, { - "description": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", "name": "SSO_USERNAME", "value": "", "required": false }, { - "description": "SSO Password", + "description": "The password for the SSO service user.", "name": "SSO_PASSWORD", "value": "", "required": false }, { - "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.", "name": "SSO_PUBLIC_KEY", "value": "", "required": false @@ -182,21 +206,9 @@ "required": false }, { - "description": "Routes", - "name": "APPLICATION_ROUTES", - "value": "", - "required": false - }, - { - "description": "Artifacts", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", "name": "ARTIFACT_DIR", - "value": "app-jee/target,service-jaxrs/target,app-profile-jee/target,app-profile-jee-saml/target", - "required": false - }, - { - "description": "maven", - "name": "MAVEN_ARGS_APPEND", - "value": "", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", "required": false }, { @@ -208,7 +220,7 @@ { "description": "The name of the keystore file within the secret", "name": "SSO_SAML_KEYSTORE", - "value": "/etc/sso-saml-secret-volume/keystore.jks", + "value": "keystore.jks", "required": false }, { @@ -235,6 +247,36 @@ "name": "SSO_ENABLE_CORS", "value": "false", "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap-app-secret", + "required": false } ], "objects": [ @@ -364,7 +406,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.3" + "name": "jboss-eap64-openshift:1.4" }, "env": [ { @@ -373,7 +415,7 @@ }, { "name": "MAVEN_ARGS_APPEND", - "value": "${MAVEN_ARGS_APPEND}" + "value": "" } ] } @@ -429,8 +471,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -451,7 +493,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -473,6 +515,11 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], "livenessProbe": { @@ -528,6 +575,14 @@ } } }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, { "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" @@ -536,6 +591,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -581,8 +640,16 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "SSO_URI", - "value": "${SSO_URI}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" }, { "name": "SSO_REALM", @@ -604,10 +671,6 @@ "name": "SSO_BEARER_ONLY", "value": "${SSO_BEARER_ONLY}" }, - { - "name": "APPLICATION_ROUTES", - "value": "${APPLICATION_ROUTES}" - }, { "name": "SSO_SAML_KEYSTORE_SECRET", "value": "${SSO_SAML_KEYSTORE_SECRET}" @@ -616,6 +679,10 @@ "name": "SSO_SAML_KEYSTORE", "value": "${SSO_SAML_KEYSTORE}" }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, { "name": "SSO_SAML_CERTIFICATE_NAME", "value": "${SSO_SAML_CERTIFICATE_NAME}" @@ -631,6 +698,26 @@ { "name": "SSO_ENABLE_CORS", "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -653,6 +740,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json index d9607ddd7..f08cdf2f9 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-persistent-s2i" }, "labels": { "template": "eap70-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -87,10 +87,22 @@ "value": "HELLOWORLDMDBTopic", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -99,6 +111,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount::default' where is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -162,7 +178,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -507,6 +529,10 @@ "name": "MQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" @@ -527,6 +553,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -712,6 +746,10 @@ "name": "AMQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json index 552b637b8..3ca9e9fab 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-s2i" }, "labels": { "template": "eap70-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,18 @@ "value": "HELLOWORLDMDBTopic", "required": false }, + { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount::default' where is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -495,6 +517,10 @@ "name": "MQ_TOPICS", "value": "${MQ_TOPICS}" }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" @@ -515,6 +541,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json index f03fc69fa..83b4d5b24 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-basic-s2i" }, "labels": { "template": "eap70-basic-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -249,12 +255,23 @@ } }, "spec": { - "terminationGracePeriodSeconds": 60, + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -318,6 +335,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json index 27d9b656d..1292442a4 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-https-s2i" }, "labels": { "template": "eap70-https-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -63,6 +63,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -75,6 +81,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,8 +368,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -369,6 +387,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -430,6 +459,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -473,6 +506,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json index 9cc786416..99db77d58 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-persistent-s2i" }, "labels": { "template": "eap70-mongodb-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,8 +461,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -462,6 +480,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -559,6 +588,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -602,6 +635,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json index 4db6adcf8..c8150c231 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-s2i" }, "labels": { "template": "eap70-mongodb-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,8 +455,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -456,6 +474,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -553,6 +582,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -596,6 +629,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json index 91a79d797..f8e5c2b04 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-persistent-s2i" }, "labels": { "template": "eap70-mysql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,8 +464,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -465,6 +483,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -562,6 +591,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -606,6 +639,10 @@ "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json index 63e4ecd2b..1edeb62e7 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-s2i" }, "labels": { "template": "eap70-mysql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,8 +458,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -459,6 +477,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -556,6 +585,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -600,6 +633,10 @@ "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json index ea681d847..d11df06ee 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-persistent-s2i" }, "labels": { "template": "eap70-postgresql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -81,6 +81,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -93,6 +99,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,8 +449,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -450,6 +468,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -547,6 +576,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -591,6 +624,10 @@ "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" @@ -700,6 +737,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json index df95d823e..6b7f6d707 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-s2i" }, "labels": { "template": "eap70-postgresql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -75,6 +75,12 @@ "value": "", "required": false }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -87,6 +93,12 @@ "value": "keystore.jks", "required": false }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,8 +443,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -444,6 +462,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -541,6 +570,10 @@ "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" @@ -585,6 +618,10 @@ "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" @@ -688,6 +725,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json new file mode 100644 index 000000000..811602220 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json @@ -0,0 +1,767 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-jboss", + "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", + "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", + "version": "1.3.2" + }, + "name": "eap70-sso-s2i" + }, + "labels": { + "template": "eap70-sso-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json index 376f2f61b..413a6de87 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json index 0090d4090..610ea9441 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json index f0abc9b24..6ef9d6e4c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json index dc43fbea3..9b48f8ae7 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json index 6d02c7487..30af703ce 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json index cb23d32a7..c2843af63 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json index 82096ab12..b8372f374 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -586,6 +586,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json index 6c2e42564..cd5bb9fa4 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -574,6 +574,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json index b425891c6..cb1e49d29 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json index 7a5414fd7..21d5662c7 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json index 020c32d31..34657d826 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json index 48371db95..974cfaddb 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json index b1e847c60..7a8231cc5 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json index ca501102f..cda21f237 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json index 9050874ab..4dfc98015 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -586,6 +586,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json index dba4d8b26..f6c85668c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -572,6 +572,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json deleted file mode 100644 index 7f320bace..000000000 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json +++ /dev/null @@ -1,446 +0,0 @@ -{ - "kind": "Template", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Application template for SSO 7.0", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,java,jboss,xpaas", - "version" : "1.3" - }, - "name": "sso70-basic" - }, - "labels": { - "template": "sso70-basic", - "xpaas" : "1.3.0" - }, - "parameters": [ - { - "description": "The name for the application.", - "name": "APPLICATION_NAME", - "value": "sso", - "required": true - }, - { - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: ..", - "name": "HOSTNAME_HTTP", - "value": "", - "required": false - }, - { - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: ..", - "name": "HOSTNAME_HTTPS", - "value": "", - "required": false - }, - { - "description": "The name of the secret containing the keystore file", - "name": "HTTPS_SECRET", - "value": "sso-app-secret", - "required": false - }, - { - "description": "The name of the keystore file within the secret", - "name": "HTTPS_KEYSTORE", - "value": "keystore.jks", - "required": false - }, - { - "description": "The name associated with the server certificate", - "name": "HTTPS_NAME", - "value": "jboss", - "required": false - }, - { - "description": "The password for the keystore and certificate", - "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", - "required": false - }, - { - "description": "Sets xa-pool/min-pool-size for the configured datasource.", - "name": "DB_MIN_POOL_SIZE", - "required": false - }, - { - "description": "Sets xa-pool/max-pool-size for the configured datasource.", - "name": "DB_MAX_POOL_SIZE", - "required": false - }, - { - "description": "Sets transaction-isolation for the configured datasource.", - "name": "DB_TX_ISOLATION", - "required": false - }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { - "description": "The name of the secret containing the keystore file", - "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", - "required": false - }, - { - "description": "The name of the keystore file within the secret", - "name": "JGROUPS_ENCRYPT_KEYSTORE", - "value": "jgroups.jceks", - "required": false - }, - { - "description": "The name associated with the server certificate", - "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", - "required": false - }, - { - "description": "The password for the keystore and certificate", - "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", - "required": false - }, - { - "description": "JGroups cluster password", - "name": "JGROUPS_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", - "name": "IMAGE_STREAM_NAMESPACE", - "value": "openshift", - "required": true - } - ], - "objects": [ - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8080, - "targetPort": 8080 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's http port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-basic" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-basic", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-http", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's http service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTP}", - "to": { - "name": "${APPLICATION_NAME}" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https", - "metadata": { - "name": "secure-${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${HOSTNAME_HTTPS}", - "to": { - "name": "secure-${APPLICATION_NAME}" - }, - "tls": { - "termination": "passthrough" - } - } - }, - { - "kind": "DeploymentConfig", - "apiVersion": "v1", - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "strategy": { - "type": "Recreate" - }, - "triggers": [ - { - "type": "ImageChange", - "imageChangeParams": { - "automatic": true, - "containerNames": [ - "${APPLICATION_NAME}" - ], - "from": { - "kind": "ImageStreamTag", - "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" - } - } - }, - { - "type": "ConfigChange" - } - ], - "replicas": 1, - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - }, - "template": { - "metadata": { - "name": "${APPLICATION_NAME}", - "labels": { - "deploymentConfig": "${APPLICATION_NAME}", - "application": "${APPLICATION_NAME}" - } - }, - "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, - "containers": [ - { - "name": "${APPLICATION_NAME}", - "image": "${APPLICATION_NAME}", - "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "eap-keystore-volume", - "mountPath": "/etc/eap-secret-volume", - "readOnly": true - }, - { - "name": "eap-jgroups-keystore-volume", - "mountPath": "/etc/jgroups-encrypt-secret-volume", - "readOnly": true - } - ], - "livenessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/livenessProbe.sh" - ] - } - }, - "readinessProbe": { - "exec": { - "command": [ - "/bin/bash", - "-c", - "/opt/eap/bin/readinessProbe.sh" - ] - } - }, - "ports": [ - { - "name": "jolokia", - "containerPort": 8778, - "protocol": "TCP" - }, - { - "name": "http", - "containerPort": 8080, - "protocol": "TCP" - }, - { - "name": "https", - "containerPort": 8443, - "protocol": "TCP" - } - ], - "env": [ - { - "name": "DB_MIN_POOL_SIZE", - "value": "${DB_MIN_POOL_SIZE}" - }, - { - "name": "DB_MAX_POOL_SIZE", - "value": "${DB_MAX_POOL_SIZE}" - }, - { - "name": "DB_TX_ISOLATION", - "value": "${DB_TX_ISOLATION}" - }, - { - "name": "OPENSHIFT_KUBE_PING_LABELS", - "value": "application=${APPLICATION_NAME}" - }, - { - "name": "OPENSHIFT_KUBE_PING_NAMESPACE", - "valueFrom": { - "fieldRef": { - "fieldPath": "metadata.namespace" - } - } - }, - { - "name": "EAP_HTTPS_KEYSTORE_DIR", - "value": "/etc/eap-secret-volume" - }, - { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${HTTPS_KEYSTORE}" - }, - { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" - }, - { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" - }, - { - "name": "JGROUPS_ENCRYPT_SECRET", - "value": "${JGROUPS_ENCRYPT_SECRET}" - }, - { - "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", - "value": "/etc/jgroups-encrypt-secret-volume" - }, - { - "name": "JGROUPS_ENCRYPT_KEYSTORE", - "value": "${JGROUPS_ENCRYPT_KEYSTORE}" - }, - { - "name": "JGROUPS_ENCRYPT_NAME", - "value": "${JGROUPS_ENCRYPT_NAME}" - }, - { - "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "${JGROUPS_ENCRYPT_PASSWORD}" - }, - { - "name": "JGROUPS_CLUSTER_PASSWORD", - "value": "${JGROUPS_CLUSTER_PASSWORD}" - } - ] - } - ], - "volumes": [ - { - "name": "eap-keystore-volume", - "secret": { - "secretName": "${HTTPS_SECRET}" - } - }, - { - "name": "eap-jgroups-keystore-volume", - "secret": { - "secretName": "${JGROUPS_ENCRYPT_SECRET}" - } - } - ] - } - } - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json new file mode 100644 index 000000000..fb0578a67 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json @@ -0,0 +1,514 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for SSO 7.0", + "iconClass" : "icon-jboss", + "tags" : "sso,keycloak,java,jboss,xpaas", + "version" : "1.3.2" + }, + "name": "sso70-https" + }, + "labels": { + "template": "sso70-https", + "xpaas" : "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "sso", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: ..", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: ..", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "sso-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "redhat-sso70-openshift:1.3" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json index dc8bd740e..dcbb24bf1 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql-persistent" }, "labels": { "template": "sso70-mysql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -45,6 +45,12 @@ "value": "root", "required": true }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -109,13 +121,6 @@ "name": "MYSQL_AIO", "required": false }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Database user name", "name": "DB_USERNAME", @@ -130,18 +135,6 @@ "generate": "expression", "required": true }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", @@ -151,7 +144,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -161,13 +154,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -184,6 +177,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -347,8 +388,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -364,8 +405,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -399,6 +456,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -451,32 +513,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -501,6 +555,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -517,6 +603,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json index 029dcee54..1768f7a1b 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql" }, "labels": { "template": "sso70-mysql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -45,6 +45,12 @@ "value": "root", "required": true }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -109,13 +121,6 @@ "name": "MYSQL_AIO", "required": false }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Database user name", "name": "DB_USERNAME", @@ -130,22 +135,10 @@ "generate": "expression", "required": true }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -155,13 +148,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -178,6 +171,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -348,8 +389,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -365,8 +406,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -400,6 +457,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -452,32 +514,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -502,6 +556,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -518,6 +604,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json index bad7e49b2..4c2f81f2e 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql-persistent" }, "labels": { "template": "sso70-postgresql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -45,6 +45,12 @@ "value": "root", "required": true }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -94,13 +106,6 @@ "name": "POSTGRESQL_SHARED_BUFFERS", "required": false }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Database user name", "name": "DB_USERNAME", @@ -115,18 +120,6 @@ "generate": "expression", "required": true }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", @@ -136,7 +129,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -146,13 +139,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -169,6 +162,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -332,8 +373,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -349,8 +390,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -384,6 +441,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -436,32 +498,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -486,6 +540,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -502,6 +588,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -588,6 +680,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json index 08257d192..d8402ef72 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql" }, "labels": { "template": "sso70-postgresql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -45,6 +45,12 @@ "value": "root", "required": true }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -94,13 +106,6 @@ "name": "POSTGRESQL_SHARED_BUFFERS", "required": false }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Database user name", "name": "DB_USERNAME", @@ -115,22 +120,10 @@ "generate": "expression", "required": true }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -140,15 +133,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -163,6 +156,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -333,8 +374,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -350,8 +391,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -385,6 +442,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -437,32 +499,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -487,6 +541,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -503,6 +589,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -585,6 +677,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" -- cgit v1.2.3