diff options
1022 files changed, 100679 insertions, 9208 deletions
@@ -1,6 +1,39 @@ #!/bin/bash set -xeuo pipefail +pip install requests + +query_github() { + repo=$1; shift + resource=$1; shift + python -c " +import sys +import requests +j = requests.get('https://api.github.com/repos/$repo/$resource').json() +for q in sys.argv[1:]: + if q.isdigit(): + q = int(q) + j = j[q] +print(j)" "$@" +} + +# Essentially use a similar procedure other openshift-ansible PR tests use to +# determine which image tag should be used. This allows us to avoid hardcoding a +# specific version which quickly becomes stale. + +if [ -n "${PAPR_BRANCH:-}" ]; then + target_branch=$PAPR_BRANCH +else + # check which branch we're targeting if we're a PR + target_branch=$(query_github $PAPR_REPO pulls/$PAPR_PULL_ID base ref) + [ -n "$target_branch" ] +fi + +# this is a bit wasteful, though there's no easy way to say "only clone up to +# the first tag in the branch" -- ideally, PAPR could help with caching here +git clone --branch $target_branch --single-branch https://github.com/openshift/origin +export OPENSHIFT_IMAGE_TAG=$(git -C origin describe --abbrev=0) + echo "Targeting OpenShift Origin $OPENSHIFT_IMAGE_TAG" pip install -r requirements.txt @@ -22,12 +55,15 @@ trap upload_journals ERR # https://github.com/openshift/openshift-ansible/issues/4478 is fixed. ansible-playbook -vvv -i .papr.inventory playbooks/byo/config.yml -e "openshift_image_tag=$OPENSHIFT_IMAGE_TAG" -# run a small subset of origin conformance tests to sanity -# check the cluster NB: we run it on the master since we may -# be in a different OSP network -ssh ocp-master docker run --rm --net=host --privileged \ - -v /etc/origin/master/admin.kubeconfig:/config \ - registry.fedoraproject.org/fedora:26 sh -c \ - '"dnf install -y origin-tests && \ - KUBECONFIG=/config /usr/libexec/origin/extended.test --ginkgo.v=1 \ - --ginkgo.noColor --ginkgo.focus=\"Services.*NodePort|EmptyDir\""' +### DISABLING TESTS FOR NOW, SEE: +### https://github.com/openshift/openshift-ansible/pull/6132 + +### # run a small subset of origin conformance tests to sanity +### # check the cluster NB: we run it on the master since we may +### # be in a different OSP network +### ssh ocp-master docker run --rm --net=host --privileged \ +### -v /etc/origin/master/admin.kubeconfig:/config \ +### registry.fedoraproject.org/fedora:27 sh -c \ +### '"dnf install -y origin-tests && \ +### KUBECONFIG=/config /usr/libexec/origin/extended.test --ginkgo.v=1 \ +### --ginkgo.noColor --ginkgo.focus=\"Services.*NodePort|EmptyDir\""' @@ -14,35 +14,28 @@ cluster: hosts: - name: ocp-master - distro: fedora/26/atomic + distro: fedora/27/atomic specs: ram: 4096 - name: ocp-node1 - distro: fedora/26/atomic + distro: fedora/27/atomic - name: ocp-node2 - distro: fedora/26/atomic + distro: fedora/27/atomic container: - image: registry.fedoraproject.org/fedora:26 + image: registry.fedoraproject.org/fedora:27 -# temp workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1483553 -#packages: -# - gcc -# - python-pip -# - python-devel -# - libffi-devel -# - openssl-devel -# - redhat-rpm-config +packages: + - gcc + - git + - python-pip + - python-devel + - libffi-devel + - openssl-devel + - redhat-rpm-config -context: 'fedora/26/atomic' - -env: - OPENSHIFT_IMAGE_TAG: v3.6.0 +context: 'fedora/27/atomic' tests: - # temp workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1483553 - - if (dnf distro-sync -y || :) |& grep -q -e BDB1539; then - rpm --rebuilddb; dnf distro-sync; - fi; dnf install -y gcc python-pip python-devel libffi-devel openssl-devel redhat-rpm-config - ./.papr.sh artifacts: @@ -214,7 +214,8 @@ ignore-mixin-members=yes # (useful for modules/projects where namespaces are manipulated during runtime # and thus existing member attributes cannot be deduced by static analysis. It # supports qualified module names, as well as Unix pattern matching. -ignored-modules= +# Ignoring ansible.constants to suppress `no-member` warnings +ignored-modules=ansible.constants # List of classes names for which member attributes should not be checked # (useful for classes with attributes dynamically set). This supports can work diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 9dcd067e5..3a2ec2357 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.7.0-0.143.0 ./ +3.8.0-0.3.0 ./ diff --git a/.tito/releasers.conf b/.tito/releasers.conf index 17baaa1bd..bce5e5443 100644 --- a/.tito/releasers.conf +++ b/.tito/releasers.conf @@ -42,6 +42,10 @@ releaser = tito.release.DistGitReleaser branches = rhaos-3.7-rhel-7 srpm_disttag = .el7aos +[aos-3.8] +releaser = tito.release.DistGitReleaser +branches = rhaos-3.8-rhel-7 +srpm_disttag = .el7aos [copr-openshift-ansible] releaser = tito.release.CoprReleaser @@ -50,27 +50,27 @@ you are not running a stable release. ## Setup -1. Install base dependencies: +Install base dependencies: - *** +Requirements: - Requirements: - - Ansible >= 2.3.0.0 - - Jinja >= 2.7 - - pyOpenSSL - - python-lxml +- Ansible >= 2.3.0.0 +- Jinja >= 2.7 +- pyOpenSSL +- python-lxml - *** +---- - Fedora: - ``` - dnf install -y ansible pyOpenSSL python-cryptography python-lxml - ``` +Fedora: -2. OpenShift Installation Documentation: +``` +dnf install -y ansible pyOpenSSL python-cryptography python-lxml +``` - - [OpenShift Enterprise](https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html) - - [OpenShift Origin](https://docs.openshift.org/latest/install_config/install/advanced_install.html) +## OpenShift Installation Documentation: + +- [OpenShift Enterprise](https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html) +- [OpenShift Origin](https://docs.openshift.org/latest/install_config/install/advanced_install.html) ## Containerized OpenShift Ansible diff --git a/README_CONTAINERIZED_INSTALLATION.md b/README_CONTAINERIZED_INSTALLATION.md index 8eaa69deb..395d5c49a 100644 --- a/README_CONTAINERIZED_INSTALLATION.md +++ b/README_CONTAINERIZED_INSTALLATION.md @@ -16,7 +16,7 @@ Currently the default installation method for traditional operating systems is via RPMs. If you wish to deploy using containerized installation you may set the ansible variable 'containerized=true' on a per host basis. This means that you may easily deploy environments mixing containerized and RPM based installs. At -this point we suggest deploying heterogeneous environments. +this point we don't suggest deploying heterogeneous environments. ## CLI Wrappers diff --git a/README_CONTAINER_IMAGE.md b/README_CONTAINER_IMAGE.md index a2151352d..712c7c4b0 100644 --- a/README_CONTAINER_IMAGE.md +++ b/README_CONTAINER_IMAGE.md @@ -28,7 +28,7 @@ Here is an example of how to run a containerized `openshift-ansible` playbook th -v $HOME/.ssh/id_rsa:/opt/app-root/src/.ssh/id_rsa:Z \ -v /etc/ansible/hosts:/tmp/inventory \ -e INVENTORY_FILE=/tmp/inventory \ - -e PLAYBOOK_FILE=playbooks/byo/openshift-checks/certificate_expiry/default.yaml \ + -e PLAYBOOK_FILE=playbooks/openshift-checks/certificate_expiry/default.yaml \ -e OPTS="-v" -t \ openshift/origin-ansible @@ -44,7 +44,7 @@ Here is a detailed explanation of the options used in the command above: * `-v /etc/ansible/hosts:/tmp/inventory` and `-e INVENTORY_FILE=/tmp/inventory` mount the Ansible inventory file into the container as `/tmp/inventory` and set the corresponding environment variable to point at it respectively. The example uses `/etc/ansible/hosts` as the inventory file as this is a default location, but your inventory is likely to be elsewhere so please adjust as needed. Note that depending on the file you point to you might have to handle SELinux labels in a similar way as with the ssh keys, e.g. by adding a `:z` flag to the volume mount, so again you might prefer to copy the inventory to a dedicated location first. -* `-e PLAYBOOK_FILE=playbooks/byo/openshift-checks/certificate_expiry/default.yaml` specifies the playbook to run as a relative path from the top level directory of openshift-ansible. +* `-e PLAYBOOK_FILE=playbooks/openshift-checks/certificate_expiry/default.yaml` specifies the playbook to run as a relative path from the top level directory of openshift-ansible. * `-e OPTS="-v"` and `-t` make the output look nicer: the `default.yaml` playbook does not generate results and runs quietly unless we add the `-v` option to the `ansible-playbook` invocation, and a TTY is allocated via `-t` so that Ansible adds color to the output. diff --git a/ansible.cfg b/ansible.cfg index 589a58e9d..9900d28f8 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -11,6 +11,9 @@ # Additional default options for OpenShift Ansible callback_plugins = callback_plugins/ +filter_plugins = filter_plugins/ +lookup_plugins = lookup_plugins/ +library = library/ forks = 20 host_key_checking = False retry_files_enabled = False @@ -23,15 +26,16 @@ fact_caching = jsonfile fact_caching_connection = $HOME/ansible/facts fact_caching_timeout = 600 callback_whitelist = profile_tasks +inventory_ignore_extensions = secrets.py, .pyc, .cfg, .crt +# work around privilege escalation timeouts in ansible: +timeout = 30 # Uncomment to use the provided BYO inventory -#hostfile = inventory/byo/hosts +#inventory = inventory/byo/hosts.example -# Uncomment to use the provided GCE dynamic inventory script -#hostfile = inventory/gce/gce.py - -# Uncomment to use the provided AWS dynamic inventory script -#hostfile = inventory/aws/ec2.py +[inventory] +# fail more helpfully when the inventory file does not parse (Ansible 2.4+) +unparsed_is_failed=true # Additional ssh options for OpenShift Ansible [ssh_connection] diff --git a/callback_plugins/aa_version_requirement.py b/callback_plugins/aa_version_requirement.py index 9562adb28..110b3d673 100644 --- a/callback_plugins/aa_version_requirement.py +++ b/callback_plugins/aa_version_requirement.py @@ -29,7 +29,7 @@ else: # Set to minimum required Ansible version -REQUIRED_VERSION = '2.3.0.0' +REQUIRED_VERSION = '2.4.0.0' DESCRIPTION = "Supported versions: %s or newer" % REQUIRED_VERSION diff --git a/docs/proposals/crt_management_proposal.md b/docs/proposals/crt_management_proposal.md new file mode 100644 index 000000000..5fc1ad08d --- /dev/null +++ b/docs/proposals/crt_management_proposal.md @@ -0,0 +1,113 @@ +# Container Runtime Management + +## Description +origin and openshift-ansible support multiple container runtimes. This proposal +is related to refactoring how we handle those runtimes in openshift-ansible. + +### Problems addressed +We currently don't install docker during the install at a point early enough to +not fail health checks, and we don't have a good story around when/how to do it. +This is complicated by logic around containerized and non-containerized installs. + +A web of dependencies can cause changes to docker that are unintended and has +resulted in a series of work-around such as 'skip_docker' boolean. + +We don't handle docker storage because it's BYO. By moving docker to a prerequisite +play, we can tackle storage up front and never have to touch it again. + +container_runtime logic is currently spread across 3 roles: docker, openshift_docker, +and openshift_docker_facts. The name 'docker' does not accurately portray what +the role(s) do. + +## Rationale +* Refactor docker (and related meta/fact roles) into 'container_runtime' role. +* Strip all meta-depends on container runtime out of other roles and plays. +* Create a 'prerequisites.yml' entry point that will setup various items +such as container storage and container runtime before executing installation. +* All other roles and plays should merely consume container runtime, should not +configure, restart, or change the container runtime as much as feasible. + +## Design + +The container_runtime role should be comprised of 3 'pseudo-roles' which will be +consumed using include_role; each component area should be enabled/disabled with +a boolean value, defaulting to true. + +I call them 'pseudo-roles' because they are more or less independent functional +areas that may share some variables and act on closely related components. This +is an effort to reuse as much code as possible, limit role-bloat (we already have +an abundance of roles), and make things as modular as possible. + +```yaml +# prerequisites.yml +- include: std_include.yml +- include: container_runtime_setup.yml +... +# container_runtime_setup.yml +- hosts: "{{ openshift_runtime_manage_hosts | default('oo_nodes_to_config') }}" + tasks: + - include_role: + name: container_runtime + tasks_from: install.yml + when: openshift_container_runtime_install | default(True) | bool + - include_role: + name: container_runtime + tasks_from: storage.yml + when: openshift_container_runtime_storage | default(True) | bool + - include_role: + name: container_runtime + tasks_from: configure.yml + when: openshift_container_runtime_configure | default(True) | bool +``` + +Note the host group on the above play. No more guessing what hosts to run this +stuff against. If you want to use an atomic install, specify what hosts will need +us to setup container runtime (such as etcd hosts, loadbalancers, etc); + +We should direct users that are using atomic hosts to disable install in the docs, +let's not add a bunch of logic. + +Alternatively, we can create a new group. + +### Part 1, container runtime install +Install the container runtime components of the desired type. + +```yaml +# install.yml +- include: docker.yml + when: openshift_container_runtime_install_docker | bool + +- include: crio.yml + when: openshift_container_runtime_install_crio | bool + +... other container run times... +``` + +Alternatively to using booleans for each run time, we could use a variable like +"openshift_container_runtime_type". This would be my preference, as we could +use this information in later roles. + +### Part 2, configure/setup container runtime storage +Configure a supported storage solution for containers. + +Similar setup to the previous section. We might need to add some logic for the +different runtimes here, or we maybe create a matrix of possible options. + +### Part 3, configure container runtime. +Place config files, environment files, systemd units, etc. Start/restart +the container runtime as needed. + +Similar to Part 1 with how we should do things. + +## Checklist +* Strip docker from meta dependencies. +* Combine docker facts and meta roles into container_runtime role. +* Docs + +## User Story +As a user of openshift-ansible, I want to be able to manage my container runtime +and related components independent of openshift itself. + +## Acceptance Criteria +* Verify that each container runtime installs with this new method. +* Verify that openshift installs with this new method. diff --git a/docs/proposals/role_decomposition.md b/docs/proposals/role_decomposition.md index b6c1d8c5b..6434e24e7 100644 --- a/docs/proposals/role_decomposition.md +++ b/docs/proposals/role_decomposition.md @@ -158,13 +158,13 @@ providing the location of the generated certificates to the individual roles. openshift_logging_kibana_es_host: "{{ openshift_logging_es_ops_host }}" openshift_logging_kibana_es_port: "{{ openshift_logging_es_ops_port }}" openshift_logging_kibana_nodeselector: "{{ openshift_logging_kibana_ops_nodeselector }}" - openshift_logging_kibana_cpu_limit: "{{ openshift_logging_kibana_ops_cpu_limit }}" openshift_logging_kibana_memory_limit: "{{ openshift_logging_kibana_ops_memory_limit }}" + openshift_logging_kibana_cpu_request: "{{ openshift_logging_kibana_ops_cpu_request }}" openshift_logging_kibana_hostname: "{{ openshift_logging_kibana_ops_hostname }}" openshift_logging_kibana_replicas: "{{ openshift_logging_kibana_ops_replica_count }}" openshift_logging_kibana_proxy_debug: "{{ openshift_logging_kibana_ops_proxy_debug }}" - openshift_logging_kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_ops_proxy_cpu_limit }}" openshift_logging_kibana_proxy_memory_limit: "{{ openshift_logging_kibana_ops_proxy_memory_limit }}" + openshift_logging_kibana_proxy_cpu_request: "{{ openshift_logging_kibana_ops_proxy_cpu_request }}" openshift_logging_kibana_cert: "{{ openshift_logging_kibana_ops_cert }}" openshift_logging_kibana_key: "{{ openshift_logging_kibana_ops_key }}" openshift_logging_kibana_ca: "{{ openshift_logging_kibana_ops_ca}}" @@ -193,8 +193,8 @@ providing the location of the generated certificates to the individual roles. openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix }}" openshift_logging_curator_image_version: "{{ openshift_logging_image_version }}" openshift_logging_curator_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" - openshift_logging_curator_cpu_limit: "{{ openshift_logging_curator_ops_cpu_limit }}" openshift_logging_curator_memory_limit: "{{ openshift_logging_curator_ops_memory_limit }}" + openshift_logging_curator_cpu_request: "{{ openshift_logging_curator_ops_cpu_request }}" openshift_logging_curator_nodeselector: "{{ openshift_logging_curator_ops_nodeselector }}" when: - openshift_logging_use_ops | bool diff --git a/files/origin-components/template-service-broker-registration.yaml b/files/origin-components/template-service-broker-registration.yaml index 2086978f0..95fb72924 100644 --- a/files/origin-components/template-service-broker-registration.yaml +++ b/files/origin-components/template-service-broker-registration.yaml @@ -9,8 +9,8 @@ parameters: required: true objects: # register the tsb with the service catalog -- apiVersion: servicecatalog.k8s.io/v1alpha1 - kind: ServiceBroker +- apiVersion: servicecatalog.k8s.io/v1beta1 + kind: ClusterServiceBroker metadata: name: template-service-broker spec: diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index 83a05370a..f9564499d 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -710,8 +710,8 @@ def oo_openshift_env(hostvars): return facts -# pylint: disable=too-many-branches, too-many-nested-blocks, too-many-statements -def oo_component_persistent_volumes(hostvars, groups, component): +# pylint: disable=too-many-branches, too-many-nested-blocks, too-many-statements, too-many-locals +def oo_component_persistent_volumes(hostvars, groups, component, subcomponent=None): """ Generate list of persistent volumes based on oo_openshift_env storage options set in host variables for a specific component. """ @@ -723,84 +723,90 @@ def oo_component_persistent_volumes(hostvars, groups, component): persistent_volume = None if component in hostvars['openshift']: - if 'storage' in hostvars['openshift'][component]: - params = hostvars['openshift'][component]['storage'] + if subcomponent is not None: + storage_component = hostvars['openshift'][component][subcomponent] + else: + storage_component = hostvars['openshift'][component] + + if 'storage' in storage_component: + params = storage_component['storage'] kind = params['kind'] - create_pv = params['create_pv'] - if kind is not None and create_pv: - if kind == 'nfs': - host = params['host'] - if host is None: - if 'oo_nfs_to_config' in groups and len(groups['oo_nfs_to_config']) > 0: - host = groups['oo_nfs_to_config'][0] + if 'create_pv' in params: + create_pv = params['create_pv'] + if kind is not None and create_pv: + if kind == 'nfs': + host = params['host'] + if host is None: + if 'oo_nfs_to_config' in groups and len(groups['oo_nfs_to_config']) > 0: + host = groups['oo_nfs_to_config'][0] + else: + raise errors.AnsibleFilterError("|failed no storage host detected") + directory = params['nfs']['directory'] + volume = params['volume']['name'] + path = directory + '/' + volume + size = params['volume']['size'] + if 'labels' in params: + labels = params['labels'] else: - raise errors.AnsibleFilterError("|failed no storage host detected") - directory = params['nfs']['directory'] - volume = params['volume']['name'] - path = directory + '/' + volume - size = params['volume']['size'] - if 'labels' in params: - labels = params['labels'] - else: - labels = dict() - access_modes = params['access']['modes'] - persistent_volume = dict( - name="{0}-volume".format(volume), - capacity=size, - labels=labels, - access_modes=access_modes, - storage=dict( - nfs=dict( - server=host, - path=path))) - - elif kind == 'openstack': - volume = params['volume']['name'] - size = params['volume']['size'] - if 'labels' in params: - labels = params['labels'] - else: - labels = dict() - access_modes = params['access']['modes'] - filesystem = params['openstack']['filesystem'] - volume_id = params['openstack']['volumeID'] - persistent_volume = dict( - name="{0}-volume".format(volume), - capacity=size, - labels=labels, - access_modes=access_modes, - storage=dict( - cinder=dict( - fsType=filesystem, - volumeID=volume_id))) - - elif kind == 'glusterfs': - volume = params['volume']['name'] - size = params['volume']['size'] - if 'labels' in params: - labels = params['labels'] - else: - labels = dict() - access_modes = params['access']['modes'] - endpoints = params['glusterfs']['endpoints'] - path = params['glusterfs']['path'] - read_only = params['glusterfs']['readOnly'] - persistent_volume = dict( - name="{0}-volume".format(volume), - capacity=size, - labels=labels, - access_modes=access_modes, - storage=dict( - glusterfs=dict( - endpoints=endpoints, - path=path, - readOnly=read_only))) - - elif not (kind == 'object' or kind == 'dynamic'): - msg = "|failed invalid storage kind '{0}' for component '{1}'".format( - kind, - component) - raise errors.AnsibleFilterError(msg) + labels = dict() + access_modes = params['access']['modes'] + persistent_volume = dict( + name="{0}-volume".format(volume), + capacity=size, + labels=labels, + access_modes=access_modes, + storage=dict( + nfs=dict( + server=host, + path=path))) + + elif kind == 'openstack': + volume = params['volume']['name'] + size = params['volume']['size'] + if 'labels' in params: + labels = params['labels'] + else: + labels = dict() + access_modes = params['access']['modes'] + filesystem = params['openstack']['filesystem'] + volume_id = params['openstack']['volumeID'] + persistent_volume = dict( + name="{0}-volume".format(volume), + capacity=size, + labels=labels, + access_modes=access_modes, + storage=dict( + cinder=dict( + fsType=filesystem, + volumeID=volume_id))) + + elif kind == 'glusterfs': + volume = params['volume']['name'] + size = params['volume']['size'] + if 'labels' in params: + labels = params['labels'] + else: + labels = dict() + access_modes = params['access']['modes'] + endpoints = params['glusterfs']['endpoints'] + path = params['glusterfs']['path'] + read_only = params['glusterfs']['readOnly'] + persistent_volume = dict( + name="{0}-volume".format(volume), + capacity=size, + labels=labels, + access_modes=access_modes, + storage=dict( + glusterfs=dict( + endpoints=endpoints, + path=path, + readOnly=read_only))) + + elif not (kind == 'object' or kind == 'dynamic'): + msg = "|failed invalid storage kind '{0}' for component '{1}'".format( + kind, + component) + raise errors.AnsibleFilterError(msg) return persistent_volume @@ -820,85 +826,10 @@ def oo_persistent_volumes(hostvars, groups, persistent_volumes=None): persistent_volumes = [] if 'hosted' in hostvars['openshift']: for component in hostvars['openshift']['hosted']: - if 'storage' in hostvars['openshift']['hosted'][component]: - params = hostvars['openshift']['hosted'][component]['storage'] - kind = params['kind'] - if 'create_pv' in params: - create_pv = params['create_pv'] - if kind is not None and create_pv: - if kind == 'nfs': - host = params['host'] - if host is None: - if 'oo_nfs_to_config' in groups and len(groups['oo_nfs_to_config']) > 0: - host = groups['oo_nfs_to_config'][0] - else: - raise errors.AnsibleFilterError("|failed no storage host detected") - directory = params['nfs']['directory'] - volume = params['volume']['name'] - path = directory + '/' + volume - size = params['volume']['size'] - if 'labels' in params: - labels = params['labels'] - else: - labels = dict() - access_modes = params['access']['modes'] - persistent_volume = dict( - name="{0}-volume".format(volume), - capacity=size, - labels=labels, - access_modes=access_modes, - storage=dict( - nfs=dict( - server=host, - path=path))) - persistent_volumes.append(persistent_volume) - elif kind == 'openstack': - volume = params['volume']['name'] - size = params['volume']['size'] - if 'labels' in params: - labels = params['labels'] - else: - labels = dict() - access_modes = params['access']['modes'] - filesystem = params['openstack']['filesystem'] - volume_id = params['openstack']['volumeID'] - persistent_volume = dict( - name="{0}-volume".format(volume), - capacity=size, - labels=labels, - access_modes=access_modes, - storage=dict( - cinder=dict( - fsType=filesystem, - volumeID=volume_id))) - persistent_volumes.append(persistent_volume) - elif kind == 'glusterfs': - volume = params['volume']['name'] - size = params['volume']['size'] - if 'labels' in params: - labels = params['labels'] - else: - labels = dict() - access_modes = params['access']['modes'] - endpoints = params['glusterfs']['endpoints'] - path = params['glusterfs']['path'] - read_only = params['glusterfs']['readOnly'] - persistent_volume = dict( - name="{0}-volume".format(volume), - capacity=size, - labels=labels, - access_modes=access_modes, - storage=dict( - glusterfs=dict( - endpoints=endpoints, - path=path, - readOnly=read_only))) - persistent_volumes.append(persistent_volume) - elif not (kind == 'object' or kind == 'dynamic'): - msg = "|failed invalid storage kind '{0}' for component '{1}'".format( - kind, - component) - raise errors.AnsibleFilterError(msg) + persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'hosted', component) + if persistent_volume is not None: + persistent_volumes.append(persistent_volume) + if 'logging' in hostvars['openshift']: persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'logging') if persistent_volume is not None: @@ -911,10 +842,22 @@ def oo_persistent_volumes(hostvars, groups, persistent_volumes=None): persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'metrics') if persistent_volume is not None: persistent_volumes.append(persistent_volume) + if 'prometheus' in hostvars['openshift']: + persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'prometheus') + if persistent_volume is not None: + persistent_volumes.append(persistent_volume) + if 'alertmanager' in hostvars['openshift']['prometheus']: + persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'prometheus', 'alertmanager') + if persistent_volume is not None: + persistent_volumes.append(persistent_volume) + if 'alertbuffer' in hostvars['openshift']['prometheus']: + persistent_volume = oo_component_persistent_volumes(hostvars, groups, 'prometheus', 'alertbuffer') + if persistent_volume is not None: + persistent_volumes.append(persistent_volume) return persistent_volumes -def oo_component_pv_claims(hostvars, component): +def oo_component_pv_claims(hostvars, component, subcomponent=None): """ Generate list of persistent volume claims based on oo_openshift_env storage options set in host variables for a speicific component. """ @@ -922,20 +865,27 @@ def oo_component_pv_claims(hostvars, component): raise errors.AnsibleFilterError("|failed expects hostvars is a dict") if component in hostvars['openshift']: - if 'storage' in hostvars['openshift'][component]: - params = hostvars['openshift'][component]['storage'] + if subcomponent is not None: + storage_component = hostvars['openshift'][component][subcomponent] + else: + storage_component = hostvars['openshift'][component] + + if 'storage' in storage_component: + params = storage_component['storage'] kind = params['kind'] - create_pv = params['create_pv'] - create_pvc = params['create_pvc'] - if kind not in [None, 'object'] and create_pv and create_pvc: - volume = params['volume']['name'] - size = params['volume']['size'] - access_modes = params['access']['modes'] - persistent_volume_claim = dict( - name="{0}-claim".format(volume), - capacity=size, - access_modes=access_modes) - return persistent_volume_claim + if 'create_pv' in params: + if 'create_pvc' in params: + create_pv = params['create_pv'] + create_pvc = params['create_pvc'] + if kind not in [None, 'object'] and create_pv and create_pvc: + volume = params['volume']['name'] + size = params['volume']['size'] + access_modes = params['access']['modes'] + persistent_volume_claim = dict( + name="{0}-claim".format(volume), + capacity=size, + access_modes=access_modes) + return persistent_volume_claim return None @@ -952,22 +902,10 @@ def oo_persistent_volume_claims(hostvars, persistent_volume_claims=None): persistent_volume_claims = [] if 'hosted' in hostvars['openshift']: for component in hostvars['openshift']['hosted']: - if 'storage' in hostvars['openshift']['hosted'][component]: - params = hostvars['openshift']['hosted'][component]['storage'] - kind = params['kind'] - if 'create_pv' in params: - if 'create_pvc' in params: - create_pv = params['create_pv'] - create_pvc = params['create_pvc'] - if kind not in [None, 'object'] and create_pv and create_pvc: - volume = params['volume']['name'] - size = params['volume']['size'] - access_modes = params['access']['modes'] - persistent_volume_claim = dict( - name="{0}-claim".format(volume), - capacity=size, - access_modes=access_modes) - persistent_volume_claims.append(persistent_volume_claim) + persistent_volume_claim = oo_component_pv_claims(hostvars, 'hosted', component) + if persistent_volume_claim is not None: + persistent_volume_claims.append(persistent_volume_claim) + if 'logging' in hostvars['openshift']: persistent_volume_claim = oo_component_pv_claims(hostvars, 'logging') if persistent_volume_claim is not None: @@ -980,6 +918,18 @@ def oo_persistent_volume_claims(hostvars, persistent_volume_claims=None): persistent_volume_claim = oo_component_pv_claims(hostvars, 'metrics') if persistent_volume_claim is not None: persistent_volume_claims.append(persistent_volume_claim) + if 'prometheus' in hostvars['openshift']: + persistent_volume_claim = oo_component_pv_claims(hostvars, 'prometheus') + if persistent_volume_claim is not None: + persistent_volume_claims.append(persistent_volume_claim) + if 'alertmanager' in hostvars['openshift']['prometheus']: + persistent_volume_claim = oo_component_pv_claims(hostvars, 'prometheus', 'alertmanager') + if persistent_volume_claim is not None: + persistent_volume_claims.append(persistent_volume_claim) + if 'alertbuffer' in hostvars['openshift']['prometheus']: + persistent_volume_claim = oo_component_pv_claims(hostvars, 'prometheus', 'alertbuffer') + if persistent_volume_claim is not None: + persistent_volume_claims.append(persistent_volume_claim) return persistent_volume_claims @@ -1175,6 +1125,73 @@ of items as ['region=infra', 'zone=primary'] return selectors +def oo_filter_sa_secrets(sa_secrets, secret_hint='-token-'): + """Parse the Service Account Secrets list, `sa_secrets`, (as from +oc_serviceaccount_secret:state=list) and return the name of the secret +containing the `secret_hint` string. For example, by default this will +return the name of the secret holding the SA bearer token. + +Only provide the 'results' object to this filter. This filter expects +to receive a list like this: + + [ + { + "name": "management-admin-dockercfg-p31s2" + }, + { + "name": "management-admin-token-bnqsh" + } + ] + + +Returns: + +* `secret_name` [string] - The name of the secret matching the + `secret_hint` parameter. By default this is the secret holding the + SA's bearer token. + +Example playbook usage: + +Register a return value from oc_serviceaccount_secret with and pass +that result to this filter plugin. + + - name: Get all SA Secrets + oc_serviceaccount_secret: + state: list + service_account: management-admin + namespace: management-infra + register: sa + + - name: Save the SA bearer token secret name + set_fact: + management_token: "{{ sa.results | oo_filter_sa_secrets }}" + + - name: Get the SA bearer token value + oc_secret: + state: list + name: "{{ management_token }}" + namespace: management-infra + decode: true + register: sa_secret + + - name: Print the bearer token value + debug: + var: sa_secret.results.decoded.token + + """ + secret_name = None + + for secret in sa_secrets: + # each secret is a hash + if secret['name'].find(secret_hint) == -1: + continue + else: + secret_name = secret['name'] + break + + return secret_name + + class FilterModule(object): """ Custom ansible filter mapping """ @@ -1217,5 +1234,6 @@ class FilterModule(object): "to_padded_yaml": to_padded_yaml, "oo_random_word": oo_random_word, "oo_contains_rule": oo_contains_rule, - "oo_selector_to_string_list": oo_selector_to_string_list + "oo_selector_to_string_list": oo_selector_to_string_list, + "oo_filter_sa_secrets": oo_filter_sa_secrets, } diff --git a/filter_plugins/openshift_version.py b/filter_plugins/openshift_version.py index c515f1a71..7a70b158b 100644 --- a/filter_plugins/openshift_version.py +++ b/filter_plugins/openshift_version.py @@ -10,40 +10,6 @@ Custom version comparison filters for use in openshift-ansible from distutils.version import LooseVersion -def legacy_gte_function_builder(name, versions): - """ - Build and return a version comparison function. - - Ex: name = 'oo_version_gte_3_1_or_1_1' - versions = {'enterprise': '3.1', 'origin': '1.1'} - - returns oo_version_gte_3_1_or_1_1, a function which based on the - version and deployment type will return true if the provided - version is greater than or equal to the function's version - """ - enterprise_version = versions['enterprise'] - origin_version = versions['origin'] - - def _gte_function(version, deployment_type): - """ - Dynamic function created by gte_function_builder. - - Ex: version = '3.1' - deployment_type = 'openshift-enterprise' - returns True/False - """ - version_gte = False - if deployment_type == 'openshift-enterprise': - if str(version) >= LooseVersion(enterprise_version): - version_gte = True - else: - if str(version) >= LooseVersion(origin_version): - version_gte = True - return version_gte - _gte_function.__name__ = name - return _gte_function - - def gte_function_builder(name, gte_version): """ Build and return a version comparison function. @@ -96,30 +62,6 @@ class FilterModule(object): # Add the function to the mapping self._filters[func_name] = func - # Create filters with special versioning requirements. - # Treat all Origin 1.x as special case. - legacy_filters = [{'name': 'oo_version_gte_3_1_or_1_1', - 'versions': {'enterprise': '3.0.2.905', - 'origin': '1.1.0'}}, - {'name': 'oo_version_gte_3_1_1_or_1_1_1', - 'versions': {'enterprise': '3.1.1', - 'origin': '1.1.1'}}, - {'name': 'oo_version_gte_3_2_or_1_2', - 'versions': {'enterprise': '3.1.1.901', - 'origin': '1.2.0'}}, - {'name': 'oo_version_gte_3_3_or_1_3', - 'versions': {'enterprise': '3.3.0', - 'origin': '1.3.0'}}, - {'name': 'oo_version_gte_3_4_or_1_4', - 'versions': {'enterprise': '3.4.0', - 'origin': '1.4.0'}}, - {'name': 'oo_version_gte_3_5_or_1_5', - 'versions': {'enterprise': '3.5.0', - 'origin': '1.5.0'}}] - for legacy_filter in legacy_filters: - self._filters[legacy_filter['name']] = legacy_gte_function_builder(legacy_filter['name'], - legacy_filter['versions']) - def filters(self): """ Return the filters mapping. diff --git a/images/installer/README_CONTAINER_IMAGE.md b/images/installer/README_CONTAINER_IMAGE.md index bc1ebb4a8..bfe3661c0 100644 --- a/images/installer/README_CONTAINER_IMAGE.md +++ b/images/installer/README_CONTAINER_IMAGE.md @@ -45,4 +45,6 @@ These options may be set via the ``atomic`` ``--set`` flag. For defaults see ``r * ANSIBLE_CONFIG - Full path for the ansible configuration file to use inside the container -* INVENTORY_FILE - Full path for the inventory to use from the host
\ No newline at end of file +* INVENTORY_FILE - Full path for the inventory to use from the host + +* INVENTORY_DIR - Full path for the inventory directory to use (e.g. for use with a hybrid dynamic/static inventory) diff --git a/images/installer/README_INVENTORY_GENERATOR.md b/images/installer/README_INVENTORY_GENERATOR.md index 9c10e4b71..293bdb689 100644 --- a/images/installer/README_INVENTORY_GENERATOR.md +++ b/images/installer/README_INVENTORY_GENERATOR.md @@ -46,7 +46,7 @@ docker run -u `id -u` \ -v /tmp/origin/master/admin.kubeconfig:/opt/app-root/src/.kube/config:Z \ -v /tmp/origin/master/master-config.yaml:/opt/app-root/src/master-config.yaml:Z \ -e OPTS="-v --become-user root" \ - -e PLAYBOOK_FILE=playbooks/byo/openshift-checks/health.yml \ + -e PLAYBOOK_FILE=playbooks/openshift-checks/health.yml \ -e GENERATE_INVENTORY=true \ -e USER=`whoami` \ openshift/origin-ansible diff --git a/images/installer/root/usr/local/bin/run b/images/installer/root/usr/local/bin/run index 70aa0bac3..cd38a6ff0 100755 --- a/images/installer/root/usr/local/bin/run +++ b/images/installer/root/usr/local/bin/run @@ -19,6 +19,9 @@ if [[ -v INVENTORY_FILE ]]; then # Make a copy so that ALLOW_ANSIBLE_CONNECTION_LOCAL below # does not attempt to modify the original cp -a ${INVENTORY_FILE} ${INVENTORY} +elif [[ -v INVENTORY_DIR ]]; then + INVENTORY="$(mktemp -d)" + cp -R ${INVENTORY_DIR}/* ${INVENTORY} elif [[ -v INVENTORY_URL ]]; then curl -o ${INVENTORY} ${INVENTORY_URL} elif [[ -v DYNAMIC_SCRIPT_URL ]]; then @@ -29,7 +32,7 @@ elif [[ -v GENERATE_INVENTORY ]]; then /usr/local/bin/generate ${INVENTORY} else echo - echo "One of INVENTORY_FILE, INVENTORY_URL, GENERATE_INVENTORY, or DYNAMIC_SCRIPT_URL must be provided." + echo "One of INVENTORY_FILE, INVENTORY_DIR, INVENTORY_URL, GENERATE_INVENTORY, or DYNAMIC_SCRIPT_URL must be provided." exec /usr/local/bin/usage fi INVENTORY_ARG="-i ${INVENTORY}" diff --git a/inventory/byo/hosts.byo.glusterfs.external.example b/inventory/byo/hosts.byo.glusterfs.external.example index 5a284ce97..acf68266e 100644 --- a/inventory/byo/hosts.byo.glusterfs.external.example +++ b/inventory/byo/hosts.byo.glusterfs.external.example @@ -19,6 +19,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs @@ -39,6 +40,9 @@ node0 openshift_schedulable=True node1 openshift_schedulable=True node2 openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes of the external # GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname" # and "glusterfs_devices" variables defined. diff --git a/inventory/byo/hosts.byo.glusterfs.mixed.example b/inventory/byo/hosts.byo.glusterfs.mixed.example index d16df6470..a559dc377 100644 --- a/inventory/byo/hosts.byo.glusterfs.mixed.example +++ b/inventory/byo/hosts.byo.glusterfs.mixed.example @@ -19,6 +19,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs @@ -42,6 +43,9 @@ node0 openshift_schedulable=True node1 openshift_schedulable=True node2 openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes of the external # GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname" # and "glusterfs_devices" variables defined. diff --git a/inventory/byo/hosts.byo.glusterfs.native.example b/inventory/byo/hosts.byo.glusterfs.native.example index c1a1f6f84..ca4765c53 100644 --- a/inventory/byo/hosts.byo.glusterfs.native.example +++ b/inventory/byo/hosts.byo.glusterfs.native.example @@ -16,6 +16,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs @@ -34,6 +35,9 @@ node0 openshift_schedulable=True node1 openshift_schedulable=True node2 openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes that will host # GlusterFS storage pods. At a minimum, each node must have a # "glusterfs_devices" variable defined. This variable is a list of block diff --git a/inventory/byo/hosts.byo.glusterfs.registry-only.example b/inventory/byo/hosts.byo.glusterfs.registry-only.example index 31a85ee42..32040f593 100644 --- a/inventory/byo/hosts.byo.glusterfs.registry-only.example +++ b/inventory/byo/hosts.byo.glusterfs.registry-only.example @@ -20,6 +20,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs_registry @@ -40,6 +41,9 @@ node0 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node1 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node2 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes that will host # GlusterFS storage pods. At a minimum, each node must have a # "glusterfs_devices" variable defined. This variable is a list of block diff --git a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example index 54bd89ddc..9bd37cbf6 100644 --- a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example +++ b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example @@ -20,6 +20,7 @@ [OSEv3:children] masters nodes +etcd # Specify there will be GlusterFS nodes glusterfs glusterfs_registry @@ -46,6 +47,9 @@ node3 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node4 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True node5 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True +[etcd] +master + # Specify the glusterfs group, which contains the nodes that will host # GlusterFS storage pods. At a minimum, each node must have a # "glusterfs_devices" variable defined. This variable is a list of block diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.example index 7c637b3cb..ccdec2da1 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.example @@ -17,9 +17,9 @@ nfs # SSH user, this user should allow ssh based auth without requiring a # password. If using ssh key based auth, then the key should be managed by an # ssh agent. -ansible_ssh_user=root +ansible_user=root -# If ansible_ssh_user is not root, ansible_become must be set to true and the +# If ansible_user is not root, ansible_become must be set to true and the # user must be configured for passwordless sudo #ansible_become=yes @@ -27,7 +27,8 @@ ansible_ssh_user=root debug_level=2 # Specify the deployment type. Valid values are origin and openshift-enterprise. -openshift_deployment_type=openshift-enterprise +openshift_deployment_type=origin +#openshift_deployment_type=openshift-enterprise # Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we # rely on the version running on the first master. Works best for containerized installs where we can usually @@ -58,6 +59,8 @@ openshift_release=v3.7 #openshift_use_etcd_system_container=False # # In either case, system_images_registry must be specified to be able to find the system images +#system_images_registry="docker.io" +# when openshift_deployment_type=='openshift-enterprise' #system_images_registry="registry.access.redhat.com" # Manage openshift example imagestreams and templates during install and upgrade @@ -120,19 +123,28 @@ openshift_release=v3.7 # use this option if you are sure you know what you are doing! #openshift_docker_systemcontainer_image_override="registry.example.com/container-engine:latest" #openshift_crio_systemcontainer_image_override="registry.example.com/cri-o:latest" +# NOTE: The following crio docker-gc items are tech preview and likely shouldn't be used +# unless you know what you are doing!! +# The following two variables are used when opneshift_use_crio is True +# and cleans up after builds that pass through docker. +# Enable docker garbage collection when using cri-o +#openshift_crio_enable_docker_gc=false +# Node Selectors to run the garbage collection +#openshift_crio_docker_gc_node_selector: {'runtime': 'cri-o'} + # Items added, as is, to end of /etc/sysconfig/docker OPTIONS # Default value: "--log-driver=journald" #openshift_docker_options="-l warn --ipv6=false" +# Specify exact version of Docker to configure or upgrade to. +# Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. +# docker_version="1.12.1" + # Specify whether to run Docker daemon with SELinux enabled in containers. Default is True. # Uncomment below to disable; for example if your kernel does not support the # Docker overlay/overlay2 storage drivers with SELinux enabled. #openshift_docker_selinux_enabled=False -# Specify exact version of Docker to configure or upgrade to. -# Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. -# docker_version="1.12.1" - # Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone. # docker_upgrade=False @@ -179,7 +191,7 @@ openshift_release=v3.7 #oreg_auth_credentials_replace: True # OpenShift repository configuration -#openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://example.com/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}] +#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] #openshift_repos_enable_testing=false # htpasswd auth @@ -237,9 +249,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # CloudForms Management Engine (ManageIQ) App Install # # Enables installation of MIQ server. Recommended for dedicated -# clusters only. See roles/openshift_cfme/README.md for instructions +# clusters only. See roles/openshift_management/README.md for instructions # and requirements. -#openshift_cfme_install_app=False +#openshift_management_install_management=False # Cloud Provider Configuration # @@ -307,9 +319,6 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_cluster_hostname=openshift-ansible.test.example.com #openshift_master_cluster_public_hostname=openshift-ansible.test.example.com -# Override the default controller lease ttl -#osm_controller_lease_ttl=30 - # Configure controller arguments #osm_controller_args={'resource-quota-sync-period': ['10s']} @@ -346,7 +355,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # default storage plugin dependencies to install, by default the ceph and # glusterfs plugin dependencies will be installed, if available. -#osn_storage_plugin_deps=['ceph','glusterfs'] +#osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] # OpenShift Router Options # @@ -391,10 +400,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_routers=[{'name': 'router1', 'certificate': {'certfile': '/path/to/certificate/abc.crt', 'keyfile': '/path/to/certificate/abc.key', 'cafile': '/path/to/certificate/ca.crt'}, 'replicas': 1, 'serviceaccount': 'router', 'namespace': 'default', 'stats_port': 1936, 'edits': [], 'images': 'openshift3/ose-${component}:${version}', 'selector': 'type=router1', 'ports': ['80:80', '443:443']}, {'name': 'router2', 'certificate': {'certfile': '/path/to/certificate/xyz.crt', 'keyfile': '/path/to/certificate/xyz.key', 'cafile': '/path/to/certificate/ca.crt'}, 'replicas': 1, 'serviceaccount': 'router', 'namespace': 'default', 'stats_port': 1936, 'edits': [{'action': 'append', 'key': 'spec.template.spec.containers[0].env', 'value': {'name': 'ROUTE_LABELS', 'value': 'route=external'}}], 'images': 'openshift3/ose-${component}:${version}', 'selector': 'type=router2', 'ports': ['80:80', '443:443']}] # OpenShift Registry Console Options -# Override the console image prefix for enterprise deployments, not used in origin -# default is "registry.access.redhat.com/openshift3/" and the image appended is "registry-console" +# Override the console image prefix: +# origin default is "cockpit/", enterprise default is "openshift3/" #openshift_cockpit_deployer_prefix=registry.example.com/myrepo/ -# Override image version, defaults to latest for origin, matches the product version for enterprise +# origin default is "kubernetes", enterprise default is "registry-console" +#openshift_cockpit_deployer_basename=my-console +# Override image version, defaults to latest for origin, vX.Y product version for enterprise #openshift_cockpit_deployer_version=1.4.1 # Openshift Registry Options @@ -429,7 +440,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # NFS Host Group # An NFS volume will be created with path "nfs_directory/volume_name" # on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/registry" +# path using these options would be "/exports/registry". "exports" is +# is the name of the export served by the nfs server. "registry" is +# the name of a directory inside of "/exports". #openshift_hosted_registry_storage_kind=nfs #openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] # nfs_directory must conform to DNS-1123 subdomain must consist of lower case @@ -442,7 +455,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # External NFS Host # NFS volume must already exist with path "nfs_directory/_volume_name" on # the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/registry" +# options would be "nfs.example.com:/exports/registry". "exports" is +# is the name of the export served by the nfs server. "registry" is +# the name of a directory inside of "/exports". #openshift_hosted_registry_storage_kind=nfs #openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] #openshift_hosted_registry_storage_host=nfs.example.com @@ -461,7 +476,6 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_storage_volume_size=10Gi # # AWS S3 -# # S3 bucket must already exist. #openshift_hosted_registry_storage_kind=object #openshift_hosted_registry_storage_provider=s3 @@ -515,7 +529,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Option A - NFS Host Group # An NFS volume will be created with path "nfs_directory/volume_name" # on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/metrics" +# path using these options would be "/exports/metrics". "exports" is +# is the name of the export served by the nfs server. "metrics" is +# the name of a directory inside of "/exports". #openshift_metrics_storage_kind=nfs #openshift_metrics_storage_access_modes=['ReadWriteOnce'] #openshift_metrics_storage_nfs_directory=/exports @@ -527,7 +543,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Option B - External NFS Host # NFS volume must already exist with path "nfs_directory/_volume_name" on # the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/metrics" +# options would be "nfs.example.com:/exports/metrics". "exports" is +# is the name of the export served by the nfs server. "metrics" is +# the name of a directory inside of "/exports". #openshift_metrics_storage_kind=nfs #openshift_metrics_storage_access_modes=['ReadWriteOnce'] #openshift_metrics_storage_host=nfs.example.com @@ -547,10 +565,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics # Currently, you may only alter the hostname portion of the url, alterting the # `/hawkular/metrics` path will break installation of metrics. -#openshift_metrics_hawkular_hostname=https://hawkular-metrics.example.com/hawkular/metrics +#openshift_metrics_hawkular_hostname=hawkular-metrics.example.com # Configure the prefix and version for the component images -#openshift_metrics_image_prefix=registry.example.com:8888/openshift3/ -#openshift_metrics_image_version=3.7.0 +#openshift_metrics_image_prefix=docker.io/openshift/origin- +#openshift_metrics_image_version=v3.7 +# when openshift_deployment_type=='openshift-enterprise' +#openshift_metrics_image_prefix=registry.access.redhat.com/openshift3/ +#openshift_metrics_image_version=v3.7 # # StorageClass # openshift_storageclass_name=gp2 @@ -566,7 +587,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Option A - NFS Host Group # An NFS volume will be created with path "nfs_directory/volume_name" # on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/logging" +# path using these options would be "/exports/logging". "exports" is +# is the name of the export served by the nfs server. "logging" is +# the name of a directory inside of "/exports". #openshift_logging_storage_kind=nfs #openshift_logging_storage_access_modes=['ReadWriteOnce'] #openshift_logging_storage_nfs_directory=/exports @@ -578,7 +601,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Option B - External NFS Host # NFS volume must already exist with path "nfs_directory/_volume_name" on # the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/logging" +# options would be "nfs.example.com:/exports/logging". "exports" is +# is the name of the export served by the nfs server. "logging" is +# the name of a directory inside of "/exports". #openshift_logging_storage_kind=nfs #openshift_logging_storage_access_modes=['ReadWriteOnce'] #openshift_logging_storage_host=nfs.example.com @@ -604,9 +629,83 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # this value must be 1 #openshift_logging_es_cluster_size=1 # Configure the prefix and version for the component images -#openshift_logging_image_prefix=registry.example.com:8888/openshift3/ +#openshift_logging_image_prefix=docker.io/openshift/origin- +#openshift_logging_image_version=v3.7.0 +# when openshift_deployment_type=='openshift-enterprise' +#openshift_logging_image_prefix=registry.access.redhat.com/openshift3/ #openshift_logging_image_version=3.7.0 +# Prometheus deployment +# +# Currently prometheus deployment is disabled by default, enable it by setting this +#openshift_hosted_prometheus_deploy=true +# +# Prometheus storage config +# Option A - NFS Host Group +# An NFS volume will be created with path "nfs_directory/volume_name" +# on the host within the [nfs] host group. For example, the volume +# path using these options would be "/exports/prometheus" +#openshift_prometheus_storage_kind=nfs +#openshift_prometheus_storage_access_modes=['ReadWriteOnce'] +#openshift_prometheus_storage_nfs_directory=/exports +#openshift_prometheus_storage_nfs_options='*(rw,root_squash)' +#openshift_prometheus_storage_volume_name=prometheus +#openshift_prometheus_storage_volume_size=10Gi +#openshift_prometheus_storage_labels={'storage': 'prometheus'} +#openshift_prometheus_storage_type='pvc' +# For prometheus-alertmanager +#openshift_prometheus_alertmanager_storage_kind=nfs +#openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce'] +#openshift_prometheus_alertmanager_storage_nfs_directory=/exports +#openshift_prometheus_alertmanager_storage_nfs_options='*(rw,root_squash)' +#openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager +#openshift_prometheus_alertmanager_storage_volume_size=10Gi +#openshift_prometheus_alertmanager_storage_labels={'storage': 'prometheus-alertmanager'} +#openshift_prometheus_alertmanager_storage_type='pvc' +# For prometheus-alertbuffer +#openshift_prometheus_alertbuffer_storage_kind=nfs +#openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce'] +#openshift_prometheus_alertbuffer_storage_nfs_directory=/exports +#openshift_prometheus_alertbuffer_storage_nfs_options='*(rw,root_squash)' +#openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer +#openshift_prometheus_alertbuffer_storage_volume_size=10Gi +#openshift_prometheus_alertbuffer_storage_labels={'storage': 'prometheus-alertbuffer'} +#openshift_prometheus_alertbuffer_storage_type='pvc' +# +# Option B - External NFS Host +# NFS volume must already exist with path "nfs_directory/_volume_name" on +# the storage_host. For example, the remote volume path using these +# options would be "nfs.example.com:/exports/prometheus" +#openshift_prometheus_storage_kind=nfs +#openshift_prometheus_storage_access_modes=['ReadWriteOnce'] +#openshift_prometheus_storage_host=nfs.example.com +#openshift_prometheus_storage_nfs_directory=/exports +#openshift_prometheus_storage_volume_name=prometheus +#openshift_prometheus_storage_volume_size=10Gi +#openshift_prometheus_storage_labels={'storage': 'prometheus'} +#openshift_prometheus_storage_type='pvc' +# For prometheus-alertmanager +#openshift_prometheus_alertmanager_storage_kind=nfs +#openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce'] +#openshift_prometheus_alertmanager_storage_host=nfs.example.com +#openshift_prometheus_alertmanager_storage_nfs_directory=/exports +#openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager +#openshift_prometheus_alertmanager_storage_volume_size=10Gi +#openshift_prometheus_alertmanager_storage_labels={'storage': 'prometheus-alertmanager'} +#openshift_prometheus_alertmanager_storage_type='pvc' +# For prometheus-alertbuffer +#openshift_prometheus_alertbuffer_storage_kind=nfs +#openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce'] +#openshift_prometheus_alertbuffer_storage_host=nfs.example.com +#openshift_prometheus_alertbuffer_storage_nfs_directory=/exports +#openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer +#openshift_prometheus_alertbuffer_storage_volume_size=10Gi +#openshift_prometheus_alertbuffer_storage_labels={'storage': 'prometheus-alertbuffer'} +#openshift_prometheus_alertbuffer_storage_type='pvc' +# +# Option C - none -- Prometheus, alertmanager and alertbuffer will use emptydir volumes +# which are destroyed when pods are deleted + # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' @@ -662,8 +761,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_api_port=8443 #openshift_master_console_port=8443 -# set RPM version for debugging purposes -#openshift_pkg_version=-3.1.0.0 +# set exact RPM version (include - prefix) +#openshift_pkg_version=-3.6.0 +# you may also specify version and release, ie: +#openshift_pkg_version=-3.7.0-0.126.0.git.0.9351aae.el7 # Configure custom ca certificate #openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'} @@ -675,6 +776,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Configure custom named certificates (SNI certificates) # +# https://docs.openshift.org/latest/install_config/certificate_customization.html # https://docs.openshift.com/enterprise/latest/install_config/certificate_customization.html # # NOTE: openshift_master_named_certificates is cached on masters and is an @@ -739,6 +841,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # openshift_use_dnsmasq is deprecated. This must be true, or installs will fail # in versions >= 3.6 #openshift_use_dnsmasq=False + # Define an additional dnsmasq.conf file to deploy to /etc/dnsmasq.d/openshift-ansible.conf # This is useful for POC environments where DNS may not actually be available yet or to set # options like 'strict-order' to alter dnsmasq configuration. @@ -799,8 +902,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Or you may optionally define your own build overrides configuration serialized as json #openshift_buildoverrides_json='{"BuildOverrides":{"configuration":{"apiVersion":"v1","kind":"BuildDefaultsConfig","forcePull":"true"}}}' -# Enable template service broker by specifying one of more namespaces whose -# templates will be served by the broker +# Enable service catalog +#openshift_enable_service_catalog=true + +# Enable template service broker (requires service catalog to be enabled, above) +#template_service_broker_install=true + +# Configure one of more namespaces whose templates will be served by the TSB #openshift_template_service_broker_namespaces=['openshift'] # masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default @@ -821,7 +929,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} #openshift_node_env_vars={"ENABLE_HTTP2": "true"} -# Enable API service auditing, available as of 3.2 +# Enable API service auditing #openshift_master_audit_config={"enabled": true} # # In case you want more advanced setup for the auditlog you can @@ -830,6 +938,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # exist #openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5} +# Enable origin repos that point at Centos PAAS SIG, defaults to true, only used +# by deployment_type=origin +#openshift_enable_origin_repo=false + # Validity of the auto-generated OpenShift certificates in days. # See also openshift_hosted_registry_cert_expire_days above. # @@ -878,9 +990,85 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # You may wish to disable these or make them non fatal # # openshift_upgrade_pre_storage_migration_enabled=true -# openshift_upgrade_pre_storage_migration_fatal==true +# openshift_upgrade_pre_storage_migration_fatal=true # openshift_upgrade_post_storage_migration_enabled=true -# openshift_upgrade_post_storage_migration_fatal==false +# openshift_upgrade_post_storage_migration_fatal=false + +###################################################################### +# CloudForms/ManageIQ (CFME/MIQ) Configuration + +# See the readme for full descriptions and getting started +# instructions: ../../roles/openshift_management/README.md or go directly to +# their definitions: ../../roles/openshift_management/defaults/main.yml +# ../../roles/openshift_management/vars/main.yml +# +# Namespace for the CFME project +#openshift_management_project: openshift-management + +# Namespace/project description +#openshift_management_project_description: CloudForms Management Engine + +# Choose 'miq-template' for a podified database install +# Choose 'miq-template-ext-db' for an external database install +# +# If you are using the miq-template-ext-db template then you must add +# the required database parameters to the +# openshift_management_template_parameters variable. +#openshift_management_app_template: miq-template + +# Allowed options: nfs, nfs_external, preconfigured, cloudprovider. +#openshift_management_storage_class: nfs + +# [OPTIONAL] - If you are using an EXTERNAL NFS server, such as a +# netapp appliance, then you must set the hostname here. Leave the +# value as 'false' if you are not using external NFS. +#openshift_management_storage_nfs_external_hostname: false + +# [OPTIONAL] - If you are using external NFS then you must set the base +# path to the exports location here. +# +# Additionally: EXTERNAL NFS REQUIRES that YOU CREATE the nfs exports +# that will back the application PV and optionally the database +# pv. Export path definitions, relative to +# {{ openshift_management_storage_nfs_base_dir }} +# +# LOCAL NFS NOTE: +# +# You may may also change this value if you want to change the default +# path used for local NFS exports. +#openshift_management_storage_nfs_base_dir: /exports + +# LOCAL NFS NOTE: +# +# You may override the automatically selected LOCAL NFS server by +# setting this variable. Useful for testing specific task files. +#openshift_management_storage_nfs_local_hostname: false + +# These are the default values for the username and password of the +# management app. Changing these values in your inventory will not +# change your username or password. You should only need to change +# these values in your inventory if you already changed the actual +# name and password AND are trying to use integration scripts. +# +# For example, adding this cluster as a container provider, +# playbooks/byo/openshift-management/add_container_provider.yml +#openshift_management_username: admin +#openshift_management_password: smartvm + +# A hash of parameters you want to override or set in the +# miq-template.yaml or miq-template-ext-db.yaml templates. Set this in +# your inventory file as a simple hash. Acceptable values are defined +# under the .parameters list in files/miq-template{-ext-db}.yaml +# Example: +# +# openshift_management_template_parameters={'APPLICATION_MEM_REQ': '512Mi'} +#openshift_management_template_parameters: {} + +# Firewall configuration +# You can open additional firewall ports by defining them as a list. of service +# names and ports/port ranges for either masters or nodes. +#openshift_master_open_ports=[{"service":"svc1","port":"11/tcp"}] +#openshift_node_open_ports=[{"service":"svc2","port":"12-13/tcp"},{"service":"svc3","port":"14/udp"}] # host group for masters [masters] @@ -900,3 +1088,6 @@ ose3-lb-ansible.test.example.com containerized=false [nodes] ose3-master[1:3]-ansible.test.example.com ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}" + +[nfs] +ose3-nfs-ansible.test.example.com diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example deleted file mode 100644 index c54d6bca7..000000000 --- a/inventory/byo/hosts.origin.example +++ /dev/null @@ -1,899 +0,0 @@ -# This is an example of a bring your own (byo) host inventory - -# Create an OSEv3 group that contains the masters and nodes groups -[OSEv3:children] -masters -nodes -etcd -lb -nfs - -# Set variables common for all OSEv3 hosts -[OSEv3:vars] -# Enable unsupported configurations, things that will yield a partially -# functioning cluster but would not be supported for production use -#openshift_enable_unsupported_configurations=false - -# SSH user, this user should allow ssh based auth without requiring a -# password. If using ssh key based auth, then the key should be managed by an -# ssh agent. -ansible_ssh_user=root - -# If ansible_ssh_user is not root, ansible_become must be set to true and the -# user must be configured for passwordless sudo -#ansible_become=yes - -# Debug level for all OpenShift components (Defaults to 2) -debug_level=2 - -# Specify the deployment type. Valid values are origin and openshift-enterprise. -openshift_deployment_type=origin - -# Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we -# rely on the version running on the first master. Works best for containerized installs where we can usually -# use this to lookup the latest exact version of the container images, which is the tag actually used to configure -# the cluster. For RPM installations we just verify the version detected in your configured repos matches this -# release. -openshift_release=v3.7 - -# Specify an exact container image tag to install or configure. -# WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed. -# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_image_tag=v3.7.0 - -# Specify an exact rpm version to install or configure. -# WARNING: This value will be used for all hosts in RPM based environments, even those that have another version installed. -# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_pkg_version=-3.7.0 - -# This enables all the system containers except for docker: -#openshift_use_system_containers=False -# -# But you can choose separately each component that must be a -# system container: -# -#openshift_use_openvswitch_system_container=False -#openshift_use_node_system_container=False -#openshift_use_master_system_container=False -#openshift_use_etcd_system_container=False -# -# In either case, system_images_registry must be specified to be able to find the system images -#system_images_registry="docker.io" - -# Install the openshift examples -#openshift_install_examples=true - -# Configure logoutURL in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#changing-the-logout-url -#openshift_master_logout_url=http://example.com - -# Configure extensionScripts in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets -#openshift_master_extension_scripts=['/path/to/script1.js','/path/to/script2.js'] - -# Configure extensionStylesheets in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#loading-custom-scripts-and-stylesheets -#openshift_master_extension_stylesheets=['/path/to/stylesheet1.css','/path/to/stylesheet2.css'] - -# Configure extensions in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files -#openshift_master_extensions=[{'name': 'images', 'sourceDirectory': '/path/to/my_images'}] - -# Configure extensions in the master config for console customization -# See: https://docs.openshift.org/latest/install_config/web_console_customization.html#serving-static-files -#openshift_master_oauth_template=/path/to/login-template.html - -# Configure imagePolicyConfig in the master config -# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig -#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} - -# Configure master API rate limits for external clients -#openshift_master_external_ratelimit_qps=200 -#openshift_master_external_ratelimit_burst=400 -# Configure master API rate limits for loopback clients -#openshift_master_loopback_ratelimit_qps=300 -#openshift_master_loopback_ratelimit_burst=600 - -# Docker Configuration -# Add additional, insecure, and blocked registries to global docker configuration -# For enterprise deployment types we ensure that registry.access.redhat.com is -# included if you do not include it -#openshift_docker_additional_registries=registry.example.com -#openshift_docker_insecure_registries=registry.example.com -#openshift_docker_blocked_registries=registry.hacker.com -# Disable pushing to dockerhub -#openshift_docker_disable_push_dockerhub=True -# Use Docker inside a System Container. Note that this is a tech preview and should -# not be used to upgrade! -# The following options for docker are ignored: -# - docker_version -# - docker_upgrade -# The following options must not be used -# - openshift_docker_options -#openshift_docker_use_system_container=False -# Instead of using docker, replacec it with cri-o -# NOTE: This uses openshift_docker_systemcontainer_image_registry_override as it's override -# just as container-engine does. -#openshift_use_crio=False -# Force the registry to use for the docker/crio system container. By default the registry -# will be built off of the deployment type and ansible_distribution. Only -# use this option if you are sure you know what you are doing! -#openshift_docker_systemcontainer_image_override="registry.example.com/container-engine:latest" -#openshift_crio_systemcontainer_image_override="registry.example.com/cri-o:latest" -# Items added, as is, to end of /etc/sysconfig/docker OPTIONS -# Default value: "--log-driver=journald" -#openshift_docker_options="-l warn --ipv6=false" - -# Specify exact version of Docker to configure or upgrade to. -# Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. -# docker_version="1.12.1" - -# Specify whether to run Docker daemon with SELinux enabled in containers. Default is True. -# Uncomment below to disable; for example if your kernel does not support the -# Docker overlay/overlay2 storage drivers with SELinux enabled. -#openshift_docker_selinux_enabled=False - -# Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone. -# docker_upgrade=False - -# Specify exact version of etcd to configure or upgrade to. -# etcd_version="3.1.0" -# Enable etcd debug logging, defaults to false -# etcd_debug=true -# Set etcd log levels by package -# etcd_log_package_levels="etcdserver=WARNING,security=DEBUG" - -# Upgrade Hooks -# -# Hooks are available to run custom tasks at various points during a cluster -# upgrade. Each hook should point to a file with Ansible tasks defined. Suggest using -# absolute paths, if not the path will be treated as relative to the file where the -# hook is actually used. -# -# Tasks to run before each master is upgraded. -# openshift_master_upgrade_pre_hook=/usr/share/custom/pre_master.yml -# -# Tasks to run to upgrade the master. These tasks run after the main openshift-ansible -# upgrade steps, but before we restart system/services. -# openshift_master_upgrade_hook=/usr/share/custom/master.yml -# -# Tasks to run after each master is upgraded and system/services have been restarted. -# openshift_master_upgrade_post_hook=/usr/share/custom/post_master.yml - - -# Alternate image format string, useful if you've got your own registry mirror -# Configure this setting just on node or master -#oreg_url_master=example.com/openshift3/ose-${component}:${version} -#oreg_url_node=example.com/openshift3/ose-${component}:${version} -# For setting the configuration globally -#oreg_url=example.com/openshift3/ose-${component}:${version} -# If oreg_url points to a registry other than registry.access.redhat.com we can -# modify image streams to point at that registry by setting the following to true -#openshift_examples_modify_imagestreams=true - -# OpenShift repository configuration -#openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] -#openshift_repos_enable_testing=false - -# htpasswd auth -openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] -# Defining htpasswd users -#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'} -# or -#openshift_master_htpasswd_file=<path to local pre-generated htpasswd file> - -# Allow all auth -#openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}] - -# LDAP auth -#openshift_master_identity_providers=[{'name': 'my_ldap_provider', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': '', 'bindPassword': '', 'ca': 'my-ldap-ca.crt', 'insecure': 'false', 'url': 'ldap://ldap.example.com:389/ou=users,dc=example,dc=com?uid'}] -# -# Configure LDAP CA certificate -# Specify either the ASCII contents of the certificate or the path to -# the local file that will be copied to the remote host. CA -# certificate contents will be copied to master systems and saved -# within /etc/origin/master/ with a filename matching the "ca" key set -# within the LDAPPasswordIdentityProvider. -# -#openshift_master_ldap_ca=<ca text> -# or -#openshift_master_ldap_ca_file=<path to local ca file to use> - -# OpenID auth -#openshift_master_identity_providers=[{"name": "openid_auth", "login": "true", "challenge": "false", "kind": "OpenIDIdentityProvider", "client_id": "my_client_id", "client_secret": "my_client_secret", "claims": {"id": ["sub"], "preferredUsername": ["preferred_username"], "name": ["name"], "email": ["email"]}, "urls": {"authorize": "https://myidp.example.com/oauth2/authorize", "token": "https://myidp.example.com/oauth2/token"}, "ca": "my-openid-ca-bundle.crt"}] -# -# Configure OpenID CA certificate -# Specify either the ASCII contents of the certificate or the path to -# the local file that will be copied to the remote host. CA -# certificate contents will be copied to master systems and saved -# within /etc/origin/master/ with a filename matching the "ca" key set -# within the OpenIDIdentityProvider. -# -#openshift_master_openid_ca=<ca text> -# or -#openshift_master_openid_ca_file=<path to local ca file to use> - -# Request header auth -#openshift_master_identity_providers=[{"name": "my_request_header_provider", "challenge": "true", "login": "true", "kind": "RequestHeaderIdentityProvider", "challengeURL": "https://www.example.com/challenging-proxy/oauth/authorize?${query}", "loginURL": "https://www.example.com/login-proxy/oauth/authorize?${query}", "clientCA": "my-request-header-ca.crt", "clientCommonNames": ["my-auth-proxy"], "headers": ["X-Remote-User", "SSO-User"], "emailHeaders": ["X-Remote-User-Email"], "nameHeaders": ["X-Remote-User-Display-Name"], "preferredUsernameHeaders": ["X-Remote-User-Login"]}] -# -# Configure request header CA certificate -# Specify either the ASCII contents of the certificate or the path to -# the local file that will be copied to the remote host. CA -# certificate contents will be copied to master systems and saved -# within /etc/origin/master/ with a filename matching the "clientCA" -# key set within the RequestHeaderIdentityProvider. -# -#openshift_master_request_header_ca=<ca text> -# or -#openshift_master_request_header_ca_file=<path to local ca file to use> - -# CloudForms Management Engine (ManageIQ) App Install -# -# Enables installation of MIQ server. Recommended for dedicated -# clusters only. See roles/openshift_cfme/README.md for instructions -# and requirements. -#openshift_cfme_install_app=False - -# Cloud Provider Configuration -# -# Note: You may make use of environment variables rather than store -# sensitive configuration within the ansible inventory. -# For example: -#openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}" -#openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}" -# -# AWS -#openshift_cloudprovider_kind=aws -# Note: IAM profiles may be used instead of storing API credentials on disk. -#openshift_cloudprovider_aws_access_key=aws_access_key_id -#openshift_cloudprovider_aws_secret_key=aws_secret_access_key -# -# Openstack -#openshift_cloudprovider_kind=openstack -#openshift_cloudprovider_openstack_auth_url=http://openstack.example.com:35357/v2.0/ -#openshift_cloudprovider_openstack_username=username -#openshift_cloudprovider_openstack_password=password -#openshift_cloudprovider_openstack_domain_id=domain_id -#openshift_cloudprovider_openstack_domain_name=domain_name -#openshift_cloudprovider_openstack_tenant_id=tenant_id -#openshift_cloudprovider_openstack_tenant_name=tenant_name -#openshift_cloudprovider_openstack_region=region -#openshift_cloudprovider_openstack_lb_subnet_id=subnet_id -# -# GCE -#openshift_cloudprovider_kind=gce - -# Project Configuration -#osm_project_request_message='' -#osm_project_request_template='' -#osm_mcs_allocator_range='s0:/2' -#osm_mcs_labels_per_project=5 -#osm_uid_allocator_range='1000000000-1999999999/10000' - -# Configure additional projects -#openshift_additional_projects={'my-project': {'default_node_selector': 'label=value'}} - -# Enable cockpit -#osm_use_cockpit=true -# -# Set cockpit plugins -#osm_cockpit_plugins=['cockpit-kubernetes'] - -# Native high availability cluster method with optional load balancer. -# If no lb group is defined, the installer assumes that a load balancer has -# been preconfigured. For installation the value of -# openshift_master_cluster_hostname must resolve to the load balancer -# or to one or all of the masters defined in the inventory if no load -# balancer is present. -#openshift_master_cluster_method=native -#openshift_master_cluster_hostname=openshift-ansible.test.example.com -#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com - -# Pacemaker high availability cluster method. -# Pacemaker HA environment must be able to self provision the -# configured VIP. For installation openshift_master_cluster_hostname -# must resolve to the configured VIP. -#openshift_master_cluster_method=pacemaker -#openshift_master_cluster_password=openshift_cluster -#openshift_master_cluster_vip=192.168.133.25 -#openshift_master_cluster_public_vip=192.168.133.25 -#openshift_master_cluster_hostname=openshift-ansible.test.example.com -#openshift_master_cluster_public_hostname=openshift-ansible.test.example.com - -# Override the default controller lease ttl -#osm_controller_lease_ttl=30 - -# Configure controller arguments -#osm_controller_args={'resource-quota-sync-period': ['10s']} - -# Configure api server arguments -#osm_api_server_args={'max-requests-inflight': ['400']} - -# default subdomain to use for exposed routes -#openshift_master_default_subdomain=apps.test.example.com - -# additional cors origins -#osm_custom_cors_origins=['foo.example.com', 'bar.example.com'] - -# default project node selector -#osm_default_node_selector='region=primary' - -# Override the default pod eviction timeout -#openshift_master_pod_eviction_timeout=5m - -# Override the default oauth tokenConfig settings: -# openshift_master_access_token_max_seconds=86400 -# openshift_master_auth_token_max_seconds=500 - -# Override master servingInfo.maxRequestsInFlight -#openshift_master_max_requests_inflight=500 - -# Override master and node servingInfo.minTLSVersion and .cipherSuites -# valid TLS versions are VersionTLS10, VersionTLS11, VersionTLS12 -# example cipher suites override, valid cipher suites are https://golang.org/pkg/crypto/tls/#pkg-constants -#openshift_master_min_tls_version=VersionTLS12 -#openshift_master_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...'] -# -#openshift_node_min_tls_version=VersionTLS12 -#openshift_node_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...'] - -# default storage plugin dependencies to install, by default the ceph and -# glusterfs plugin dependencies will be installed, if available. -#osn_storage_plugin_deps=['ceph','glusterfs','iscsi'] - -# OpenShift Router Options -# -# An OpenShift router will be created during install if there are -# nodes present with labels matching the default router selector, -# "region=infra". Set openshift_node_labels per node as needed in -# order to label nodes. -# -# Example: -# [nodes] -# node.example.com openshift_node_labels="{'region': 'infra'}" -# -# Router selector (optional) -# Router will only be created if nodes matching this label are present. -# Default value: 'region=infra' -#openshift_hosted_router_selector='region=infra' -# -# Router replicas (optional) -# Unless specified, openshift-ansible will calculate the replica count -# based on the number of nodes matching the openshift router selector. -#openshift_hosted_router_replicas=2 -# -# Router force subdomain (optional) -# A router path format to force on all routes used by this router -# (will ignore the route host value) -#openshift_hosted_router_force_subdomain='${name}-${namespace}.apps.example.com' -# -# Router certificate (optional) -# Provide local certificate paths which will be configured as the -# router's default certificate. -#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} -# -# Manage the OpenShift Router -#openshift_hosted_manage_router=true -# -# Router sharding support has been added and can be achieved by supplying the correct -# data to the inventory. The variable to house the data is openshift_hosted_routers -# and is in the form of a list. If no data is passed then a default router will be -# created. There are multiple combinations of router sharding. The one described -# below supports routers on separate nodes. -# -#openshift_hosted_routers=[{'name': 'router1', 'certificate': {'certfile': '/path/to/certificate/abc.crt', 'keyfile': '/path/to/certificate/abc.key', 'cafile': '/path/to/certificate/ca.crt'}, 'replicas': 1, 'serviceaccount': 'router', 'namespace': 'default', 'stats_port': 1936, 'edits': [], 'images': 'openshift3/ose-${component}:${version}', 'selector': 'type=router1', 'ports': ['80:80', '443:443']}, {'name': 'router2', 'certificate': {'certfile': '/path/to/certificate/xyz.crt', 'keyfile': '/path/to/certificate/xyz.key', 'cafile': '/path/to/certificate/ca.crt'}, 'replicas': 1, 'serviceaccount': 'router', 'namespace': 'default', 'stats_port': 1936, 'edits': [{'action': 'append', 'key': 'spec.template.spec.containers[0].env', 'value': {'name': 'ROUTE_LABELS', 'value': 'route=external'}}], 'images': 'openshift3/ose-${component}:${version}', 'selector': 'type=router2', 'ports': ['80:80', '443:443']}] - -# OpenShift Registry Console Options -# Override the console image prefix for enterprise deployments, not used in origin -# default is "registry.access.redhat.com/openshift3/" and the image appended is "registry-console" -#openshift_cockpit_deployer_prefix=registry.example.com/myrepo/ -# Override image version, defaults to latest for origin, matches the product version for enterprise -#openshift_cockpit_deployer_version=1.4.1 - -# Openshift Registry Options -# -# An OpenShift registry will be created during install if there are -# nodes present with labels matching the default registry selector, -# "region=infra". Set openshift_node_labels per node as needed in -# order to label nodes. -# -# Example: -# [nodes] -# node.example.com openshift_node_labels="{'region': 'infra'}" -# -# Registry selector (optional) -# Registry will only be created if nodes matching this label are present. -# Default value: 'region=infra' -#openshift_hosted_registry_selector='region=infra' -# -# Registry replicas (optional) -# Unless specified, openshift-ansible will calculate the replica count -# based on the number of nodes matching the openshift registry selector. -#openshift_hosted_registry_replicas=2 -# -# Validity of the auto-generated certificate in days (optional) -#openshift_hosted_registry_cert_expire_days=730 -# -# Manage the OpenShift Registry -#openshift_hosted_manage_registry=true - -# Registry Storage Options -# -# NFS Host Group -# An NFS volume will be created with path "nfs_directory/volume_name" -# on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/registry" -#openshift_hosted_registry_storage_kind=nfs -#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] -# nfs_directory must conform to DNS-1123 subdomain must consist of lower case -# alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character -#openshift_hosted_registry_storage_nfs_directory=/exports -#openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)' -#openshift_hosted_registry_storage_volume_name=registry -#openshift_hosted_registry_storage_volume_size=10Gi -# -# External NFS Host -# NFS volume must already exist with path "nfs_directory/_volume_name" on -# the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/registry" -#openshift_hosted_registry_storage_kind=nfs -#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] -#openshift_hosted_registry_storage_host=nfs.example.com -# nfs_directory must conform to DNS-1123 subdomain must consist of lower case -# alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character -#openshift_hosted_registry_storage_nfs_directory=/exports -#openshift_hosted_registry_storage_volume_name=registry -#openshift_hosted_registry_storage_volume_size=10Gi -# -# Openstack -# Volume must already exist. -#openshift_hosted_registry_storage_kind=openstack -#openshift_hosted_registry_storage_access_modes=['ReadWriteOnce'] -#openshift_hosted_registry_storage_openstack_filesystem=ext4 -#openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57 -#openshift_hosted_registry_storage_volume_size=10Gi -# -# AWS S3 -# S3 bucket must already exist. -#openshift_hosted_registry_storage_kind=object -#openshift_hosted_registry_storage_provider=s3 -#openshift_hosted_registry_storage_s3_encrypt=false -#openshift_hosted_registry_storage_s3_kmskeyid=aws_kms_key_id -#openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id -#openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key -#openshift_hosted_registry_storage_s3_bucket=bucket_name -#openshift_hosted_registry_storage_s3_region=bucket_region -#openshift_hosted_registry_storage_s3_chunksize=26214400 -#openshift_hosted_registry_storage_s3_rootdirectory=/registry -#openshift_hosted_registry_pullthrough=true -#openshift_hosted_registry_acceptschema2=true -#openshift_hosted_registry_enforcequota=true -# -# Any S3 service (Minio, ExoScale, ...): Basically the same as above -# but with regionendpoint configured -# S3 bucket must already exist. -#openshift_hosted_registry_storage_kind=object -#openshift_hosted_registry_storage_provider=s3 -#openshift_hosted_registry_storage_s3_accesskey=access_key_id -#openshift_hosted_registry_storage_s3_secretkey=secret_access_key -#openshift_hosted_registry_storage_s3_regionendpoint=https://myendpoint.example.com/ -#openshift_hosted_registry_storage_s3_bucket=bucket_name -#openshift_hosted_registry_storage_s3_region=bucket_region -#openshift_hosted_registry_storage_s3_chunksize=26214400 -#openshift_hosted_registry_storage_s3_rootdirectory=/registry -#openshift_hosted_registry_pullthrough=true -#openshift_hosted_registry_acceptschema2=true -#openshift_hosted_registry_enforcequota=true -# -# Additional CloudFront Options. When using CloudFront all three -# of the followingg variables must be defined. -#openshift_hosted_registry_storage_s3_cloudfront_baseurl=https://myendpoint.cloudfront.net/ -#openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile=/full/path/to/secret.pem -#openshift_hosted_registry_storage_s3_cloudfront_keypairid=yourpairid - -# Metrics deployment -# See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html -# -# By default metrics are not automatically deployed, set this to enable them -#openshift_metrics_install_metrics=true -# -# Storage Options -# If openshift_metrics_storage_kind is unset then metrics will be stored -# in an EmptyDir volume and will be deleted when the cassandra pod terminates. -# Storage options A & B currently support only one cassandra pod which is -# generally enough for up to 1000 pods. Additional volumes can be created -# manually after the fact and metrics scaled per the docs. -# -# Option A - NFS Host Group -# An NFS volume will be created with path "nfs_directory/volume_name" -# on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/metrics" -#openshift_metrics_storage_kind=nfs -#openshift_metrics_storage_access_modes=['ReadWriteOnce'] -#openshift_metrics_storage_nfs_directory=/exports -#openshift_metrics_storage_nfs_options='*(rw,root_squash)' -#openshift_metrics_storage_volume_name=metrics -#openshift_metrics_storage_volume_size=10Gi -#openshift_metrics_storage_labels={'storage': 'metrics'} -# -# Option B - External NFS Host -# NFS volume must already exist with path "nfs_directory/_volume_name" on -# the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/metrics" -#openshift_metrics_storage_kind=nfs -#openshift_metrics_storage_access_modes=['ReadWriteOnce'] -#openshift_metrics_storage_host=nfs.example.com -#openshift_metrics_storage_nfs_directory=/exports -#openshift_metrics_storage_volume_name=metrics -#openshift_metrics_storage_volume_size=10Gi -#openshift_metrics_storage_labels={'storage': 'metrics'} -# -# Option C - Dynamic -- If openshift supports dynamic volume provisioning for -# your cloud platform use this. -#openshift_metrics_storage_kind=dynamic -# -# Other Metrics Options -- Common items you may wish to reconfigure, for the complete -# list of options please see roles/openshift_metrics/README.md -# -# Override metricsPublicURL in the master config for cluster metrics -# Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics -# Currently, you may only alter the hostname portion of the url, alterting the -# `/hawkular/metrics` path will break installation of metrics. -#openshift_metrics_hawkular_hostname=https://hawkular-metrics.example.com/hawkular/metrics -# Configure the prefix and version for the component images -#openshift_metrics_image_prefix=docker.io/openshift/origin- -#openshift_metrics_image_version=v3.7.0 -# -# StorageClass -# openshift_storageclass_name=gp2 -# openshift_storageclass_parameters={'type': 'gp2', 'encrypted': 'false'} -# - -# Logging deployment -# -# Currently logging deployment is disabled by default, enable it by setting this -#openshift_logging_install_logging=true -# -# Logging storage config -# Option A - NFS Host Group -# An NFS volume will be created with path "nfs_directory/volume_name" -# on the host within the [nfs] host group. For example, the volume -# path using these options would be "/exports/logging" -#openshift_logging_storage_kind=nfs -#openshift_logging_storage_access_modes=['ReadWriteOnce'] -#openshift_logging_storage_nfs_directory=/exports -#openshift_logging_storage_nfs_options='*(rw,root_squash)' -#openshift_logging_storage_volume_name=logging -#openshift_logging_storage_volume_size=10Gi -#openshift_logging_storage_labels={'storage': 'logging'} -# -# Option B - External NFS Host -# NFS volume must already exist with path "nfs_directory/_volume_name" on -# the storage_host. For example, the remote volume path using these -# options would be "nfs.example.com:/exports/logging" -#openshift_logging_storage_kind=nfs -#openshift_logging_storage_access_modes=['ReadWriteOnce'] -#openshift_logging_storage_host=nfs.example.com -#openshift_logging_storage_nfs_directory=/exports -#openshift_logging_storage_volume_name=logging -#openshift_logging_storage_volume_size=10Gi -#openshift_logging_storage_labels={'storage': 'logging'} -# -# Option C - Dynamic -- If openshift supports dynamic volume provisioning for -# your cloud platform use this. -#openshift_logging_storage_kind=dynamic -# -# Option D - none -- Logging will use emptydir volumes which are destroyed when -# pods are deleted -# -# Other Logging Options -- Common items you may wish to reconfigure, for the complete -# list of options please see roles/openshift_logging/README.md -# -# Configure loggingPublicURL in the master config for aggregate logging, defaults -# to kibana.{{ openshift_master_default_subdomain }} -#openshift_logging_kibana_hostname=logging.apps.example.com -# Configure the number of elastic search nodes, unless you're using dynamic provisioning -# this value must be 1 -#openshift_logging_es_cluster_size=1 -# Configure the prefix and version for the component images -#openshift_logging_image_prefix=docker.io/openshift/origin- -#openshift_logging_image_version=v3.7.0 - -# Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') -# os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' - -# Disable the OpenShift SDN plugin -# openshift_use_openshift_sdn=False - -# Configure SDN cluster network and kubernetes service CIDR blocks. These -# network blocks should be private and should not conflict with network blocks -# in your infrastructure that pods may require access to. Can not be changed -# after deployment. -# -# WARNING : Do not pick subnets that overlap with the default Docker bridge subnet of -# 172.17.0.0/16. Your installation will fail and/or your configuration change will -# cause the Pod SDN or Cluster SDN to fail. -# -# WORKAROUND : If you must use an overlapping subnet, you can configure a non conflicting -# docker0 CIDR range by adding '--bip=192.168.2.1/24' to DOCKER_NETWORK_OPTIONS -# environment variable located in /etc/sysconfig/docker-network. -# When upgrading or scaling up the following must match whats in your master config! -# Inventory: master yaml field -# osm_cluster_network_cidr: clusterNetworkCIDR -# openshift_portal_net: serviceNetworkCIDR -# When installing osm_cluster_network_cidr and openshift_portal_net must be set. -# Sane examples are provided below. -#osm_cluster_network_cidr=10.128.0.0/14 -#openshift_portal_net=172.30.0.0/16 - -# ExternalIPNetworkCIDRs controls what values are acceptable for the -# service external IP field. If empty, no externalIP may be set. It -# may contain a list of CIDRs which are checked for access. If a CIDR -# is prefixed with !, IPs in that CIDR will be rejected. Rejections -# will be applied first, then the IP checked against one of the -# allowed CIDRs. You should ensure this range does not overlap with -# your nodes, pods, or service CIDRs for security reasons. -#openshift_master_external_ip_network_cidrs=['0.0.0.0/0'] - -# IngressIPNetworkCIDR controls the range to assign ingress IPs from for -# services of type LoadBalancer on bare metal. If empty, ingress IPs will not -# be assigned. It may contain a single CIDR that will be allocated from. For -# security reasons, you should ensure that this range does not overlap with -# the CIDRs reserved for external IPs, nodes, pods, or services. -#openshift_master_ingress_ip_network_cidr=172.46.0.0/16 - -# Configure number of bits to allocate to each host's subnet e.g. 9 -# would mean a /23 network on the host. -# When upgrading or scaling up the following must match whats in your master config! -# Inventory: master yaml field -# osm_host_subnet_length: hostSubnetLength -# When installing osm_host_subnet_length must be set. A sane example is provided below. -#osm_host_subnet_length=9 - -# Configure master API and console ports. -#openshift_master_api_port=8443 -#openshift_master_console_port=8443 - -# set RPM version for debugging purposes -#openshift_pkg_version=-1.1 - -# Configure custom ca certificate -#openshift_master_ca_certificate={'certfile': '/path/to/ca.crt', 'keyfile': '/path/to/ca.key'} -# -# NOTE: CA certificate will not be replaced with existing clusters. -# This option may only be specified when creating a new cluster or -# when redeploying cluster certificates with the redeploy-certificates -# playbook. - -# Configure custom named certificates (SNI certificates) -# -# https://docs.openshift.org/latest/install_config/certificate_customization.html -# -# NOTE: openshift_master_named_certificates is cached on masters and is an -# additive fact, meaning that each run with a different set of certificates -# will add the newly provided certificates to the cached set of certificates. -# -# An optional CA may be specified for each named certificate. CAs will -# be added to the OpenShift CA bundle which allows for the named -# certificate to be served for internal cluster communication. -# -# If you would like openshift_master_named_certificates to be overwritten with -# the provided value, specify openshift_master_overwrite_named_certificates. -#openshift_master_overwrite_named_certificates=true -# -# Provide local certificate paths which will be deployed to masters -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "cafile": "/path/to/custom-ca1.crt"}] -# -# Detected names may be overridden by specifying the "names" key -#openshift_master_named_certificates=[{"certfile": "/path/to/custom1.crt", "keyfile": "/path/to/custom1.key", "names": ["public-master-host.com"], "cafile": "/path/to/custom-ca1.crt"}] - -# Session options -#openshift_master_session_name=ssn -#openshift_master_session_max_seconds=3600 - -# An authentication and encryption secret will be generated if secrets -# are not provided. If provided, openshift_master_session_auth_secrets -# and openshift_master_encryption_secrets must be equal length. -# -# Signing secrets, used to authenticate sessions using -# HMAC. Recommended to use secrets with 32 or 64 bytes. -#openshift_master_session_auth_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO'] -# -# Encrypting secrets, used to encrypt sessions. Must be 16, 24, or 32 -# characters long, to select AES-128, AES-192, or AES-256. -#openshift_master_session_encryption_secrets=['DONT+USE+THIS+SECRET+b4NV+pmZNSO'] - -# configure how often node iptables rules are refreshed -#openshift_node_iptables_sync_period=5s - -# Configure nodeIP in the node config -# This is needed in cases where node traffic is desired to go over an -# interface other than the default network interface. -#openshift_set_node_ip=True - -# Configure dnsIP in the node config -#openshift_dns_ip=172.30.0.1 - -# Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['80']} - -# Configure logrotate scripts -# See: https://github.com/nickhammond/ansible-logrotate -#logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}] - -# openshift-ansible will wait indefinitely for your input when it detects that the -# value of openshift_hostname resolves to an IP address not bound to any local -# interfaces. This mis-configuration is problematic for any pod leveraging host -# networking and liveness or readiness probes. -# Setting this variable to true will override that check. -#openshift_override_hostname_check=true - -# openshift_use_dnsmasq is deprecated. This must be true, or installs will fail -# in versions >= 3.6 -#openshift_use_dnsmasq=False - -# Define an additional dnsmasq.conf file to deploy to /etc/dnsmasq.d/openshift-ansible.conf -# This is useful for POC environments where DNS may not actually be available yet or to set -# options like 'strict-order' to alter dnsmasq configuration. -#openshift_node_dnsmasq_additional_config_file=/home/bob/ose-dnsmasq.conf - -# Global Proxy Configuration -# These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment -# variables for docker and master services. -# -# Hosts in the openshift_no_proxy list will NOT use any globally -# configured HTTP(S)_PROXYs. openshift_no_proxy accepts domains -# (.example.com), and hosts (example.com), and IP addresses. -#openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT -#openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT -#openshift_no_proxy='.hosts.example.com,some-host.com' -# -# Most environments don't require a proxy between openshift masters, nodes, and -# etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. -# If all of your hosts share a common domain you may wish to disable this and -# specify that domain above instead. -# -# For example, having hosts with FQDNs: m1.ex.com, n1.ex.com, and -# n2.ex.com, one would simply add '.ex.com' to the openshift_no_proxy -# variable (above) and set this value to False -#openshift_generate_no_proxy_hosts=True -# -# These options configure the BuildDefaults admission controller which injects -# configuration into Builds. Proxy related values will default to the global proxy -# config values. You only need to set these if they differ from the global proxy settings. -# See BuildDefaults documentation at -# https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html -#openshift_builddefaults_http_proxy=http://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_https_proxy=https://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_no_proxy=mycorp.com -#openshift_builddefaults_git_http_proxy=http://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_git_https_proxy=https://USER:PASSWORD@HOST:PORT -#openshift_builddefaults_git_no_proxy=mycorp.com -#openshift_builddefaults_image_labels=[{'name':'imagelabelname1','value':'imagelabelvalue1'}] -#openshift_builddefaults_nodeselectors={'nodelabel1':'nodelabelvalue1'} -#openshift_builddefaults_annotations={'annotationkey1':'annotationvalue1'} -#openshift_builddefaults_resources_requests_cpu=100m -#openshift_builddefaults_resources_requests_memory=256Mi -#openshift_builddefaults_resources_limits_cpu=1000m -#openshift_builddefaults_resources_limits_memory=512Mi - -# Or you may optionally define your own build defaults configuration serialized as json -#openshift_builddefaults_json='{"BuildDefaults":{"configuration":{"apiVersion":"v1","env":[{"name":"HTTP_PROXY","value":"http://proxy.example.com.redhat.com:3128"},{"name":"NO_PROXY","value":"ose3-master.example.com"}],"gitHTTPProxy":"http://proxy.example.com:3128","gitNoProxy":"ose3-master.example.com","kind":"BuildDefaultsConfig"}}}' - -# These options configure the BuildOverrides admission controller which injects -# configuration into Builds. -# See BuildOverrides documentation at -# https://docs.openshift.org/latest/admin_guide/build_defaults_overrides.html -#openshift_buildoverrides_force_pull=true -#openshift_buildoverrides_image_labels=[{'name':'imagelabelname1','value':'imagelabelvalue1'}] -#openshift_buildoverrides_nodeselectors={'nodelabel1':'nodelabelvalue1'} -#openshift_buildoverrides_annotations={'annotationkey1':'annotationvalue1'} - -# Or you may optionally define your own build overrides configuration serialized as json -#openshift_buildoverrides_json='{"BuildOverrides":{"configuration":{"apiVersion":"v1","kind":"BuildDefaultsConfig","forcePull":"true"}}}' - -# Enable template service broker by specifying one of more namespaces whose -# templates will be served by the broker -#openshift_template_service_broker_namespaces=['openshift'] - -# masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default -#openshift_master_dynamic_provisioning_enabled=False - -# Admission plugin config -#openshift_master_admission_plugin_config={"ProjectRequestLimit":{"configuration":{"apiVersion":"v1","kind":"ProjectRequestLimitConfig","limits":[{"selector":{"admin":"true"}},{"maxProjects":"1"}]}},"PodNodeConstraints":{"configuration":{"apiVersion":"v1","kind":"PodNodeConstraintsConfig"}}} - -# Configure usage of openshift_clock role. -#openshift_clock_enabled=true - -# OpenShift Per-Service Environment Variables -# Environment variables are added to /etc/sysconfig files for -# each OpenShift service: node, master (api and controllers). -# API and controllers environment variables are merged in single -# master environments. -#openshift_master_api_env_vars={"ENABLE_HTTP2": "true"} -#openshift_master_controllers_env_vars={"ENABLE_HTTP2": "true"} -#openshift_node_env_vars={"ENABLE_HTTP2": "true"} - -# Enable API service auditing, available as of 1.3 -#openshift_master_audit_config={"enabled": true} -# -# In case you want more advanced setup for the auditlog you can -# use this line. -# The directory in "auditFilePath" will be created if it's not -# exist -#openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5} - -# Enable origin repos that point at Centos PAAS SIG, defaults to true, only used -# by deployment_type=origin -#openshift_enable_origin_repo=false - -# Validity of the auto-generated OpenShift certificates in days. -# See also openshift_hosted_registry_cert_expire_days above. -# -#openshift_ca_cert_expire_days=1825 -#openshift_node_cert_expire_days=730 -#openshift_master_cert_expire_days=730 - -# Validity of the auto-generated external etcd certificates in days. -# Controls validity for etcd CA, peer, server and client certificates. -# -#etcd_ca_default_days=1825 -# -# ServiceAccountConfig:LimitSecretRefences rejects pods that reference secrets their service accounts do not reference -# openshift_master_saconfig_limitsecretreferences=false - -# Upgrade Control -# -# By default nodes are upgraded in a serial manner one at a time and all failures -# are fatal, one set of variables for normal nodes, one set of variables for -# nodes that are part of control plane as the number of hosts may be different -# in those two groups. -#openshift_upgrade_nodes_serial=1 -#openshift_upgrade_nodes_max_fail_percentage=0 -#openshift_upgrade_control_plane_nodes_serial=1 -#openshift_upgrade_control_plane_nodes_max_fail_percentage=0 -# -# You can specify the number of nodes to upgrade at once. We do not currently -# attempt to verify that you have capacity to drain this many nodes at once -# so please be careful when specifying these values. You should also verify that -# the expected number of nodes are all schedulable and ready before starting an -# upgrade. If it's not possible to drain the requested nodes the upgrade will -# stall indefinitely until the drain is successful. -# -# If you're upgrading more than one node at a time you can specify the maximum -# percentage of failure within the batch before the upgrade is aborted. Any -# nodes that do fail are ignored for the rest of the playbook run and you should -# take care to investigate the failure and return the node to service so that -# your cluster. -# -# The percentage must exceed the value, this would fail on two failures -# openshift_upgrade_nodes_serial=4 openshift_upgrade_nodes_max_fail_percentage=49 -# where as this would not -# openshift_upgrade_nodes_serial=4 openshift_upgrade_nodes_max_fail_percentage=50 -# -# Multiple data migrations take place and if they fail they will fail the upgrade -# You may wish to disable these or make them non fatal -# -# openshift_upgrade_pre_storage_migration_enabled=true -# openshift_upgrade_pre_storage_migration_fatal==true -# openshift_upgrade_post_storage_migration_enabled=true -# openshift_upgrade_post_storage_migration_fatal==false - -# host group for masters -[masters] -ose3-master[1:3]-ansible.test.example.com - -[etcd] -ose3-etcd[1:3]-ansible.test.example.com - -# NOTE: Containerized load balancer hosts are not yet supported, if using a global -# containerized=true host variable we must set to false. -[lb] -ose3-lb-ansible.test.example.com containerized=false - -# NOTE: Currently we require that masters be part of the SDN which requires that they also be nodes -# However, in order to ensure that your masters are not burdened with running pods you should -# make them unschedulable by adding openshift_schedulable=False any node that's also a master. -[nodes] -ose3-master[1:3]-ansible.test.example.com -ose3-node[1:2]-ansible.test.example.com openshift_node_labels="{'region': 'primary', 'zone': 'default'}" diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 000000000..7f867d73b --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: diff --git a/openshift-ansible.spec b/openshift-ansible.spec index c3a477bf6..2d3dfff75 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -9,8 +9,8 @@ %global __requires_exclude ^/usr/bin/ansible-playbook$ Name: openshift-ansible -Version: 3.7.0 -Release: 0.143.0%{?dist} +Version: 3.8.0 +Release: 0.3.0%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 URL: https://github.com/openshift/openshift-ansible @@ -21,7 +21,12 @@ Requires: ansible >= 2.3 Requires: python2 Requires: python-six Requires: tar -Requires: openshift-ansible-docs = %{version} +Requires: %{name}-docs = %{version}-%{release} +Requires: %{name}-playbooks = %{version}-%{release} +Requires: %{name}-roles = %{version}-%{release} +Requires: %{name}-filter-plugins = %{version}-%{release} +Requires: %{name}-lookup-plugins = %{version}-%{release} +Requires: %{name}-callback-plugins = %{version}-%{release} Requires: java-1.8.0-openjdk-headless Requires: httpd-tools Requires: libselinux-python @@ -64,6 +69,9 @@ rm -f %{buildroot}%{python_sitelib}/openshift_ansible/gce mkdir -p docs/example-inventories cp inventory/byo/* docs/example-inventories/ +# openshift-ansible-files install +cp -rp files %{buildroot}%{_datadir}/ansible/%{name}/ + # openshift-ansible-playbooks install cp -rp playbooks %{buildroot}%{_datadir}/ansible/%{name}/ # remove contiv plabooks @@ -122,6 +130,7 @@ popd %doc README* %license LICENSE %dir %{_datadir}/ansible/%{name} +%{_datadir}/ansible/%{name}/files %{_datadir}/ansible/%{name}/library %ghost %{_datadir}/ansible/%{name}/playbooks/common/openshift-master/library.rpmmoved @@ -130,7 +139,7 @@ popd # ---------------------------------------------------------------------------------- %package docs Summary: Openshift and Atomic Enterprise Ansible documents -Requires: %{name} = %{version} +Requires: %{name} = %{version}-%{release} BuildArch: noarch %description docs @@ -144,11 +153,11 @@ BuildArch: noarch # ---------------------------------------------------------------------------------- %package playbooks Summary: Openshift and Atomic Enterprise Ansible Playbooks -Requires: %{name} = %{version} -Requires: %{name}-roles = %{version} -Requires: %{name}-lookup-plugins = %{version} -Requires: %{name}-filter-plugins = %{version} -Requires: %{name}-callback-plugins = %{version} +Requires: %{name} = %{version}-%{release} +Requires: %{name}-roles = %{version}-%{release} +Requires: %{name}-lookup-plugins = %{version}-%{release} +Requires: %{name}-filter-plugins = %{version}-%{release} +Requires: %{name}-callback-plugins = %{version}-%{release} BuildArch: noarch %description playbooks @@ -188,10 +197,10 @@ end # openshift-ansible-roles subpackage # ---------------------------------------------------------------------------------- Summary: Openshift and Atomic Enterprise Ansible roles -Requires: %{name} = %{version} -Requires: %{name}-lookup-plugins = %{version} -Requires: %{name}-filter-plugins = %{version} -Requires: %{name}-callback-plugins = %{version} +Requires: %{name} = %{version}-%{release} +Requires: %{name}-lookup-plugins = %{version}-%{release} +Requires: %{name}-filter-plugins = %{version}-%{release} +Requires: %{name}-callback-plugins = %{version}-%{release} BuildArch: noarch %description roles @@ -206,7 +215,7 @@ BuildArch: noarch # ---------------------------------------------------------------------------------- %package filter-plugins Summary: Openshift and Atomic Enterprise Ansible filter plugins -Requires: %{name} = %{version} +Requires: %{name} = %{version}-%{release} BuildArch: noarch Requires: pyOpenSSL @@ -223,7 +232,7 @@ Requires: pyOpenSSL # ---------------------------------------------------------------------------------- %package lookup-plugins Summary: Openshift and Atomic Enterprise Ansible lookup plugins -Requires: %{name} = %{version} +Requires: %{name} = %{version}-%{release} BuildArch: noarch %description lookup-plugins @@ -239,7 +248,7 @@ BuildArch: noarch # ---------------------------------------------------------------------------------- %package callback-plugins Summary: Openshift and Atomic Enterprise Ansible callback plugins -Requires: %{name} = %{version} +Requires: %{name} = %{version}-%{release} BuildArch: noarch %description callback-plugins @@ -256,7 +265,7 @@ BuildArch: noarch %package -n atomic-openshift-utils Summary: Atomic OpenShift Utilities BuildRequires: python-setuptools -Requires: %{name}-playbooks = %{version} +Requires: %{name}-playbooks = %{version}-%{release} Requires: python-click Requires: python-setuptools Requires: PyYAML @@ -276,6 +285,795 @@ Atomic OpenShift Utilities includes %changelog +* Fri Nov 17 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.3.0 +- papr: auto-detect image tag to use and bump to f27 (jlebon@redhat.com) +- Updating mtu value to int (kwoodson@redhat.com) +- fix the logging-es-prometheus selector (jcantril@redhat.com) +- GlusterFS: Add configuration for auto creating block-hosting volumes + (jarrpa@redhat.com) +- Playbook Consolidation - openshift-checks (rteague@redhat.com) +- Combine openshift_node and openshift_node_upgrade (mgugino@redhat.com) +- registry-console: align image and check (lmeyer@redhat.com) +- registry-console template 3.8 consistency (lmeyer@redhat.com) +- registry-console template 3.7 consistency (lmeyer@redhat.com) +- registry-console template 3.6 consistency (lmeyer@redhat.com) + +* Thu Nov 16 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.2.0 +- Fix openstack init (rteague@redhat.com) +- Ensure node service is started. (kwoodson@redhat.com) +- Added aos-3.8 releaser for tito (smunilla@redhat.com) +- Playbook Consolidation - Initialization (rteague@redhat.com) +- Minor tweaks to ansible.cfg and example inventory (rteague@redhat.com) +- Removed old version code (mgugino@redhat.com) +- Fixing islnk. (kwoodson@redhat.com) +- Removing setting prefix and version facts in openshift_logging to let the + component roles set their defaults (ewolinet@redhat.com) +- Create prometheus configmaps before statefulset (zgalor@redhat.com) +- Bug 1510496 - logging: honor ES PVC size (jwozniak@redhat.com) +- Combine master upgrade play with role (mgugino@redhat.com) +- Fix stale data in openshift_facts for logging (mgugino@redhat.com) +- Start requiring Ansible 2.4 (rteague@redhat.com) +- Fixing origin default for es proxy (ewolinet@redhat.com) +- Addressing tox errors (ewolinet@redhat.com) +- Addressing comments (ewolinet@redhat.com) +- Initial Kuryr Ports Pool Support (ltomasbo@redhat.com) +- Remove an unused retry file (tomas@sedovic.cz) +- Namespace the docker volumes (tomas@sedovic.cz) +- Fix tox (tomas@sedovic.cz) +- Namespace the OpenStack vars (tomas@sedovic.cz) +- Use `null` instead of `False` where it makes sense (tomas@sedovic.cz) +- Simplify the template paths for the storage setup (tomas@sedovic.cz) +- Use the default `item` loop variable for checks (tomas@sedovic.cz) +- Move the selinux check up (tomas@sedovic.cz) +- Add the DNS updates and rename the openstack vars (tomas@sedovic.cz) +- Remove the subnet_update_dns_servers task list (tomas@sedovic.cz) +- Move the vars/main.yml to defaults (tomas@sedovic.cz) +- FIXUP ANSIBLE CFG (tomas@sedovic.cz) +- Remove the static_inventory and bastion samples (tomas@sedovic.cz) +- Use the existing ansible.cfg file (tomas@sedovic.cz) +- Remove the subscription-manager role (tomas@sedovic.cz) +- Add a stub of the dns record update code in (tomas@sedovic.cz) +- Use correct host group in provision.yml (tomas@sedovic.cz) +- Remove the post-install and scale-up playbooks (tomas@sedovic.cz) +- Remove the openstack custom-actions for now (tomas@sedovic.cz) +- Remove the extra roles (tomas@sedovic.cz) +- Add openshift_openstack role and move tasks there (tomas@sedovic.cz) +- Use the docker-storage-setup role (tomas@sedovic.cz) +- Update readme (tomas@sedovic.cz) +- Update lookup plugins path (tomas@sedovic.cz) +- .gitignore casl-infra (tomas@sedovic.cz) +- Move the OpenStack playbooks (tomas@sedovic.cz) +- Updating logging components image defaulting pattern to match + openshift_logging pattern (ewolinet@redhat.com) +- logging with static pvc: allow specifying the storage class name + (bart.vanbos@kbc.be) +- Add role to configure project request template (hansmi@vshn.ch) +- Remove bash highlight (tomas@sedovic.cz) +- Revert the console hostname change (tomas@sedovic.cz) +- Add Extra CAs (custom post-provision action) (#801) (tlacencin@gmail.com) +- Add Flannel support (#814) (bdobreli@redhat.com) +- Docker storage fix (#812) (cwilkers@redhat.com) +- [WIP] Merge server with nofloating server heat templates (#761) + (bdobreli@redhat.com) +- Support separate data network for Flannel SDN (#757) (bdobreli@redhat.com) +- Add Extra Docker Registry URLs (custom post-provision action) (#794) + (tlacencin@gmail.com) +- Make the private key examples consistent (tomas@sedovic.cz) +- Allow the specification of server group policies when provisioning openstack + (#747) (tzumainn@redhat.com) +- Attach additional RHN Pools (post-provision custom action) (#753) + (tlacencin@gmail.com) +- Streamline the OpenStack provider README (tomas@sedovic.cz) +- Adding support for cluster-autoscaler role (kwoodson@redhat.com) +- Fix for this issue https://bugzilla.redhat.com/show_bug.cgi?id=1495372 (#793) + (edu@redhat.com) +- Add CentOS support to the docker-storage-setup role (tomas@sedovic.cz) +- Replace the CASL references (#778) (tomas@sedovic.cz) +- Set public_v4 to private_v4 if it doesn't exist (tomas@sedovic.cz) +- Fix flake8 errors (tomas@sedovic.cz) +- Add dynamic inventory (tomas@sedovic.cz) +- Fixing various contrib changes causing CASL breakage (#771) + (oybed@users.noreply.github.com) +- Required variables to create dedicated lv (#766) (edu@redhat.com) +- Adding the option to use 'stack_state' to allow for easy de-provisioning + (#754) (oybed@users.noreply.github.com) +- Fix public master cluster DNS record when using bastion (#752) + (bdobreli@redhat.com) +- Upscaling OpenShift application nodes (#571) (tlacencin@gmail.com) +- load balancer formatting fix (#745) (tzumainn@redhat.com) +- Docker ansible host (#742) (tomas@sedovic.cz) +- Empty ssh (#729) (tomas@sedovic.cz) +- Remove the `rhsm_register` value from inventory (tomas@sedovic.cz) +- Make the `rhsm_register` value optional (tomas@sedovic.cz) +- Clear the previous inventory during provisioning (tomas@sedovic.cz) +- Fix the cinder_registry_volume conditional (tomas@sedovic.cz) +- Pre-create a Cinder registry volume (tomas@sedovic.cz) +- Add ability to support custom api and console ports (#712) + (etsauer@gmail.com) +- Support Cinder-backed Openshift registry (#707) (tomas@sedovic.cz) +- openstack: make server ports be trunk ports (#713) (celebdor@gmail.com) +- Point openshift_master_cluster_public_hostname at master or lb if defined + (#706) (tzumainn@redhat.com) +- Allow using a provider network (#701) (tomas@sedovic.cz) +- Document global DNS security options (#694) (bdobreli@redhat.com) +- Add custom post-provision playbook for adding yum repos (#697) + (tzumainn@redhat.com) +- Support external/pre-provisioned authoritative cluster DNS (#690) + (bdobreli@redhat.com) +- Added checks for configured images and flavors (#688) (tlacencin@gmail.com) +- Cast num_* as int for jinja templates (#685) (bdobreli@redhat.com) +- Do not repeat pre_tasks for post-provision playbook (#689) + (bdobreli@redhat.com) +- Fix node label customisation (#679) (tlacencin@gmail.com) +- Add documentation regarding running custom post-provision tasks (#678) + (tzumainn@redhat.com) +- Add docs and defaults for multi-master setup (bdobreli@redhat.com) +- Ignore *.cfg and *.crt in the openstack inventory (#672) (tomas@sedovic.cz) +- Update openshift_release in the sample inventory (#647) (tomas@sedovic.cz) +- Configure different Docker volume sizes for different roles (#644) + (tlacencin@gmail.com) +- Avoid server recreation in case of user_data modification. (#651) + (robipolli@gmail.com) +- Set custom hostnames for servers (#643) (tlacencin@gmail.com) +- Access UI via a bastion node (#596) (bdobreli@redhat.com) +- group_vars/all.yml, stack_params.yaml, README: specifying flavors enabled and + documented (#638) (tlacencin@gmail.com) +- Specify different image names for roles (#637) (tlacencin@gmail.com) +- Support multiple private networks for static inventory (#604) + (bdobreli@redhat.com) +- Allow using ephemeral volumes for docker storage (#615) (tomas@sedovic.cz) +- Remove clouds.yaml from sample-inventory (tomas@sedovic.cz) +- Moving common DNS roles out of the playbook area (#605) + (oybed@users.noreply.github.com) +- Note about jmespath requirement for control node (#599) (bdobreli@redhat.com) +- removed openstack (djurgens@redhat.com) +- Add wildcard pointer to Private DNS (djurgens@redhat.com) +- Options for bastion, SSH config, static inventory autogeneration + (bdobreli@redhat.com) +- Add bastion and ssh config for the static inventory role + (bdobreli@redhat.com) +- Set openshift_hostname explicitly for openstack (#579) (tomas@sedovic.cz) +- README: Added note about infra-ansible installation (#574) + (tlacencin@gmail.com) +- Static inventory autogeneration (#550) (bdobreli@redhat.com) +- Generate static inventory with shade inventory (#538) (bdobreli@redhat.com) +- Include masters into etcd group, when it is empty (#559) + (bdobreli@redhat.com) +- During provisioning, make unnecessary packages optional under a switch (#561) + (tlacencin@gmail.com) +- Set ansible_become for the OSEv3 group (tomas@sedovic.cz) +- README: fix (kpilatov@redhat.com) +- README: typo (kpilatov@redhat.com) +- dependencies: python-heatclient and python-openstackclient added to optional + dependencies (kpilatov@redhat.com) +- README: added prerequisity for a repository needed for python-openstackclient + installation (kpilatov@redhat.com) +- Add a role to generate a static inventory (#540) (bdobreli@redhat.com) +- Retry tasks in the subscription manager role (#552) (tlacencin@gmail.com) +- Set up NetworkManager automatically (#542) (tomas@sedovic.cz) +- Replace greaterthan and equalto in openstack-stack (tomas@sedovic.cz) +- Switch the sample inventory to CentOS (#541) (tomas@sedovic.cz) +- Add defaults values for some openstack vars (#539) (tomas@sedovic.cz) +- Install DNS roles from casl-infra with galaxy (#529) (bdobreli@redhat.com) +- Playbook prerequisites.yml checks that prerequisites are met before + provisioning (#518) (tlacencin@gmail.com) +- Persist DNS configuration for nodes for openstack provider + (bdobreli@redhat.com) +- Manage packages to install/update for openstack provider + (bdobreli@redhat.com) +- Fix yaml indentation (tomas@sedovic.cz) +- Use wait_for_connection for the Heat nodes (tomas@sedovic.cz) +- Put back node/flat secgrp for infra nodes on openstack (bdobreli@redhat.com) +- README.md: fixing typo (kpilatov@redhat.com) +- README.md: list jinja2 as a dependency (kpilatov@redhat.com) +- Modify sec groups for provisioned openstack servers (bdobreli@redhat.com) +- rename node_removal_policies, add some comments and defaults + (tzumainn@redhat.com) +- all.yml: removed whitespaces in front of variables (kpilatov@redhat.com) +- removed whitespace in front of commented variable (kpilatov@redhat.com) +- OSEv3.yml: trailing space... (kpilatov@redhat.com) +- OSEv3.yml: added option to ignore set hardware limits for RAM and DISK + (kpilatov@redhat.com) +- Fix flat sec group and infra/dns sec rules (bdobreli@redhat.com) +- Add node_removal_policies variable to allow for scaling down + (tzumainn@redhat.com) +- Use cached facts, do not become for localhost (#484) (bdobreli@redhat.com) +- Add profiling and skippy stdout (#470) (bdobreli@redhat.com) +- Fix flake8 errors with the openstack inventory (tomas@sedovic.cz) +- Fix yamllint errors (tomas@sedovic.cz) +- Update sample inventory with the latest changes (tomas@sedovic.cz) +- Gather facts for provision playbook (bdobreli@redhat.com) +- Drop atomic-openshift-utils, update docs for origin (bdobreli@redhat.com) +- Add ansible.cfg for openstack provider (bdobreli@redhat.com) +- Add a flat sec group for openstack provider (bdobreli@redhat.com) +- Always let the openshift nodes access the DNS (tomas@sedovic.cz) +- Fix privileges in the pre-install playbook (tomas@sedovic.cz) +- Add default values to provision-openstack.yml (tomas@sedovic.cz) +- Move pre_tasks from to the openstack provisioner (tomas@sedovic.cz) +- Add readme (tomas@sedovic.cz) +- Add license for openstack.py in inventory (tomas@sedovic.cz) +- Add a sample inventory for openstack provisioning (tomas@sedovic.cz) +- Symlink roles to provisioning/openstack/roles (tomas@sedovic.cz) +- Add a single provisioning playbook (tomas@sedovic.cz) +- Move the openstack provisioning playbooks (tomas@sedovic.cz) +- Update CASL to use nsupdate for DNS records (#48) + (oybed@users.noreply.github.com) +- Conditionally set the openshift_master_default_subdomain to avoid overriding + it unecessary (#47) (oybed@users.noreply.github.com) +- More ansible migration and deploy OCP from local workstation (#376) + (pschiffe@redhat.com) +- Removed hardcoded values from ansible roles (edu@redhat.com) +- First attempt at a simple multi-master support (#39) (etsauer@gmail.com) +- Stack refactor (#38) (etsauer@gmail.com) +- Ensure DNS configuration has wildcards set for infra nodes (#24) + (oybed@users.noreply.github.com) +- Fixing two significant bugs in the HEAT deployment (#13) (etsauer@gmail.com) +- update for yamllint errors (jdetiber@redhat.com) +- Making providers common (#126) (rcook@redhat.com) +- Openstack heat (#2) (etsauer@gmail.com) +- Fixing ansible impl to work with OSP9 and ansible 2.2 (bedin@redhat.com) +- Updated env_id to be a sub-domain + make the logic a bit more flexible + (bedin@redhat.com) +- Fixes Issue #163 if rhsm_password is not defined (vvaldez@redhat.com) +- Cleande up hostname role to make it more generic (bedin@redhat.com) +- Updated to run as root rather than cloud-user, for now... (bedin@redhat.com) +- Channging hard coded host groups to match openshift-ansible expected host + groups. Importing byo playbook now instead of nested ansible run. Need to + refactor how we generate hostnames to make it fit this. (esauer@redhat.com) +- Subscription manager role should accomodate orgs with spaces + (esauer@redhat.com) +- Reverting previous commit and making template adjustments (esauer@redhat.com) +- Changes to allow runs from inside a container. Also allows for running + upstream openshift-ansible installer (esauer@redhat.com) +- Changes by JayKayy for a full provision of OpenShift on OpenStack + (esauer@redhat.com) +- Fix typo in task name (vvaldez@redhat.com) +- Add org parameter to Satellite with user/pass (vvaldez@redhat.com) +- Remove vars_prompt, add info to README to re-enable and for ansible-vault + (vvaldez@redhat.com) +- Cosmetic changes to task names and move yum clean all to prereqs + (vvaldez@redhat.com) +- Refactor use of rhsm_password to prevent display to CLI (vvaldez@redhat.com) +- Fix bad syntax with extra 'and' in when using rhsm_pool (vvaldez@redhat.com) +- Refactor role to dynamically determine rhsm_method (vvaldez@redhat.com) +- Add subscription-manager support for Hosted or Satellite (vvaldez@redhat.com) +- New OSE3 docker host builder and OpenStack ansible provisioning support + (andy.block@gmail.com) + +* Wed Nov 15 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.8.0-0.1.0 +- Allow disabling authorization migration check (sdodson@redhat.com) +- Alternative method to create docker registry auth creds (mgugino@redhat.com) +- Nuke /var/lib/dockershim/sandbox/* while nodes are drained + (sdodson@redhat.com) +- crio: sync crio.conf (gscrivan@redhat.com) +- Updating provisioning order. (kwoodson@redhat.com) +- Regex anchors changed to match protocol start and ports. + (kwoodson@redhat.com) +- First pass at v3.8 support (sdodson@redhat.com) +- Run registry auth after docker restart (mgugino@redhat.com) +- Fix extension script for catalog (mgugino@redhat.com) +- Adding instance profile support for node groups. (kwoodson@redhat.com) +- Bumping openshift-ansible to 3.8 (smunilla@redhat.com) +- ansible.cfg: error when inventory does not parse (lmeyer@redhat.com) +- removing kind restrictions from oc_edit (kwoodson@redhat.com) +- Update Docs. Make Clearer where the actual docs are. (tbielawa@redhat.com) +- Remove upgrade playbooks for 3.3 through 3.5 (rteague@redhat.com) +- GlusterFS: Add gluster-s3 functionality (jarrpa@redhat.com) +- GlusterFS: Add glusterblock functionality (jarrpa@redhat.com) +- GlusterFS: Update heketi templates for latest version (jarrpa@redhat.com) +- GlusterFS: Specify resource requests (jarrpa@redhat.com) +- Remove remaining haproxy files with uninstallation + (nakayamakenjiro@gmail.com) +- Proposal: container_runtime role (mgugino@redhat.com) +- Fix contenerized documentation? (mickael.canevet@camptocamp.com) +- Cleans up additional artifacts in uninstall. Closes 3082 + (gregswift@gmail.com) +- Add execution times to checkpoint status (rteague@redhat.com) +- Make clearer *_nfs_directory and *_volume_name (lpsantil@gmail.com) +- Allow cluster IP for docker-registry service to be set (hansmi@vshn.ch) + +* Thu Nov 09 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.5-1 +- + +* Wed Nov 08 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.4-1 +- + +* Wed Nov 08 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.3-1 +- Adding configuration for keeping transient namespace on error. + (shawn.hurley21@gmail.com) +- Use openshift.common.client_binary (sdodson@redhat.com) +- Fix examples image streams (mgugino@redhat.com) +- Remove duplicate defaulting for ASB and TSB (sdodson@redhat.com) +- Fix preupgrade authorization objects are in sync minor versions + (mgugino@redhat.com) +- General template updates for v3.7 (sdodson@redhat.com) +- Update to xPaaS v1.4.6 (sdodson@redhat.com) +- Bug 1511044- Slurp the etcd certs instead of using the lookup + (fabian@fabianism.us) +- Change prometheus default namespace to 'openshift-metrics' + (zgalor@redhat.com) +- Bootstrap enhancements. (kwoodson@redhat.com) +- reconcile registry-console and docker_image_availability (lmeyer@redhat.com) + +* Wed Nov 08 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.2-1 +- Remove debug code that was mistakenly committed (zgalor@redhat.com) +- Correct service restart command (sdodson@redhat.com) +- Give service-catalog controller-manager permissions to update status of + ClusterServiceClasses and ClusterServicePlans (staebler@redhat.com) + +* Wed Nov 08 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.1-1 +- Bug 1510636- add name to local registry config (fabian@fabianism.us) + +* Wed Nov 08 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.198.0 +- container_binary_sync: Remove atomic prefix from image (smilner@redhat.com) +- Bug 1510546- Fix previous fix, task was indented one level too deep + (fabian@fabianism.us) +- Use oc rather than kubectl (sdodson@redhat.com) +- Re-add challenge auth verification to github and google (mgugino@redhat.com) +- Move fact definition that breaks when check to end of block + (fabian@fabianism.us) +- [Bug 1509354] Check if routers have certificates and use them + (kwoodson@redhat.com) +- Fix v3.6 xpaas image streams (sdodson@redhat.com) +- Fix v3.7 xpaas image streams (sdodson@redhat.com) +- Fix prometheus default vars (mgugino@redhat.com) +- openshift_checks: Add OVS versions for OCP 3.7 (miciah.masters@gmail.com) +- Proper quotes (dymurray@redhat.com) +- Update service broker configmap and serviceaccount privileges + (dymurray@redhat.com) +- Add etcd as part of inventory file. Otherwise, it fails as "Running etcd as + an embedded service is no longer supported." (sarumuga@redhat.com) +- Add centos based dotnet 2.0 image streams (sdodson@redhat.com) + +* Tue Nov 07 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.197.0 +- Temporarily set master servingInfo.clientCA as client-ca-bundle.crt during + rolling CA redeployment. (abutcher@redhat.com) +- container-engine: ensure /var/lib/containers/ is properly labelled + (gscrivan@redhat.com) +- Moving docker location to share path with system containers. + (kwoodson@redhat.com) +- Retry restarting master controllers (mgugino@redhat.com) +- Bug 1509680- Fix ansible-service-broker registry validations + (fabian@fabianism.us) +- Fix preupgrade authorization objects are in sync (mgugino@redhat.com) +- Bug 1507617- Move etcd into its own service/dc with SSL (fabian@fabianism.us) + +* Mon Nov 06 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.196.0 +- Bug 1509052 - Remove logfile from broker config (david.j.zager@gmail.com) +- Fix github auth validation (mgugino@redhat.com) +- Re-generate lib_openshift (mail@jkroepke.de) +- Remove provisioner restrictions on oc_storageclass (mail@jkroepke.de) + +* Mon Nov 06 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.195.0 +- Bug 1507787- add full path to default asb etcd image (fabian@fabianism.us) + +* Sun Nov 05 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.194.0 +- Revert "Bootstrap enhancements." (ccoleman@redhat.com) + +* Sun Nov 05 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.193.0 +- management: enterprise users must acknowledge use of beta software + (tbielawa@redhat.com) + +* Sat Nov 04 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.192.0 +- Bootstrap enhancements. (kwoodson@redhat.com) +- Fix master upgrade version detect and systemd enable (mgugino@redhat.com) +- Correct groupname during upgrade_control_plane play (mgugino@redhat.com) +- openshift_hosted: Add docker-gc (smilner@redhat.com) +- Remove old /etc/yum.repos.d/openshift_additional.repo file. + (abutcher@redhat.com) +- CFME: Use cluster_hostname if cluster_public_hostname isn't available + (tbielawa@redhat.com) +- Use client binary and well defined kubeconfig (sdodson@redhat.com) +- Ensure install and remove are mutually exclusive via + openshift_sanitize_inventory (sdodson@redhat.com) +- Enable SC, ASB, TSB by default (sdodson@redhat.com) +- Using the currently attached pvc for an ES dc if available, otherwise falling + back to current logic (ewolinet@redhat.com) +- Adding elb changes to provision elbs and add to scale group. + (kwoodson@redhat.com) +- Give admin and edit roles permission to patch ServiceInstances and + ServiceBindings (staebler@redhat.com) + +* Fri Nov 03 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.191.0 +- Adding CONFIG_FILE option back. (kwoodson@redhat.com) +- Configurable node config location. (kwoodson@redhat.com) +- Add enterprise prometheus image defaults (sdodson@redhat.com) +- Adding meta/main.yml to allow for Galaxy use of this repo (bedin@redhat.com) + +* Thu Nov 02 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.190.0 +- check presence of v2 snapshot before the migration proceeds + (jchaloup@redhat.com) +- Remove delegate_to from openshift_facts within the openshift_ca role. + (abutcher@redhat.com) +- Don't use possibly undefined variables in error messages + (tbielawa@redhat.com) +- MTU for bootstrapping should default to openshift_node_sdn_mtu + (ccoleman@redhat.com) +- Retry service account bootstrap kubeconfig creation (ccoleman@redhat.com) +- Docker: make use of new etc/containers/registries.conf optional + (mgugino@redhat.com) +- Add rules to the view ClusterRole for service catalog. (staebler@redhat.com) +- Updating console OPENSHIFT_CONSTANTS flag for TSB (ewolinet@redhat.com) +- GlusterFS: Fix registry storage documentation (jarrpa@redhat.com) +- fix comment and make it visible to end-user (azagayno@redhat.com) +- escape also custom_cors_origins (azagayno@redhat.com) +- add comment on regexp specifics (azagayno@redhat.com) +- escape corsAllowedOrigins regexp strings and anchor them + (azagayno@redhat.com) + +* Wed Nov 01 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.189.0 +- Stating that certificate it is required when doing SSL on ELB. + (kwoodson@redhat.com) +- Ensure GCP image build instance gets cleaned up on teardown + (ccoleman@redhat.com) +- Switch from bind-interfaces to bind-dynamic (sdodson@redhat.com) +- Remove unused osm_controller_lease_ttl (mgugino@redhat.com) +- Delete images located in a family named {{ prefix }}images + (ccoleman@redhat.com) +- Use global IP to indicate node should pick DNS (ccoleman@redhat.com) +- Remove project metadata prefixed with the cluster prefix + (ccoleman@redhat.com) +- Use openshift.node.registry_url instead of oreg_url (ccoleman@redhat.com) +- Allow master node group to wait for stable on GCP (ccoleman@redhat.com) +- GCP cannot use AWS growpart package (ccoleman@redhat.com) +- dnsmasq cache-size dns-forward-max change (pcameron@redhat.com) +- Also require that we match the release (sdodson@redhat.com) +- Add arbitrary firewall port config to master too (sdodson@redhat.com) +- remove master.service during the non-ha to ha upgrade (jchaloup@redhat.com) +- Removing unneeded bootstrap which moved into the product. + (kwoodson@redhat.com) +- Add retry logic to docker auth credentials (mgugino@redhat.com) +- Retry restarting journald (mgugino@redhat.com) +- Modify StorageClass name to standard (piqin@redhat.com) +- Give PV & PVC empty storage class to avoid being assigned default gp2 + (mawong@redhat.com) +- Use oc_project to ensure openshift_provisioners_project present + (mawong@redhat.com) +- Fix yaml formatting (mawong@redhat.com) +- Create default storageclass for cloudprovider openstack (piqin@redhat.com) +- preserve the oo-install ansible_inventory_path value (rmeggins@redhat.com) + +* Tue Oct 31 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.188.0 +- Add dm_thin_pool for gluster use (sdodson@redhat.com) +- Fix broken oc_secret update function (barlik@gmx.com) +- add new clusterNetworks fields to new installs (jtanenba@redhat.com) +- docker: Create openshift_docker_is_node_or_master variable + (smilner@redhat.com) +- Correctly install cockpit (sdodson@redhat.com) +- Glusterfs storage templates for v1.5 added (chinacoolhacker@gmail.com) +- bug 1501599. Omit logging project from overcommit restrictions + (jcantril@redhat.com) +- GlusterFS: Remove image option from heketi command (jarrpa@redhat.com) + +* Mon Oct 30 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.187.0 +- + +* Sun Oct 29 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.186.0 +- + +* Sat Oct 28 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.185.0 +- bug 1506073. Lower cpu request for logging when it exceeds limit + (jcantril@redhat.com) +- Update the name of the service-catalog binary (staebler@redhat.com) +- disk_availability check: include submount storage (lmeyer@redhat.com) + +* Fri Oct 27 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.184.0 +- cri-o: Set max log size to 50 mb (mrunalp@gmail.com) +- cri-o: open port 10010 (gscrivan@redhat.com) +- bug 1435144. Remove uneeded upgrade in openshift_logging role + (jcantril@redhat.com) +- Remove inadvertently committed inventory file (rteague@redhat.com) +- crio: restorcon /var/lib/containers (smilner@redhat.com) +- Correct openshift_release regular expression (rteague@redhat.com) +- crio: Add failed_when to overlay check (smilner@redhat.com) +- docker: set credentials when using system container (gscrivan@redhat.com) +- Change dnsmasq to bind-interfaces + except-interfaces (mgugino@redhat.com) +- Fix CA Bundle passed to service-catalog broker for ansible-service-broker + (staebler@redhat.com) +- Renaming csr to bootstrap for consistency. (kwoodson@redhat.com) +- Add master config upgrade hook to upgrade-all plays (mgugino@redhat.com) +- Remove 'Not Started' status from playbook checkpoint (rteague@redhat.com) +- Force include_role to static for loading openshift_facts module + (rteague@redhat.com) +- Make openshift-ansible depend on all subpackages (sdodson@redhat.com) +- Refactor health check playbooks (rteague@redhat.com) + +* Fri Oct 27 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.183.0 +- + +* Thu Oct 26 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.182.0 +- Fixing documentation for the cert_key_path variable name. + (kwoodson@redhat.com) +- Moving removal of unwanted artifacts to image_prep. (kwoodson@redhat.com) +- Ensure journald persistence directories exist (mgugino@redhat.com) +- Fix lint (tbielawa@redhat.com) +- Move add_many_container_providers.yml to playbooks/byo/openshift-management + with a noop task include to load filter plugins. (abutcher@redhat.com) +- Refactor adding multiple container providers (tbielawa@redhat.com) +- Management Cleanup and Provider Integration (tbielawa@redhat.com) + +* Thu Oct 26 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.181.0 +- Fix loop_var warnings during logging install (mgugino@redhat.com) +- Fix typo and add detailed comments in kuryr (sngchlko@gmail.com) + +* Thu Oct 26 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.179.0 +- Remove pause from master service startup (rteague@redhat.com) +- Change default in prometheus storage type to emptydir (zgalor@redhat.com) +- Bug 1491636 - honor node selectors (jwozniak@redhat.com) +- Sync latest imagestreams and templates (sdodson@redhat.com) +- Remove base package install (mgugino@redhat.com) +- etcd: remove hacks for the system container (gscrivan@redhat.com) +- Ensure deployment_subtype is set within openshift_sanitize_inventory. + (abutcher@redhat.com) +- Add installer checkpoint for prometheus (zgalor@redhat.com) +- Remove unused registry_volume_claim variable (hansmi@vshn.ch) + +* Wed Oct 25 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.178.0 +- Split prometheus image defaults to prefix and version (zgalor@redhat.com) +- Remove extraneous spaces that yamllint dislikes (staebler@redhat.com) +- Fix edit and admin role patching for service catalog (staebler@redhat.com) +- strip dash when comparing version with Python3 (jchaloup@redhat.com) +- Bug 1452939 - change Logging & Metrics imagePullPolicy (jwozniak@redhat.com) +- Remove role bindings during service catalog un-install (staebler@redhat.com) +- Fix a few small issues in service catalog uninstall (staebler@redhat.com) +- Remove incorrect validation for OpenIDIdentityProvider (mgugino@redhat.com) +- Enable oreg_auth credential replace during upgrades (mgugino@redhat.com) +- Handle bootstrap behavior in GCP template (ccoleman@redhat.com) +- Ensure upgrades apply latest journald settings (mgugino@redhat.com) + +* Tue Oct 24 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.177.0 +- Check if the master service is non-ha or not (jchaloup@redhat.com) +- Correct host group for controller restart (rteague@redhat.com) +- Set the proper external etcd ip address when migrating embeded etcd + (jchaloup@redhat.com) +- Switch to stateful set in prometheus (zgalor@redhat.com) +- cli: use the correct name for the master system container + (gscrivan@redhat.com) +- cli: do not pull again the image when using Docker (gscrivan@redhat.com) +- verstion_gte seems unreliable on containerized installs (sdodson@redhat.com) +- Retry reconcile in case of error and give up eventually (simo@redhat.com) +- Updating ocp es proxy image to use openshift_logging_proxy_image_prefix if + specified (ewolinet@redhat.com) +- Generate all internal hostnames of no_proxy (ghuang@redhat.com) +- Add nfs variables documentation to README file (zgalor@redhat.com) +- Avoid undefined variable in master sysconfig template (hansmi@vshn.ch) +- Ensure proper variable templating for skopeo auth credentials + (mgugino@redhat.com) + +* Mon Oct 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.176.0 +- Update defaults (fabian@fabianism.us) +- Use service-ca.crt instead of master ca.crt (fabian@fabianism.us) +- use master cert (fabian@fabianism.us) +- Bug 1496426 - add asb-client secret to openshift-ansible-service-broker + namespace (fabian@fabianism.us) +- docker: Move enterprise registry from pkg to main (smilner@redhat.com) +- systemcontainers: Verify atomic.conf proxy is always configured + (smilner@redhat.com) +- Add variable to control whether NetworkManager hook is installed + (hansmi@vshn.ch) + +* Mon Oct 23 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.175.0 +- + +* Sun Oct 22 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.174.0 +- + +* Sun Oct 22 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.173.0 +- + +* Sun Oct 22 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.172.0 +- + +* Sat Oct 21 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.171.0 +- Use "requests" for CPU resources instead of limits + (peter.portante@redhat.com) +- [bz1501271] Attempt to use ami ssh user and default to ansible_ssh_user. + (kwoodson@redhat.com) +- Fix undefined variable for master upgrades (mgugino@redhat.com) +- Adding pre check to verify clusterid is set along with cloudprovider when + performing upgrade. (kwoodson@redhat.com) + +* Fri Oct 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.170.0 +- Check for container runtime prior to restarting when updating system CA + trust. (abutcher@redhat.com) +- bug 1489498. preserve replica and shard settings (jcantril@redhat.com) +- Set servingInfo.clientCA to ca.crt during upgrade. (abutcher@redhat.com) + +* Fri Oct 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.169.0 +- Initial Kuryr support (mdulko@redhat.com) +- Indentation errors (dymurray@redhat.com) +- Bug 1503233 - Add liveness and readiness probe checks to ASB deploymentconfig + (dymurray@redhat.com) + +* Fri Oct 20 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.168.0 +- + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.167.0 +- + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.166.0 +- + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.165.0 +- + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.164.0 +- Change to service-signer.crt for template_service_broker CA_BUNDLE + (staebler@redhat.com) +- Use service-signer.crt for ca_bundle passed to clusterservicebroker + (staebler@redhat.com) +- Rename ServiceBroker to ClusterServiceBroker for ansible_service_broker task. + (staebler@redhat.com) +- Add apiserver.crt to service-catalog controller-manager deployment. + (staebler@redhat.com) +- Remove redundant faulty role binding ifrom + kubeservicecatalog_roles_bindings.yml (staebler@redhat.com) +- Update service catalog playbook for service-catalog rc1 (staebler@redhat.com) + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.163.0 +- set use_manageiq as default (efreiber@redhat.com) + +* Thu Oct 19 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.162.0 +- Wait longer for stable GCP instances (ccoleman@redhat.com) +- Remove unneeded master config updates during upgrades (mgugino@redhat.com) + +* Wed Oct 18 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.161.0 +- + +* Wed Oct 18 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.160.0 +- Fix pvc selector default to be empty dict instead of string + (zgalor@redhat.com) +- Fix typo in setting prom-proxy memory limit (zgalor@redhat.com) +- Do not remove files for bootstrap if resolv or dns. (kwoodson@redhat.com) +- Fix missing docker option signature-verification (mgugino@redhat.com) +- Fix prometheus role nfs (zgalor@redhat.com) + +* Wed Oct 18 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.159.0 +- Updating openshift-ansible.spec file to include files dir + (sdodson@redhat.com) +- Bug 1501768: fix eventrouter nodeSelector padding (jwozniak@redhat.com) +- Reverting proxy image version to v1.0.0 to pass CI (ewolinet@redhat.com) +- Making travis happy (ewolinet@redhat.com) +- cri-o: error out when node is a Docker container (gscrivan@redhat.com) +- Rewire openshift_template_service_broker_namespaces configurable + (jminter@redhat.com) +- Ensure controllerConfig.serviceServingCert is correctly set during upgrade. + (abutcher@redhat.com) +- Updating pattern for elasticsearch_proxy images (ewolinet@redhat.com) +- Updating ES proxy image prefix and version to match other components + (ewolinet@redhat.com) +- Add ability to set node and master imageConfig to latest (mgugino@redhat.com) +- Restart all controllers to force reconfiguration during upgrade + (sdodson@redhat.com) + +* Tue Oct 17 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.158.0 +- Refactor openshift-management entry point (rteague@redhat.com) +- Add switch to enable/disable container engine's audit log being stored in ES. + (jkarasek@redhat.com) + +* Mon Oct 16 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.157.0 +- data migration of embedded etcd not allowed (jchaloup@redhat.com) +- GlusterFS: remove topology reference from deploy-heketi (jarrpa@redhat.com) + +* Mon Oct 16 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.156.0 +- set initial etcd cluster properly during system container scale up + (jchaloup@redhat.com) + +* Sun Oct 15 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.155.0 +- + +* Sat Oct 14 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.154.0 +- + +* Fri Oct 13 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.153.0 +- default groups.oo_new_etcd_to_config to an empty list (jchaloup@redhat.com) + +* Fri Oct 13 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.152.0 +- + +* Fri Oct 13 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.151.0 +- updated dynamic provision section for openshift metrics to support storage + class name (elvirkuric@gmail.com) + +* Fri Oct 13 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.150.0 +- Ensure upgrade playbook exits on health check failures (rteague@redhat.com) +- Ensure docker is installed for containerized load balancers + (mgugino@redhat.com) +- Fix containerized node service unit placement order (mgugino@redhat.com) +- Provisioning Documentation Updates (mgugino@redhat.com) + +* Thu Oct 12 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.149.0 +- Fix broken debug_level (mgugino@redhat.com) +- Ensure host was reached for proper conditional validation + (rteague@redhat.com) +- Ensure docker service status actually changes (mgugino@redhat.com) +- Display warnings at the end of the control plane upgrade (sdodson@redhat.com) +- Force reconciliation of role for 3.6 (simo@redhat.com) +- Remove etcd health check (sdodson@redhat.com) +- migrate embedded etcd to external etcd (jchaloup@redhat.com) + +* Wed Oct 11 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.148.0 +- Bug 1490647 - logging-fluentd deployed with openshift_logging_use_mux=false + fails to start due to missing (nhosoi@redhat.com) +- Fix typo in inventory example (rteague@redhat.com) +- Separate tuned daemon setup into a role. (jmencak@redhat.com) +- crio, docker: expect openshift_release to have 'v' (gscrivan@redhat.com) +- rebase on master (maxamillion@fedoraproject.org) +- Add fedora compatibility (maxamillion@fedoraproject.org) +- Allow checkpoint status to work across all groups (rteague@redhat.com) +- Add valid search when search does not exist on resolv.conf + (nakayamakenjiro@gmail.com) + +* Tue Oct 10 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.147.0 +- Add PartOf to docker systemd service unit. (mgugino@redhat.com) +- crio: use systemd manager (gscrivan@redhat.com) +- Ensure servingInfo.clientCA is set as ca.crt rather than ca-bundle.crt. + (abutcher@redhat.com) +- crio, docker: use openshift_release when openshift_image_tag is not used + (gscrivan@redhat.com) +- crio: fix typo (gscrivan@redhat.com) +- Update registry_config.j2 (jialiu@redhat.com) +- Update registry_config.j2 (jialiu@redhat.com) + +* Mon Oct 09 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.146.0 +- docker_image_availability: credentials to skopeo (mgugino@redhat.com) +- Rename openshift_cfme role to openshift_management (tbielawa@redhat.com) + +* Mon Oct 09 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.145.0 +- add missing restart node handler to flannel (jchaloup@redhat.com) +- Switch to configmap leader election on 3.7 upgrade (mkhan@redhat.com) +- crio.conf.j2: sync from upstream (gscrivan@redhat.com) +- cri-o: use overlay instead of overlay2 (gscrivan@redhat.com) +- Ensure docker is restarted when iptables is restarted (mgugino@redhat.com) +- Stop including origin and ose hosts example file (sdodson@redhat.com) +- node: make node service PartOf=openvswitch.service when openshift-sdn is used + (dcbw@redhat.com) + +* Fri Oct 06 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.144.0 +- fix typo for default in etcd (mgugino@redhat.com) +- Bumping version of service catalog image for 3.7 (ewolinet@redhat.com) +- remove duplicate [OSEv3:children] group (jfchevrette@gmail.com) +- Fix lint error (tbielawa@redhat.com) +- Update hosts.ose.example (ephillipe@gmail.com) +- Remove the no-longer-used App/DB pv size override variables from inventories + (tbielawa@redhat.com) +- openshift_checks: lb and nfs do not need docker (lmeyer@redhat.com) +- openshift_checks: use oo group names everywhere (lmeyer@redhat.com) +- Add notes about SA token. Improve NFS validation. (tbielawa@redhat.com) +- Hooks for installing CFME during full openshift installation + (tbielawa@redhat.com) +- Documentation (tbielawa@redhat.com) +- Import upstream templates. Do the work. Validate parameters. + (tbielawa@redhat.com) +- CFME 4.6 work begins. CFME 4.5 references added to the release-3.6 branch + (tbielawa@redhat.com) +- Update hosts.origin.example (ephillipe@gmail.com) +- Add logging es prometheus endpoint (jcantril@redhat.com) +- bug 1497401. Default logging and metrics images to 3.7 (jcantril@redhat.com) +- Ensure docker service started prior to credentials (mgugino@redhat.com) +- Adding support for an inventory directory/hybrid inventory + (esauer@redhat.com) +- Remove unused tasks file in openshift_named_certificates (rteague@redhat.com) +- Move node cert playbook into node config path (rteague@redhat.com) +- Move master cert playbooks into master config path (rteague@redhat.com) +- Move etcd cert playbooks into etcd config path (rteague@redhat.com) +- Fix hosted selector variable migration (mgugino@redhat.com) +- Bug 1496271 - Perserve SCC for ES local persistent storage + (jcantril@redhat.com) +- Limit hosts that run openshift_version role (mgugino@redhat.com) +- Update ansible-service-broker config to track latest broker + (fabian@fabianism.us) +- fix master-facts for provisioning (mgugino@redhat.com) +- Make provisioning steps more reusable (mgugino@redhat.com) +- logging: honor openshift_logging_es_cpu_limit (jwozniak@redhat.com) +- Addressing tox issues (ewolinet@redhat.com) +- bug 1482661. Preserve ES dc nodeSelector and supplementalGroups + (jcantril@redhat.com) +- Checking if any openshift_*_storage_kind variables are set to dynamic without + enabling dynamic provisioning (ewolinet@redhat.com) +- Removing setting pvc size and dynamic to remove looped var setting + (ewolinet@redhat.com) + * Wed Oct 04 2017 Jenkins CD Merge Bot <smunilla@redhat.com> 3.7.0-0.143.0 - Limit base-package install during master upgrades (mgugino@redhat.com) - Fix provisiong scale group and elb logic (mgugino@redhat.com) diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 07f10d48c..5ed55a817 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -151,6 +151,14 @@ - lbr0 - vlinuxbr - vovsbr + + - name: Remove virtual devices + command: nmcli delete device "{{ item }}" + failed_when: False + with_items: + - tun0 + - docker0 + when: openshift_remove_all | default(true) | bool - shell: atomic uninstall "{{ item }}"-master-api @@ -264,12 +272,30 @@ - "{{ directories.results | default([]) }}" - files + - shell: systemctl daemon-reload + changed_when: False + + - name: restart container-engine + service: name=container-engine state=stopped enabled=no + failed_when: false + register: container_engine + + - name: restart docker + service: name=docker state=stopped enabled=no + failed_when: false + when: not (container_engine | changed) + register: l_docker_restart_docker_in_pb_result + until: not l_docker_restart_docker_in_pb_result | failed + retries: 3 + delay: 30 + - name: Remove remaining files file: path={{ item }} state=absent with_items: - /etc/ansible/facts.d/openshift.fact - /etc/openshift - /etc/openshift-sdn + - /etc/pki/ca-trust/source/anchors/openshift-ca.crt - /etc/sysconfig/atomic-openshift-node - /etc/sysconfig/atomic-openshift-node-dep - /etc/sysconfig/openshift-node-dep @@ -284,23 +310,38 @@ - /etc/systemd/system/origin-node-dep.service - /etc/systemd/system/origin-node.service - /etc/systemd/system/origin-node.service.wants + - /var/lib/docker + + - name: Rebuild ca-trust + command: update-ca-trust + + - name: Reset Docker proxy configuration + lineinfile: + state=absent + dest=/etc/sysconfig/docker + regexp='(NO_PROXY|HTTP_PROXY|HTTPS_PROXY)=.*' + + - name: Reset Docker registry configuration + lineinfile: + state=absent + dest=/etc/sysconfig/docker + regexp='(ADD_REGISTRY|BLOCK_REGISTRY|INSECURE_REGISTRY)=.*' + + - name: Detect Docker storage configuration + shell: vgs -o name | grep docker + register: docker_vg_name + failed_when: false + changed_when: false - - shell: systemctl daemon-reload - changed_when: False + - name: Wipe out Docker storage contents + command: vgremove -f {{ item }} + with_items: "{{ docker_vg_name.stdout_lines }}" + when: docker_vg_name.rc == 0 - - name: restart container-engine - service: name=container-engine state=restarted - failed_when: false - register: container_engine + - name: Wipe out Docker storage configuration + file: path=/etc/sysconfig/docker-storage state=absent + when: docker_vg_name.rc == 0 - - name: restart docker - service: name=docker state=restarted - failed_when: false - when: not (container_engine | changed) - register: l_docker_restart_docker_in_pb_result - until: not l_docker_restart_docker_in_pb_result | failed - retries: 3 - delay: 30 - hosts: masters become: yes @@ -525,3 +566,7 @@ with_items: - /etc/ansible/facts.d/openshift.fact - /var/lib/haproxy/stats + # Here we remove only limits.conf rather than directory, as users may put their files. + # - /etc/systemd/system/haproxy.service.d + - /etc/systemd/system/haproxy.service.d/limits.conf + - /etc/systemd/system/haproxy.service diff --git a/playbooks/aws/BUILD_AMI.md b/playbooks/aws/BUILD_AMI.md new file mode 100644 index 000000000..468264a9a --- /dev/null +++ b/playbooks/aws/BUILD_AMI.md @@ -0,0 +1,21 @@ +# Build AMI + +When seeking to deploy a working openshift cluster using these plays, a few +items must be in place. + +These are: + +1. Create an instance, using a specified ssh key. +2. Run openshift-ansible setup roles to ensure packages and services are correctly configured. +3. Create the AMI. +4. If encryption is desired + - A KMS key is created with the name of $clusterid + - An encrypted AMI will be produced with $clusterid KMS key +5. Terminate the instance used to configure the AMI. + +More AMI specific options can be found in ['openshift_aws/defaults/main.yml'](../../roles/openshift_aws/defaults/main.yml). When creating an encrypted AMI please specify use_encryption: +``` +# openshift_aws_ami_encrypt: True # defaults to false +``` + +**Note**: This will ensure to take the recently created AMI and encrypt it to be used later. If encryption is not desired then set the value to false (defaults to false). The AMI id will be fetched and used according to its most recent creation date. diff --git a/playbooks/aws/PREREQUISITES.md b/playbooks/aws/PREREQUISITES.md new file mode 100644 index 000000000..4f428dcc3 --- /dev/null +++ b/playbooks/aws/PREREQUISITES.md @@ -0,0 +1,40 @@ +# Prerequisites + +When seeking to deploy a working openshift cluster using these plays, a few +items must be in place. + +These are: + +1) vpc +2) security group to build the AMI in. +3) ssh keys to log into instances + +These items can be provisioned ahead of time, or you can utilize the plays here +to create these items. + +If you wish to provision these items yourself, or you already have these items +provisioned and wish to utilize existing components, please refer to +provisioning_vars.yml.example. + +If you wish to have these items created for you, continue with this document. + +# Running prerequisites.yml + +Warning: Running these plays will provision items in your AWS account (if not +present), and you may incur billing charges. These plays are not suitable +for the free-tier. + +## Step 1: +Ensure you have specified all the necessary provisioning variables. See +provisioning_vars.example.yml and README.md for more information. + +## Step 2: +``` +$ ansible-playbook -i inventory.yml prerequisites.yml -e @provisioning_vars.yml +``` + +This will create a VPC, security group, and ssh_key. These plays are idempotent, +and multiple runs should result in no additional provisioning of these components. + +You can also verify that you will successfully utilize existing components with +these plays. diff --git a/playbooks/aws/README.md b/playbooks/aws/README.md index 2b3d4329e..417fb539a 100644 --- a/playbooks/aws/README.md +++ b/playbooks/aws/README.md @@ -8,6 +8,13 @@ With recent desire for provisioning from customers and developers alike, the AWS deploy highly scalable Openshift clusters utilizing AWS auto scale groups and custom AMIs. +To speed in the provisioning of medium and large clusters, openshift-node +instances are created using a pre-built AMI. A list of pre-built AMIs will +be available soon. + +If the deployer wishes to build their own AMI for provisioning, instructions +to do so are provided here. + ### Where do I start? Before any provisioning may occur, AWS account credentials must be present in the environment. This can be done in two ways: @@ -31,8 +38,13 @@ Before any provisioning may occur, AWS account credentials must be present in th ### Let's Provision! -The newly added playbooks are the following: -- build_ami.yml - Builds a custom AMI. This currently requires the user to supply a valid AMI with access to repositories that contain openshift repositories. +Warning: Running these plays will provision items in your AWS account (if not +present), and you may incur billing charges. These plays are not suitable +for the free-tier. + +#### High-level overview +- prerequisites.yml - Provision VPC, Security Groups, SSH keys, if needed. See PREREQUISITES.md for more information. +- build_ami.yml - Builds a custom AMI. See BUILD_AMI.md for more information. - provision.yml - Create a vpc, elbs, security groups, launch config, asg's, etc. - install.yml - Calls the openshift-ansible installer on the newly created instances - provision_nodes.yml - Creates the infra and compute node scale groups @@ -41,87 +53,39 @@ The newly added playbooks are the following: The current expected work flow should be to provide an AMI with access to Openshift repositories. There should be a repository specified in the `openshift_additional_repos` parameter of the inventory file. The next expectation is a minimal set of values in the `provisioning_vars.yml` file to configure the desired settings for cluster instances. These settings are AWS specific and should be tailored to the consumer's AWS custom account settings. +Values specified in provisioning_vars.yml may instead be specified in your inventory group_vars +under the appropriate groups. Most variables can exist in the 'all' group. + ```yaml --- -# when creating an AMI set this to True -# when installing a cluster set this to False -openshift_node_bootstrap: True - -# specify a clusterid -# openshift_aws_clusterid: default - -# specify a region -# openshift_aws_region: us-east-1 - -# must specify a base_ami when building an AMI -# openshift_aws_base_ami: # base image for AMI to build from -# specify when using a custom AMI -# openshift_aws_ami: - -# when creating an encrypted AMI please specify use_encryption -# openshift_aws_ami_encrypt: False - -# custom certificates are required for the ELB -# openshift_aws_iam_cert_path: '/path/to/cert/wildcard.<clusterid>.<domain>.com.crt' -# openshift_aws_iam_cert_key_path: '/path/to/key/wildcard.<clusterid>.<domain>.com.key' -# openshift_aws_iam_cert_chain_path: '/path/to/ca_cert_file/ca.crt' - -# This is required for any ec2 instances -# openshift_aws_ssh_key_name: myuser_key - -# This will ensure these users are created -#openshift_aws_users: -#- key_name: myuser_key -# username: myuser -# pub_key: | -# ssh-rsa AAAA +# Minimum mandatory provisioning variables. See provisioning_vars.yml.example. +# for more information. +openshift_deployment_type: # 'origin' or 'openshift-enterprise' +openshift_release: # example: v3.7 +openshift_pkg_version: # example: -3.7.0 +openshift_aws_ssh_key_name: # example: myuser_key +openshift_aws_base_ami: # example: ami-12345678 +# These are required when doing SSL on the ELBs +openshift_aws_iam_cert_path: # example: '/path/to/wildcard.<clusterid>.example.com.crt' +openshift_aws_iam_cert_key_path: # example: '/path/to/wildcard.<clusterid>.example.com.key' ``` If customization is required for the instances, scale groups, or any other configurable option please see the ['openshift_aws/defaults/main.yml'](../../roles/openshift_aws/defaults/main.yml) for variables and overrides. These overrides can be placed in the `provisioning_vars.yml`, `inventory`, or `group_vars`. -In order to create the bootstrap-able AMI we need to create an openshift-ansible inventory file. This file enables us to create the AMI using the openshift-ansible node roles. The exception here is that there will be no hosts specified by the inventory file. Here is an example: - -```ini -[OSEv3:children] -masters -nodes -etcd - -[OSEv3:children] -masters -nodes -etcd - -[OSEv3:vars] -################################################################################ -# Ensure these variables are set for bootstrap -################################################################################ -# openshift_deployment_type is required for installation -openshift_deployment_type=origin - -# required when building an AMI. This will -# be dependent on the version provided by the yum repository -openshift_pkg_version=-3.6.0 - -openshift_master_bootstrap_enabled=True +In order to create the bootstrap-able AMI we need to create a basic openshift-ansible inventory. This enables us to create the AMI using the openshift-ansible node roles. This inventory should not include any hosts, but certain variables should be defined in the appropriate groups, just as deploying a cluster +using the normal openshift-ansible method. See provisioning-inventory.example.ini for an example. -openshift_hosted_router_wait=False -openshift_hosted_registry_wait=False - -# Repository for installation -openshift_additional_repos=[{'name': 'openshift-repo', 'id': 'openshift-repo', 'baseurl': 'https://mirror.openshift.com/enterprise/enterprise-3.6/latest/x86_64/os/', 'enabled': 'yes', 'gpgcheck': 0, 'sslverify': 'no', 'sslclientcert': '/var/lib/yum/client-cert.pem', 'sslclientkey': '/var/lib/yum/client-key.pem', 'gpgkey': 'https://mirror.ops.rhcloud.com/libra/keys/RPM-GPG-KEY-redhat-release https://mirror.ops.rhcloud.com/libra/keys/RPM-GPG-KEY-redhat-beta https://mirror.ops.rhcloud.com/libra/keys/RPM-GPG-KEY-redhat-openshifthosted'}] - -################################################################################ -# cluster specific settings maybe be placed here +There are more examples of cluster inventory settings [`here`](../../inventory/byo/). -[masters] +#### Step 0 (optional) -[etcd] +You may provision a VPC, Security Group, and SSH keypair to build the AMI. -[nodes] +``` +$ ansible-playbook -i inventory.yml prerequisites.yml -e @provisioning_vars.yml ``` -There are more examples of cluster inventory settings [`here`](../../inventory/byo/). +See PREREQUISITES.md for more information. #### Step 1 @@ -131,24 +95,6 @@ Once the `inventory` and the `provisioning_vars.yml` file has been updated with $ ansible-playbook -i inventory.yml build_ami.yml -e @provisioning_vars.yml ``` -1. This script will build a VPC. Default name will be clusterid if not specified. -2. Create an ssh key required for the instance. -3. Create a security group. -4. Create an instance using the key from step 2 or a specified key. -5. Run openshift-ansible setup roles to ensure packages and services are correctly configured. -6. Create the AMI. -7. If encryption is desired - - A KMS key is created with the name of $clusterid - - An encrypted AMI will be produced with $clusterid KMS key -8. Terminate the instance used to configure the AMI. - -More AMI specific options can be found in ['openshift_aws/defaults/main.yml'](../../roles/openshift_aws/defaults/main.yml). When creating an encrypted AMI please specify use_encryption: -``` -# openshift_aws_ami_encrypt: True # defaults to false -``` - -**Note**: This will ensure to take the recently created AMI and encrypt it to be used later. If encryption is not desired then set the value to false (defaults to false). The AMI id will be fetched and used according to its most recent creation date. - #### Step 2 Now that we have created an AMI for our Openshift installation, there are two ways to use the AMI. @@ -172,16 +118,14 @@ $ ansible-playbook provision.yml -e @provisioning_vars.yml ``` This playbook runs through the following steps: -1. Ensures a VPC is created. -2. Ensures a SSH key exists. -3. Creates an s3 bucket for the registry named $clusterid-docker-registry -4. Create master security groups. -5. Create a master launch config. -6. Create the master auto scaling groups. -7. If certificates are desired for ELB, they will be uploaded. -8. Create internal and external master ELBs. -9. Add newly created masters to the correct groups. -10. Set a couple of important facts for the masters. +1. Creates an s3 bucket for the registry named $clusterid-docker-registry +2. Create master security groups. +3. Create a master launch config. +4. Create the master auto scaling groups. +5. If certificates are desired for ELB, they will be uploaded. +6. Create internal and external master ELBs. +7. Add newly created masters to the correct groups. +8. Set a couple of important facts for the masters. At this point we have successfully created the infrastructure including the master nodes. @@ -200,13 +144,13 @@ Once this playbook completes, the cluster masters should be installed and config #### Step 5 -Now that we have a cluster deployed it will be more interesting to create some node types. This can be done easily with the following playbook: +Now that we have the cluster masters deployed, we need to deploy our infrastructure and compute nodes: ``` $ ansible-playbook provision_nodes.yml -e @provisioning_vars.yml ``` -Once this playbook completes, it should create the compute and infra node scale groups. These nodes will attempt to register themselves to the cluster. These requests must be approved by an administrator. +Once this playbook completes, it should create the compute and infra node scale groups. These nodes will attempt to register themselves to the cluster. These requests must be approved by an administrator in Step 6. #### Step 6 diff --git a/playbooks/aws/openshift-cluster/accept.yml b/playbooks/aws/openshift-cluster/accept.yml index ffc367f9f..c2c8bea50 100755 --- a/playbooks/aws/openshift-cluster/accept.yml +++ b/playbooks/aws/openshift-cluster/accept.yml @@ -42,12 +42,12 @@ until: "'instances' in instancesout and instancesout.instances|length > 0" - debug: - msg: "{{ instancesout.instances|map(attribute='private_dns_name') | list | regex_replace('.ec2.internal') }}" + msg: "{{ instancesout.instances|map(attribute='private_dns_name') | list }}" - name: approve nodes oc_adm_csr: #approve_all: True - nodes: "{{ instancesout.instances|map(attribute='private_dns_name') | list | regex_replace('.ec2.internal') }}" - timeout: 0 + nodes: "{{ instancesout.instances|map(attribute='private_dns_name') | list }}" + timeout: 60 register: nodeout delegate_to: "{{ mastersout.instances[0].public_ip_address }}" diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml index 1e54f0467..fae30eb0a 100644 --- a/playbooks/aws/openshift-cluster/build_ami.yml +++ b/playbooks/aws/openshift-cluster/build_ami.yml @@ -17,71 +17,24 @@ - name: openshift_aws_region msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" - - name: create an instance and prepare for ami - include_role: - name: openshift_aws - tasks_from: build_ami.yml - vars: - openshift_aws_node_group_type: compute - - - name: fetch newly created instances - ec2_remote_facts: - region: "{{ openshift_aws_region | default('us-east-1') }}" - filters: - "tag:Name": "{{ openshift_aws_base_ami_name | default('ami_base') }}" - instance-state-name: running - register: instancesout - retries: 20 - delay: 3 - until: instancesout.instances|length > 0 - - - name: wait for ssh to become available - wait_for: - port: 22 - host: "{{ instancesout.instances[0].public_ip_address }}" - timeout: 300 - search_regex: OpenSSH - - - name: add host to nodes - add_host: - groups: nodes - name: "{{ instancesout.instances[0].public_dns_name }}" +- include: provision_instance.yml + vars: + openshift_aws_node_group_type: compute - hosts: nodes gather_facts: False tasks: - name: set the user to perform installation set_fact: - ansible_ssh_user: "{{ openshift_aws_build_ami_ssh_user | default('root') }}" - -- name: normalize groups - include: ../../byo/openshift-cluster/initialize_groups.yml - -- name: run the std_include - include: ../../common/openshift-cluster/evaluate_groups.yml - -- name: run the std_include - include: ../../common/openshift-cluster/initialize_facts.yml - -- name: run the std_include - include: ../../common/openshift-cluster/initialize_openshift_repos.yml - -- name: run node config setup - include: ../../common/openshift-node/setup.yml - -- name: run node config - include: ../../common/openshift-node/configure_nodes.yml - -- name: Re-enable excluders - include: ../../common/openshift-node/enable_excluders.yml - -- hosts: localhost - connection: local - become: no - tasks: - - name: seal the ami - include_role: - name: openshift_aws - tasks_from: seal_ami.yml - vars: - openshift_aws_ami_name: "openshift-gi-{{ lookup('pipe', 'date +%Y%m%d%H%M')}}" + ansible_ssh_user: "{{ openshift_aws_build_ami_ssh_user | default(ansible_ssh_user) }}" + openshift_node_bootstrap: True + openshift_node_image_prep_packages: + - cloud-utils-growpart + +# This is the part that installs all of the software and configs for the instance +# to become a node. +- include: ../../common/openshift-node/image_prep.yml + +- include: seal_ami.yml + vars: + openshift_aws_ami_name: "openshift-gi-{{ lookup('pipe', 'date +%Y%m%d%H%M')}}" diff --git a/playbooks/aws/openshift-cluster/hosted.yml b/playbooks/aws/openshift-cluster/hosted.yml new file mode 100644 index 000000000..db6e3b8e1 --- /dev/null +++ b/playbooks/aws/openshift-cluster/hosted.yml @@ -0,0 +1,22 @@ +--- +- include: ../../common/openshift-cluster/openshift_hosted.yml + +- include: ../../common/openshift-cluster/openshift_metrics.yml + when: openshift_metrics_install_metrics | default(false) | bool + +- include: ../../common/openshift-cluster/openshift_logging.yml + when: openshift_logging_install_logging | default(false) | bool + +- include: ../../common/openshift-cluster/service_catalog.yml + when: openshift_enable_service_catalog | default(false) | bool + +- include: ../../common/openshift-management/config.yml + when: openshift_management_install_management | default(false) | bool + +- name: Print deprecated variable warning message if necessary + hosts: oo_first_master + gather_facts: no + tasks: + - debug: msg="{{__deprecation_message}}" + when: + - __deprecation_message | default ('') | length > 0 diff --git a/playbooks/aws/openshift-cluster/install.yml b/playbooks/aws/openshift-cluster/install.yml index 86d58a68e..874d2d38a 100644 --- a/playbooks/aws/openshift-cluster/install.yml +++ b/playbooks/aws/openshift-cluster/install.yml @@ -1,74 +1,46 @@ --- -- name: Setup the vpc and the master node group +- name: Setup the master node group hosts: localhost tasks: - - name: Alert user to variables needed - clusterid - debug: - msg: "openshift_aws_clusterid={{ openshift_aws_clusterid | default('default') }}" - - - name: Alert user to variables needed - region - debug: - msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" - - - name: fetch newly created instances - ec2_remote_facts: - region: "{{ openshift_aws_region | default('us-east-1') }}" - filters: - "tag:clusterid": "{{ openshift_aws_clusterid | default('default') }}" - "tag:host-type": master - instance-state-name: running - register: instancesout - retries: 20 - delay: 3 - until: instancesout.instances|length > 0 - - - name: add new master to masters group - add_host: - groups: "masters,etcd,nodes" - name: "{{ item.public_ip_address }}" - hostname: "{{ openshift_aws_clusterid | default('default') }}-master-{{ item.id[:-5] }}" - with_items: "{{ instancesout.instances }}" - - - name: wait for ssh to become available - wait_for: - port: 22 - host: "{{ item.public_ip_address }}" - timeout: 300 - search_regex: OpenSSH - with_items: "{{ instancesout.instances }}" + - include_role: + name: openshift_aws + tasks_from: setup_master_group.yml - name: set the master facts for hostname to elb hosts: masters gather_facts: no remote_user: root tasks: - - name: fetch elbs - ec2_elb_facts: - region: "{{ openshift_aws_region | default('us-east-1') }}" - names: - - "{{ item }}" - with_items: - - "{{ openshift_aws_clusterid | default('default') }}-master-external" - - "{{ openshift_aws_clusterid | default('default') }}-master-internal" - delegate_to: localhost - register: elbs + - include_role: + name: openshift_aws + tasks_from: master_facts.yml + +- name: run the init + include: ../../init/main.yml + +- name: perform the installer openshift-checks + include: ../../openshift-checks/private/install.yml + +- name: etcd install + include: ../../common/openshift-etcd/config.yml + +- name: include nfs + include: ../../common/openshift-nfs/config.yml + when: groups.oo_nfs_to_config | default([]) | count > 0 - - debug: var=elbs +- name: include loadbalancer + include: ../../common/openshift-loadbalancer/config.yml + when: groups.oo_lb_to_config | default([]) | count > 0 - - name: set fact - set_fact: - openshift_master_cluster_hostname: "{{ elbs.results[1].elbs[0].dns_name }}" - osm_custom_cors_origins: - - "{{ elbs.results[1].elbs[0].dns_name }}" - - "console.{{ openshift_aws_clusterid | default('default') }}.openshift.com" - - "api.{{ openshift_aws_clusterid | default('default') }}.openshift.com" - with_items: "{{ groups['masters'] }}" +- name: include openshift-master config + include: ../../common/openshift-master/config.yml -- name: normalize groups - include: ../../byo/openshift-cluster/initialize_groups.yml +- name: include master additional config + include: ../../common/openshift-master/additional_config.yml -- name: run the std_include - include: ../../common/openshift-cluster/std_include.yml +- name: include master additional config + include: ../../common/openshift-node/config.yml -- name: run the config - include: ../../common/openshift-cluster/config.yml +- name: include openshift-glusterfs + include: ../../common/openshift-glusterfs/config.yml + when: groups.oo_glusterfs_to_config | default([]) | count > 0 diff --git a/playbooks/aws/openshift-cluster/prerequisites.yml b/playbooks/aws/openshift-cluster/prerequisites.yml new file mode 100644 index 000000000..f5eb01b14 --- /dev/null +++ b/playbooks/aws/openshift-cluster/prerequisites.yml @@ -0,0 +1,6 @@ +--- +- include: provision_vpc.yml + +- include: provision_ssh_keypair.yml + +- include: provision_sec_group.yml diff --git a/playbooks/aws/openshift-cluster/provision.yml b/playbooks/aws/openshift-cluster/provision.yml index 8f018abd0..4b5bd22ea 100644 --- a/playbooks/aws/openshift-cluster/provision.yml +++ b/playbooks/aws/openshift-cluster/provision.yml @@ -1,5 +1,5 @@ --- -- name: Setup the vpc and the master node group +- name: Setup the elb and the master node group hosts: localhost tasks: diff --git a/playbooks/aws/openshift-cluster/provision_install.yml b/playbooks/aws/openshift-cluster/provision_install.yml index e787deced..78dd6a49b 100644 --- a/playbooks/aws/openshift-cluster/provision_install.yml +++ b/playbooks/aws/openshift-cluster/provision_install.yml @@ -6,11 +6,14 @@ - name: Include the provision.yml playbook to create cluster include: provision.yml -- name: Include the install.yml playbook to install cluster +- name: Include the install.yml playbook to install cluster on masters include: install.yml -- name: Include the install.yml playbook to install cluster +- name: provision the infra/compute playbook to install node resources include: provision_nodes.yml - name: Include the accept.yml playbook to accept nodes into the cluster include: accept.yml + +- name: Include the hosted.yml playbook to finish the hosted configuration + include: hosted.yml diff --git a/playbooks/aws/openshift-cluster/provision_instance.yml b/playbooks/aws/openshift-cluster/provision_instance.yml new file mode 100644 index 000000000..6e843453c --- /dev/null +++ b/playbooks/aws/openshift-cluster/provision_instance.yml @@ -0,0 +1,12 @@ +--- +# If running this play directly, be sure the variable +# 'openshift_aws_node_group_type' is set correctly for your usage. +# See build_ami.yml for an example. +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: create an instance and prepare for ami + include_role: + name: openshift_aws + tasks_from: provision_instance.yml diff --git a/playbooks/aws/openshift-cluster/provision_sec_group.yml b/playbooks/aws/openshift-cluster/provision_sec_group.yml new file mode 100644 index 000000000..7d74a691a --- /dev/null +++ b/playbooks/aws/openshift-cluster/provision_sec_group.yml @@ -0,0 +1,13 @@ +--- +# If running this play directly, be sure the variable +# 'openshift_aws_node_group_type' is set correctly for your usage. +# See build_ami.yml for an example. +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: create security groups + include_role: + name: openshift_aws + tasks_from: security_group.yml + when: openshift_aws_create_security_groups | default(True) | bool diff --git a/playbooks/aws/openshift-cluster/provision_ssh_keypair.yml b/playbooks/aws/openshift-cluster/provision_ssh_keypair.yml new file mode 100644 index 000000000..3ec683958 --- /dev/null +++ b/playbooks/aws/openshift-cluster/provision_ssh_keypair.yml @@ -0,0 +1,12 @@ +--- +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: create an instance and prepare for ami + include_role: + name: openshift_aws + tasks_from: ssh_keys.yml + vars: + openshift_aws_node_group_type: compute + when: openshift_aws_users | default([]) | length > 0 diff --git a/playbooks/aws/openshift-cluster/provision_vpc.yml b/playbooks/aws/openshift-cluster/provision_vpc.yml new file mode 100644 index 000000000..0a23a6d32 --- /dev/null +++ b/playbooks/aws/openshift-cluster/provision_vpc.yml @@ -0,0 +1,10 @@ +--- +- hosts: localhost + connection: local + gather_facts: no + tasks: + - name: create a vpc + include_role: + name: openshift_aws + tasks_from: vpc.yml + when: openshift_aws_create_vpc | default(True) | bool diff --git a/playbooks/aws/openshift-cluster/provisioning_vars.example.yml b/playbooks/aws/openshift-cluster/provisioning_vars.example.yml deleted file mode 100644 index 28eb9c993..000000000 --- a/playbooks/aws/openshift-cluster/provisioning_vars.example.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# when creating an AMI set this option to True -# when installing the cluster, set this to False -openshift_node_bootstrap: True - -# specify a clusterid -#openshift_aws_clusterid: default - -# must specify a base_ami when building an AMI -#openshift_aws_base_ami: - -# when creating an encrypted AMI please specify use_encryption -#openshift_aws_ami_encrypt: False - -# custom certificates are required for the ELB -#openshift_aws_iam_cert_path: '/path/to/wildcard.<clusterid>.example.com.crt' -#openshift_aws_iam_key_path: '/path/to/wildcard.<clusterid>.example.com.key' -#openshift_aws_iam_cert_chain_path: '/path/to/cert.ca.crt' - -# This is required for any ec2 instances -#openshift_aws_ssh_key_name: myuser_key - -# This will ensure these users are created -#openshift_aws_users: -#- key_name: myuser_key -# username: myuser -# pub_key: | -# ssh-rsa AAAA diff --git a/playbooks/aws/openshift-cluster/seal_ami.yml b/playbooks/aws/openshift-cluster/seal_ami.yml new file mode 100644 index 000000000..8239a64fb --- /dev/null +++ b/playbooks/aws/openshift-cluster/seal_ami.yml @@ -0,0 +1,12 @@ +--- +# If running this play directly, be sure the variable +# 'openshift_aws_ami_name' is set correctly for your usage. +# See build_ami.yml for an example. +- hosts: localhost + connection: local + become: no + tasks: + - name: seal the ami + include_role: + name: openshift_aws + tasks_from: seal_ami.yml diff --git a/playbooks/aws/provisioning-inventory.example.ini b/playbooks/aws/provisioning-inventory.example.ini new file mode 100644 index 000000000..238a7eb2f --- /dev/null +++ b/playbooks/aws/provisioning-inventory.example.ini @@ -0,0 +1,25 @@ +[OSEv3:children] +masters +nodes +etcd + +[OSEv3:vars] +################################################################################ +# Ensure these variables are set for bootstrap +################################################################################ +# openshift_deployment_type is required for installation +openshift_deployment_type=origin + +openshift_master_bootstrap_enabled=True + +openshift_hosted_router_wait=False +openshift_hosted_registry_wait=False + +################################################################################ +# cluster specific settings maybe be placed here + +[masters] + +[etcd] + +[nodes] diff --git a/playbooks/aws/provisioning_vars.yml.example b/playbooks/aws/provisioning_vars.yml.example new file mode 100644 index 000000000..1491fb868 --- /dev/null +++ b/playbooks/aws/provisioning_vars.yml.example @@ -0,0 +1,120 @@ +--- +# Variables that are commented in this file are optional; uncommented variables +# are mandatory. + +# Default values for each variable are provided, as applicable. +# Example values for mandatory variables are provided as a comment at the end +# of the line. + +# ------------------------ # +# Common/Cluster Variables # +# ------------------------ # +# Variables in this section affect all areas of the cluster + +# Deployment type must be specified. +openshift_deployment_type: # 'origin' or 'openshift-enterprise' + +# openshift_release must be specified. Use whatever version of openshift +# that is supported by openshift-ansible that you wish. +openshift_release: # v3.7 + +# This will be dependent on the version provided by the yum repository +openshift_pkg_version: # -3.7.0 + +# specify a clusterid +# This value is also used as the default value for many other components. +#openshift_aws_clusterid: default + +# AWS region +# This value will instruct the plays where all items should be created. +# Multi-region deployments are not supported using these plays at this time. +#openshift_aws_region: us-east-1 + +#openshift_aws_create_launch_config: true +#openshift_aws_create_scale_group: true + +# --- # +# VPC # +# --- # + +# openshift_aws_create_vpc defaults to true. If you don't wish to provision +# a vpc, set this to false. +#openshift_aws_create_vpc: true + +# Name of the vpc. Needs to be set if using a pre-existing vpc. +#openshift_aws_vpc_name: "{{ openshift_aws_clusterid }}" + +# Name of the subnet in the vpc to use. Needs to be set if using a pre-existing +# vpc + subnet. +#openshift_aws_subnet_name: + +# -------------- # +# Security Group # +# -------------- # + +# openshift_aws_create_security_groups defaults to true. If you wish to use +# an existing security group, set this to false. +#openshift_aws_create_security_groups: true + +# openshift_aws_build_ami_group is the name of the security group to build the +# ami in. This defaults to the value of openshift_aws_clusterid. +#openshift_aws_build_ami_group: "{{ openshift_aws_clusterid }}" + +# openshift_aws_launch_config_security_groups specifies the security groups to +# apply to the launch config. The launch config security groups will be what +# the cluster actually is deployed in. +#openshift_aws_launch_config_security_groups: see roles/openshift_aws/defaults.yml + +# openshift_aws_node_security_groups are created when +# openshift_aws_create_security_groups is set to true. +#openshift_aws_node_security_groups: see roles/openshift_aws/defaults.yml + +# -------- # +# ssh keys # +# -------- # + +# Specify the key pair name here to connect to the provisioned instances. This +# can be an existing key, or it can be one of the keys specified in +# openshift_aws_users +openshift_aws_ssh_key_name: # myuser_key + +# This will ensure these user and public keys are created. +#openshift_aws_users: +#- key_name: myuser_key +# username: myuser +# pub_key: | +# ssh-rsa AAAA + +# When building the AMI, specify the user to ssh to the instance as. +# openshift_aws_build_ami_ssh_user: root + +# --------- # +# AMI Build # +# --------- # +# Variables in this section apply to building a node AMI for use in your +# openshift cluster. + +# must specify a base_ami when building an AMI +openshift_aws_base_ami: # ami-12345678 + +# when creating an encrypted AMI please specify use_encryption +#openshift_aws_ami_encrypt: False + +# -- # +# S3 # +# -- # + +# Create an s3 bucket. +#openshift_aws_create_s3: True + +# --- # +# ELB # +# --- # + +# openshift_aws_elb_name will be the base-name of the ELBs. +#openshift_aws_elb_name: "{{ openshift_aws_clusterid }}" + +# custom certificates are required for the ELB +openshift_aws_iam_cert_path: # '/path/to/wildcard.<clusterid>.example.com.crt' +openshift_aws_iam_cert_key_path: # '/path/to/wildcard.<clusterid>.example.com.key' +openshift_aws_iam_cert_chain_path: # '/path/to/cert.ca.crt' diff --git a/playbooks/byo/openshift-cfme/config.yml b/playbooks/byo/openshift-cfme/config.yml deleted file mode 100644 index 0e8e7a94d..000000000 --- a/playbooks/byo/openshift-cfme/config.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- include: ../openshift-cluster/initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/evaluate_groups.yml - -- include: ../../common/openshift-cfme/config.yml diff --git a/playbooks/byo/openshift-cfme/uninstall.yml b/playbooks/byo/openshift-cfme/uninstall.yml deleted file mode 100644 index c8ed16859..000000000 --- a/playbooks/byo/openshift-cfme/uninstall.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# - include: ../openshift-cluster/initialize_groups.yml -# tags: -# - always - -- include: ../../common/openshift-cfme/uninstall.yml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/roles b/playbooks/byo/openshift-checks/certificate_expiry/roles deleted file mode 120000 index 4bdbcbad3..000000000 --- a/playbooks/byo/openshift-checks/certificate_expiry/roles +++ /dev/null @@ -1 +0,0 @@ -../../../../roles
\ No newline at end of file diff --git a/playbooks/byo/openshift-checks/health.yml b/playbooks/byo/openshift-checks/health.yml deleted file mode 100644 index 96a71e4dc..000000000 --- a/playbooks/byo/openshift-checks/health.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml - -- include: ../../common/openshift-checks/health.yml diff --git a/playbooks/byo/openshift-checks/pre-install.yml b/playbooks/byo/openshift-checks/pre-install.yml deleted file mode 100644 index dd93df0bb..000000000 --- a/playbooks/byo/openshift-checks/pre-install.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml - -- include: ../../common/openshift-checks/pre-install.yml diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index 60fa44c5b..57823847b 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -1,12 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/config.yml - vars: - openshift_deployment_subtype: "{{ deployment_subtype | default(none) }}" diff --git a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml index 9ce8f0d3c..b429e84e5 100644 --- a/playbooks/byo/openshift-cluster/enable_dnsmasq.yml +++ b/playbooks/byo/openshift-cluster/enable_dnsmasq.yml @@ -1,4 +1,4 @@ --- -- include: initialize_groups.yml +- include: ../../init/evaluate_groups.yml - include: ../../common/openshift-cluster/enable_dnsmasq.yml diff --git a/playbooks/byo/openshift-cluster/initialize_groups.yml b/playbooks/byo/openshift-cluster/initialize_groups.yml deleted file mode 100644 index 2a725510a..000000000 --- a/playbooks/byo/openshift-cluster/initialize_groups.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Create initial host groups for localhost - hosts: localhost - connection: local - become: no - gather_facts: no - tags: - - always - tasks: - - include_vars: cluster_hosts.yml diff --git a/playbooks/byo/openshift-cluster/openshift-hosted.yml b/playbooks/byo/openshift-cluster/openshift-hosted.yml index edd4c8d7b..0855a2fb6 100644 --- a/playbooks/byo/openshift-cluster/openshift-hosted.yml +++ b/playbooks/byo/openshift-cluster/openshift-hosted.yml @@ -1,6 +1,4 @@ --- -- include: initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-cluster/openshift_hosted.yml diff --git a/playbooks/byo/openshift-cluster/openshift-logging.yml b/playbooks/byo/openshift-cluster/openshift-logging.yml index a523bb47f..74e186f33 100644 --- a/playbooks/byo/openshift-cluster/openshift-logging.yml +++ b/playbooks/byo/openshift-cluster/openshift-logging.yml @@ -4,12 +4,6 @@ # Hosted logging on. See inventory/byo/hosts.*.example for the # currently supported method. # -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/openshift_logging.yml diff --git a/playbooks/byo/openshift-cluster/openshift-metrics.yml b/playbooks/byo/openshift-cluster/openshift-metrics.yml index 1135c8c11..e4c9ba1f7 100644 --- a/playbooks/byo/openshift-cluster/openshift-metrics.yml +++ b/playbooks/byo/openshift-cluster/openshift-metrics.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/openshift_metrics.yml diff --git a/playbooks/byo/openshift-cluster/openshift-prometheus.yml b/playbooks/byo/openshift-cluster/openshift-prometheus.yml index 4d3f7f42c..634ee2a80 100644 --- a/playbooks/byo/openshift-cluster/openshift-prometheus.yml +++ b/playbooks/byo/openshift-cluster/openshift-prometheus.yml @@ -1,6 +1,4 @@ --- -- include: initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-cluster/openshift_prometheus.yml diff --git a/playbooks/byo/openshift-cluster/openshift-provisioners.yml b/playbooks/byo/openshift-cluster/openshift-provisioners.yml index 8e80f158b..0949d33c9 100644 --- a/playbooks/byo/openshift-cluster/openshift-provisioners.yml +++ b/playbooks/byo/openshift-cluster/openshift-provisioners.yml @@ -1,6 +1,4 @@ --- -- include: initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-cluster/openshift_provisioners.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-certificates.yml index 255b0dbf7..6450a4d76 100644 --- a/playbooks/byo/openshift-cluster/redeploy-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-certificates.yml @@ -1,11 +1,5 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/check-expiry.yml vars: @@ -42,3 +36,7 @@ - include: ../../common/openshift-cluster/redeploy-certificates/registry.yml when: openshift_hosted_manage_registry | default(true) | bool + +- include: ../../common/openshift-master/revert-client-ca.yml + +- include: ../../common/openshift-master/restart.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-etcd-ca.yml b/playbooks/byo/openshift-cluster/redeploy-etcd-ca.yml index 29f821eda..77dd121b3 100644 --- a/playbooks/byo/openshift-cluster/redeploy-etcd-ca.yml +++ b/playbooks/byo/openshift-cluster/redeploy-etcd-ca.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/etcd-ca.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml index f4f2ce00d..f3892f56f 100644 --- a/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-etcd-certificates.yml @@ -1,11 +1,5 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/check-expiry.yml vars: diff --git a/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml index 049bad8e7..6a4528b7f 100644 --- a/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-master-certificates.yml @@ -1,11 +1,5 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/masters-backup.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml index 345b0c689..891c0e58c 100644 --- a/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-node-certificates.yml @@ -1,11 +1,5 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/nodes-backup.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml b/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml index 6e11a111b..9cebeb1ee 100644 --- a/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml +++ b/playbooks/byo/openshift-cluster/redeploy-openshift-ca.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/openshift-ca.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml index 30feabab3..36b6250a7 100644 --- a/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-registry-certificates.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/registry.yml diff --git a/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml b/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml index 2630fb234..181e03381 100644 --- a/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml +++ b/playbooks/byo/openshift-cluster/redeploy-router-certificates.yml @@ -1,10 +1,4 @@ --- -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/redeploy-certificates/router.yml diff --git a/playbooks/byo/openshift-cluster/service-catalog.yml b/playbooks/byo/openshift-cluster/service-catalog.yml index 40a7606e7..7be63b0a5 100644 --- a/playbooks/byo/openshift-cluster/service-catalog.yml +++ b/playbooks/byo/openshift-cluster/service-catalog.yml @@ -4,12 +4,6 @@ # Hosted logging on. See inventory/byo/hosts.*.example for the # currently supported method. # -- include: initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-cluster/service_catalog.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/README.md b/playbooks/byo/openshift-cluster/upgrades/README.md index 0f64f40f3..d9b1fc2ca 100644 --- a/playbooks/byo/openshift-cluster/upgrades/README.md +++ b/playbooks/byo/openshift-cluster/upgrades/README.md @@ -4,6 +4,5 @@ cluster. Additional notes for the associated upgrade playbooks are provided in their respective directories. # Upgrades available +- [OpenShift Container Platform 3.6 to 3.7](v3_7/README.md) (works also to upgrade OpenShift Origin from 3.6.x to 3.7.x) - [OpenShift Container Platform 3.5 to 3.6](v3_6/README.md) (works also to upgrade OpenShift Origin from 1.5.x to 3.6.x) -- [OpenShift Container Platform 3.4 to 3.5](v3_5/README.md) (works also to upgrade OpenShift Origin from 1.4.x to 1.5.x) -- [OpenShift Container Platform 3.3 to 3.4](v3_4/README.md) (works also to upgrade OpenShift Origin from 1.3.x to 1.4.x) diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml index 7f31e26e1..c46b22331 100644 --- a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml @@ -1,5 +1,5 @@ --- # Playbook to upgrade Docker to the max allowable version for an OpenShift cluster. -- include: ../../initialize_groups.yml +- include: ../../../../init/evaluate_groups.yml - include: ../../../../common/openshift-cluster/upgrades/docker/docker_upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml b/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml index 5bd5d64ab..a9be8dec4 100644 --- a/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml +++ b/playbooks/byo/openshift-cluster/upgrades/upgrade_etcd.yml @@ -1,6 +1,4 @@ --- -- include: ../initialize_groups.yml - -- include: ../../../common/openshift-cluster/evaluate_groups.yml +- include: ../../../init/evaluate_groups.yml - include: ../../../common/openshift-cluster/upgrades/etcd/main.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_3/README.md deleted file mode 100644 index 6892f6324..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# v3.3 Major and Minor Upgrade Playbook - -## Overview -This playbook currently performs the -following steps. - - * Upgrade and restart master services - * Unschedule node. - * Upgrade and restart docker - * Upgrade and restart node services - * Modifies the subset of the configuration necessary - * Applies the latest cluster policies - * Updates the default router if one exists - * Updates the default registry if one exists - * Updates image streams and quickstarts - -## Usage -ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml deleted file mode 100644 index 697a18c4d..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# -# Full Control Plane + Nodes Upgrade -# -- include: ../../initialize_groups.yml - -- include: ../../../../common/openshift-cluster/upgrades/v3_3/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml deleted file mode 100644 index 180a2821f..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# -# Node Upgrade Playbook -# -# Upgrades nodes only, but requires the control plane to have already been upgraded. -# -- include: ../../initialize_groups.yml - -- include: ../../../../common/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_4/README.md deleted file mode 100644 index 85b807dc6..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# v3.4 Major and Minor Upgrade Playbook - -## Overview -This playbook currently performs the -following steps. - - * Upgrade and restart master services - * Unschedule node. - * Upgrade and restart docker - * Upgrade and restart node services - * Modifies the subset of the configuration necessary - * Applies the latest cluster policies - * Updates the default router if one exists - * Updates the default registry if one exists - * Updates image streams and quickstarts - -## Usage -ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml deleted file mode 100644 index 8cce91b3f..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# -# Full Control Plane + Nodes Upgrade -# -- include: ../../initialize_groups.yml - -- include: ../../../../common/openshift-cluster/upgrades/v3_4/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml deleted file mode 100644 index 8e5d0f5f9..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# -# Control Plane Upgrade Playbook -# -# Upgrades masters and Docker (only on standalone etcd hosts) -# -# This upgrade does not include: -# - node service running on masters -# - docker running on masters -# - node service running on dedicated nodes -# -# You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. -# -- include: ../../initialize_groups.yml - -- include: ../../../../common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml deleted file mode 100644 index d5329b858..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# -# Node Upgrade Playbook -# -# Upgrades nodes only, but requires the control plane to have already been upgraded. -# -- include: ../../initialize_groups.yml - -- include: ../../../../common/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml deleted file mode 100644 index f44d55ad2..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# -# Full Control Plane + Nodes Upgrade -# -- include: ../../initialize_groups.yml - -- include: ../../../../common/openshift-cluster/upgrades/v3_5/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml deleted file mode 100644 index 2377713fa..000000000 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# -# Control Plane Upgrade Playbook -# -# Upgrades masters and Docker (only on standalone etcd hosts) -# -# This upgrade does not include: -# - node service running on masters -# - docker running on masters -# - node service running on dedicated nodes -# -# You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. -# -- include: ../../initialize_groups.yml - -- include: ../../../../common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml index 40120b3e8..c880fe7f7 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -2,6 +2,4 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 408a4c631..aeec5f5cc 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -11,6 +11,4 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml index b5f42b804..4664a9a2b 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml @@ -4,6 +4,4 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_7/README.md index 4bf53be81..914e0f5b2 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/README.md +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/README.md @@ -1,4 +1,4 @@ -# v3.6 Major and Minor Upgrade Playbook +# v3.7 Major and Minor Upgrade Playbook ## Overview This playbook currently performs the following steps. diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml index e41c29682..cbb89bc4d 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -2,6 +2,4 @@ # # Full Control Plane + Nodes Upgrade # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index 21e0fd815..1adfbdec0 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -11,6 +11,4 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml index 0e09d996e..b4da18281 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml @@ -4,6 +4,4 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../../initialize_groups.yml - - include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_8/README.md index 53eebe65e..d9be6ae3b 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/README.md +++ b/playbooks/byo/openshift-cluster/upgrades/v3_8/README.md @@ -1,11 +1,10 @@ -# v3.5 Major and Minor Upgrade Playbook +# v3.6 Major and Minor Upgrade Playbook ## Overview -This playbook currently performs the -following steps. +This playbook currently performs the following steps. * Upgrade and restart master services - * Unschedule node. + * Unschedule node * Upgrade and restart docker * Upgrade and restart node services * Modifies the subset of the configuration necessary @@ -15,4 +14,7 @@ following steps. * Updates image streams and quickstarts ## Usage -ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml + +``` +ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml +``` diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml new file mode 100644 index 000000000..f7e5dd1d2 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade.yml @@ -0,0 +1,5 @@ +--- +# +# Full Control Plane + Nodes Upgrade +# +- include: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml index 4d284c279..cc04d81c1 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml @@ -11,6 +11,4 @@ # # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # -- include: ../../initialize_groups.yml - -- include: ../../../../common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml +- include: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml index 5b3f6ab06..37a9f69bb 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml @@ -4,6 +4,4 @@ # # Upgrades nodes only, but requires the control plane to have already been upgraded. # -- include: ../../initialize_groups.yml - -- include: ../../../../common/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml +- include: ../../../../common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-etcd/certificates.yml b/playbooks/byo/openshift-etcd/certificates.yml index e35cf243f..0e9d42cd6 100644 --- a/playbooks/byo/openshift-etcd/certificates.yml +++ b/playbooks/byo/openshift-etcd/certificates.yml @@ -1,7 +1,5 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/ca.yml diff --git a/playbooks/byo/openshift-etcd/config.yml b/playbooks/byo/openshift-etcd/config.yml index 1342bd60c..c6e0a9d90 100644 --- a/playbooks/byo/openshift-etcd/config.yml +++ b/playbooks/byo/openshift-etcd/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/config.yml diff --git a/playbooks/byo/openshift-etcd/embedded2external.yml b/playbooks/byo/openshift-etcd/embedded2external.yml new file mode 100644 index 000000000..492f677b0 --- /dev/null +++ b/playbooks/byo/openshift-etcd/embedded2external.yml @@ -0,0 +1,4 @@ +--- +- include: ../../init/main.yml + +- include: ../../common/openshift-etcd/embedded2external.yml diff --git a/playbooks/byo/openshift-etcd/migrate.yml b/playbooks/byo/openshift-etcd/migrate.yml index 2dec2bef6..3020e7db4 100644 --- a/playbooks/byo/openshift-etcd/migrate.yml +++ b/playbooks/byo/openshift-etcd/migrate.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/migrate.yml diff --git a/playbooks/byo/openshift-etcd/restart.yml b/playbooks/byo/openshift-etcd/restart.yml index 034bba4b4..0889d91ba 100644 --- a/playbooks/byo/openshift-etcd/restart.yml +++ b/playbooks/byo/openshift-etcd/restart.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/restart.yml diff --git a/playbooks/byo/openshift-etcd/scaleup.yml b/playbooks/byo/openshift-etcd/scaleup.yml index a2a5856a9..e7d62e264 100644 --- a/playbooks/byo/openshift-etcd/scaleup.yml +++ b/playbooks/byo/openshift-etcd/scaleup.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-etcd/scaleup.yml diff --git a/playbooks/byo/openshift-glusterfs/config.yml b/playbooks/byo/openshift-glusterfs/config.yml index 3f11f3991..120476bb8 100644 --- a/playbooks/byo/openshift-glusterfs/config.yml +++ b/playbooks/byo/openshift-glusterfs/config.yml @@ -1,10 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-glusterfs/config.yml diff --git a/playbooks/byo/openshift-glusterfs/registry.yml b/playbooks/byo/openshift-glusterfs/registry.yml index 6ee6febdb..32734f863 100644 --- a/playbooks/byo/openshift-glusterfs/registry.yml +++ b/playbooks/byo/openshift-glusterfs/registry.yml @@ -1,10 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - tags: - - always - -- include: ../../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../../init/main.yml - include: ../../common/openshift-glusterfs/registry.yml diff --git a/playbooks/byo/openshift-loadbalancer/config.yml b/playbooks/byo/openshift-loadbalancer/config.yml index 32c828f97..27925d2e9 100644 --- a/playbooks/byo/openshift-loadbalancer/config.yml +++ b/playbooks/byo/openshift-loadbalancer/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-loadbalancer/config.yml diff --git a/playbooks/byo/openshift-management/add_container_provider.yml b/playbooks/byo/openshift-management/add_container_provider.yml new file mode 100644 index 000000000..e2f558550 --- /dev/null +++ b/playbooks/byo/openshift-management/add_container_provider.yml @@ -0,0 +1,4 @@ +--- +- include: ../../init/evaluate_groups.yml + +- include: ../../common/openshift-management/add_container_provider.yml diff --git a/playbooks/byo/openshift-management/add_many_container_providers.yml b/playbooks/byo/openshift-management/add_many_container_providers.yml new file mode 100644 index 000000000..62fdb11c5 --- /dev/null +++ b/playbooks/byo/openshift-management/add_many_container_providers.yml @@ -0,0 +1,36 @@ +--- +- hosts: localhost + tasks: + - name: Ensure the container provider configuration is defined + assert: + that: container_providers_config is defined + msg: | + Error: Must provide providers config path. Fix: Add '-e container_providers_config=/path/to/your/config' to the ansible-playbook command + + - name: Include providers/management configuration + include_vars: + file: "{{ container_providers_config }}" + + - name: Ensure this cluster is a container provider + uri: + url: "https://{{ management_server['hostname'] }}/api/providers" + body_format: json + method: POST + user: "{{ management_server['user'] }}" + password: "{{ management_server['password'] }}" + validate_certs: no + # Docs on formatting the BODY of the POST request: + # http://manageiq.org/docs/reference/latest/api/reference/providers.html#specifying-connection-configurations + body: "{{ item }}" + failed_when: false + with_items: "{{ container_providers }}" + register: results + + # Include openshift_management for access to filter_plugins. + - include_role: + name: openshift_management + tasks_from: noop + + - name: print each result + debug: + msg: "{{ results.results | oo_filter_container_providers }}" diff --git a/playbooks/byo/openshift-management/config.yml b/playbooks/byo/openshift-management/config.yml new file mode 100644 index 000000000..e699fd014 --- /dev/null +++ b/playbooks/byo/openshift-management/config.yml @@ -0,0 +1,4 @@ +--- +- include: ../../init/main.yml + +- include: ../../common/openshift-management/config.yml diff --git a/playbooks/byo/openshift-checks/roles b/playbooks/byo/openshift-management/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/byo/openshift-checks/roles +++ b/playbooks/byo/openshift-management/roles diff --git a/playbooks/byo/openshift-management/uninstall.yml b/playbooks/byo/openshift-management/uninstall.yml new file mode 100644 index 000000000..e95c1c88a --- /dev/null +++ b/playbooks/byo/openshift-management/uninstall.yml @@ -0,0 +1,2 @@ +--- +- include: ../../common/openshift-management/uninstall.yml diff --git a/playbooks/byo/openshift-master/additional_config.yml b/playbooks/byo/openshift-master/additional_config.yml index b3d7b5731..1454190b2 100644 --- a/playbooks/byo/openshift-master/additional_config.yml +++ b/playbooks/byo/openshift-master/additional_config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-master/additional_config.yml diff --git a/playbooks/byo/openshift-master/certificates.yml b/playbooks/byo/openshift-master/certificates.yml index 26b964034..344985244 100644 --- a/playbooks/byo/openshift-master/certificates.yml +++ b/playbooks/byo/openshift-master/certificates.yml @@ -1,8 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml - -- include: ../../common/openshift-master/ca.yml +- include: ../../init/main.yml - include: ../../common/openshift-master/certificates.yml diff --git a/playbooks/byo/openshift-master/config.yml b/playbooks/byo/openshift-master/config.yml index 98be0c448..913525e65 100644 --- a/playbooks/byo/openshift-master/config.yml +++ b/playbooks/byo/openshift-master/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-master/config.yml diff --git a/playbooks/byo/openshift-master/restart.yml b/playbooks/byo/openshift-master/restart.yml index 8950efd00..d2031d928 100644 --- a/playbooks/byo/openshift-master/restart.yml +++ b/playbooks/byo/openshift-master/restart.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-master/restart.yml diff --git a/playbooks/byo/openshift-master/scaleup.yml b/playbooks/byo/openshift-master/scaleup.yml index a09edd55a..4fdec5e7d 100644 --- a/playbooks/byo/openshift-master/scaleup.yml +++ b/playbooks/byo/openshift-master/scaleup.yml @@ -1,5 +1,5 @@ --- -- include: ../openshift-cluster/initialize_groups.yml +- include: ../../init/evaluate_groups.yml - name: Ensure there are new_masters or new_nodes hosts: localhost @@ -13,8 +13,11 @@ add hosts to the new_masters and new_nodes host groups to add masters. when: - - (g_new_master_hosts | default([]) | length == 0) and (g_new_node_hosts | default([]) | length == 0) + - g_new_master_hosts | default([]) | length == 0 + - g_new_node_hosts | default([]) | length == 0 -- include: ../../common/openshift-cluster/std_include.yml +# Need a better way to do the above check for node without +# running evaluate_groups and init/main.yml +- include: ../../init/main.yml - include: ../../common/openshift-master/scaleup.yml diff --git a/playbooks/byo/openshift-nfs/config.yml b/playbooks/byo/openshift-nfs/config.yml index 93b24411e..a5e6fe784 100644 --- a/playbooks/byo/openshift-nfs/config.yml +++ b/playbooks/byo/openshift-nfs/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-nfs/config.yml diff --git a/playbooks/byo/openshift-node/certificates.yml b/playbooks/byo/openshift-node/certificates.yml index 3d2de74a9..5342cf46b 100644 --- a/playbooks/byo/openshift-node/certificates.yml +++ b/playbooks/byo/openshift-node/certificates.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-node/certificates.yml diff --git a/playbooks/byo/openshift-node/config.yml b/playbooks/byo/openshift-node/config.yml index 839dc36ff..b157b13d6 100644 --- a/playbooks/byo/openshift-node/config.yml +++ b/playbooks/byo/openshift-node/config.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-node/config.yml diff --git a/playbooks/byo/openshift-node/network_manager.yml b/playbooks/byo/openshift-node/network_manager.yml index b23692237..3d96cbdd5 100644 --- a/playbooks/byo/openshift-node/network_manager.yml +++ b/playbooks/byo/openshift-node/network_manager.yml @@ -1,4 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml +- include: ../../init/evaluate_groups.yml - include: ../../common/openshift-node/network_manager.yml diff --git a/playbooks/byo/openshift-node/restart.yml b/playbooks/byo/openshift-node/restart.yml index ccf9e82da..53a6b9ed4 100644 --- a/playbooks/byo/openshift-node/restart.yml +++ b/playbooks/byo/openshift-node/restart.yml @@ -1,6 +1,4 @@ --- -- include: ../openshift-cluster/initialize_groups.yml - -- include: ../../common/openshift-cluster/std_include.yml +- include: ../../init/main.yml - include: ../../common/openshift-node/restart.yml diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml index 9f992cca6..bf1bbcf46 100644 --- a/playbooks/byo/openshift-node/scaleup.yml +++ b/playbooks/byo/openshift-node/scaleup.yml @@ -1,5 +1,5 @@ --- -- include: ../openshift-cluster/initialize_groups.yml +- include: ../../init/evaluate_groups.yml - name: Ensure there are new_nodes hosts: localhost @@ -14,8 +14,8 @@ when: - g_new_node_hosts | default([]) | length == 0 -- include: ../../common/openshift-cluster/std_include.yml - -- include: ../../common/openshift-node/certificates.yml +# Need a better way to do the above check for node without +# running evaluate_groups and init/main.yml +- include: ../../init/main.yml - include: ../../common/openshift-node/config.yml diff --git a/playbooks/byo/openshift-preflight/check.yml b/playbooks/byo/openshift-preflight/check.yml deleted file mode 100644 index 2e53452a6..000000000 --- a/playbooks/byo/openshift-preflight/check.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# location is moved; this file remains so existing instructions keep working -- include: ../openshift-checks/pre-install.yml diff --git a/playbooks/byo/openshift_facts.yml b/playbooks/byo/openshift_facts.yml index a8c1c3a88..29e0ebe8d 100644 --- a/playbooks/byo/openshift_facts.yml +++ b/playbooks/byo/openshift_facts.yml @@ -1,19 +1,13 @@ --- -- include: openshift-cluster/initialize_groups.yml - tags: - - always - -- include: ../common/openshift-cluster/std_include.yml - tags: - - always +- include: ../init/main.yml - name: Gather Cluster facts - # Temporarily reverting to OSEv3 until group standardization is complete - hosts: OSEv3 + hosts: oo_all_hosts roles: - openshift_facts tasks: - openshift_facts: openshift_env: "{{ hostvars[inventory_hostname] | oo_openshift_env }}" register: result - - debug: var=result + - debug: + var: result diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml index bc3109a31..261143080 100644 --- a/playbooks/byo/rhel_subscribe.yml +++ b/playbooks/byo/rhel_subscribe.yml @@ -1,11 +1,8 @@ --- -- include: openshift-cluster/initialize_groups.yml - tags: - - always +- include: ../init/evaluate_groups.yml - name: Subscribe hosts, update repos and update OS packages - # Temporarily reverting to OSEv3 until group standardization is complete - hosts: OSEv3 + hosts: oo_all_hosts roles: - role: rhel_subscribe when: diff --git a/playbooks/certificate_expiry b/playbooks/certificate_expiry deleted file mode 120000 index 9cf5334a1..000000000 --- a/playbooks/certificate_expiry +++ /dev/null @@ -1 +0,0 @@ -byo/openshift-checks/certificate_expiry/
\ No newline at end of file diff --git a/playbooks/common/openshift-cfme/config.yml b/playbooks/common/openshift-cfme/config.yml deleted file mode 100644 index 533a35d9e..000000000 --- a/playbooks/common/openshift-cfme/config.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# TODO: Make this work. The 'name' variable below is undefined -# presently because it's part of the cfme role. This play can't run -# until that's re-worked. -# -# - name: Pre-Pull manageiq-pods docker images -# hosts: nodes -# tasks: -# - name: Ensure the latest manageiq-pods docker image is pulling -# docker_image: -# name: "{{ openshift_cfme_container_image }}" -# # Fire-and-forget method, never timeout -# async: 99999999999 -# # F-a-f, never check on this. True 'background' task. -# poll: 0 - -- name: Configure Masters for CFME Bulk Image Imports - hosts: oo_masters_to_config - serial: 1 - tasks: - - name: Run master cfme tuning playbook - include_role: - name: openshift_cfme - tasks_from: tune_masters - -- name: Setup CFME - hosts: oo_first_master - vars: - r_openshift_cfme_miq_template_content: "{{ lookup('file', 'roles/openshift_cfme/files/miq-template.yaml') | from_yaml}}" - pre_tasks: - - name: Create a temporary place to evaluate the PV templates - command: mktemp -d /tmp/openshift-ansible-XXXXXXX - register: r_openshift_cfme_mktemp - changed_when: false - - name: Ensure the server template was read from disk - debug: - msg="{{ r_openshift_cfme_miq_template_content | from_yaml }}" - - tasks: - - name: Run the CFME Setup Role - include_role: - name: openshift_cfme - vars: - template_dir: "{{ hostvars[groups.masters.0].r_openshift_cfme_mktemp.stdout }}" diff --git a/playbooks/common/openshift-cluster/cockpit-ui.yml b/playbooks/common/openshift-cluster/cockpit-ui.yml index 5ddafdb07..359132dd0 100644 --- a/playbooks/common/openshift-cluster/cockpit-ui.yml +++ b/playbooks/common/openshift-cluster/cockpit-ui.yml @@ -3,4 +3,6 @@ hosts: oo_first_master roles: - role: cockpit-ui - when: ( openshift.common.version_gte_3_3_or_1_3 | bool ) and ( openshift_hosted_manage_registry | default(true) | bool ) and not (openshift.docker.hosted_registry_insecure | default(false) | bool) + when: + - openshift_hosted_manage_registry | default(true) | bool + - not openshift.docker.hosted_registry_insecure | default(false) | bool diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 4ca0d48e4..588291878 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,26 +1,5 @@ --- -# TODO: refactor this into its own include -# and pass a variable for ctx -- name: Verify Requirements - hosts: oo_all_hosts - roles: - - openshift_health_checker - vars: - - r_openshift_health_checker_playbook_context: install - post_tasks: - - action: openshift_health_check - args: - checks: - - disk_availability - - memory_availability - - package_availability - - package_version - - docker_image_availability - - docker_storage - -- include: ../openshift-etcd/ca.yml - -- include: ../openshift-etcd/certificates.yml +- include: ../../openshift-checks/private/install.yml - include: ../openshift-etcd/config.yml @@ -30,16 +9,10 @@ - include: ../openshift-loadbalancer/config.yml when: groups.oo_lb_to_config | default([]) | count > 0 -- include: ../openshift-master/ca.yml - -- include: ../openshift-master/certificates.yml - - include: ../openshift-master/config.yml - include: ../openshift-master/additional_config.yml -- include: ../openshift-node/certificates.yml - - include: ../openshift-node/config.yml - include: ../openshift-glusterfs/config.yml @@ -54,7 +27,10 @@ when: openshift_logging_install_logging | default(false) | bool - include: service_catalog.yml - when: openshift_enable_service_catalog | default(false) | bool + when: openshift_enable_service_catalog | default(true) | bool + +- include: ../openshift-management/config.yml + when: openshift_management_install_management | default(false) | bool - name: Print deprecated variable warning message if necessary hosts: oo_first_master diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml index be14b06f0..f91361b67 100644 --- a/playbooks/common/openshift-cluster/enable_dnsmasq.yml +++ b/playbooks/common/openshift-cluster/enable_dnsmasq.yml @@ -1,13 +1,8 @@ --- -- include: evaluate_groups.yml - - name: Load openshift_facts hosts: oo_masters_to_config:oo_nodes_to_config roles: - openshift_facts - post_tasks: - - fail: msg="This playbook requires a master version of at least Origin 1.1 or OSE 3.1" - when: not openshift.common.version_gte_3_1_1_or_1_1_1 | bool - name: Reconfigure masters to listen on our new dns_port hosts: oo_masters_to_config diff --git a/playbooks/common/openshift-cluster/install_docker_gc.yml b/playbooks/common/openshift-cluster/install_docker_gc.yml new file mode 100644 index 000000000..1e3dfee07 --- /dev/null +++ b/playbooks/common/openshift-cluster/install_docker_gc.yml @@ -0,0 +1,7 @@ +--- +- name: Install docker gc + hosts: oo_first_master + gather_facts: false + tasks: + - include_role: + name: openshift_docker_gc diff --git a/playbooks/common/openshift-cluster/openshift_default_storage_class.yml b/playbooks/common/openshift-cluster/openshift_default_storage_class.yml index 4b4f19690..62fe0dd60 100644 --- a/playbooks/common/openshift-cluster/openshift_default_storage_class.yml +++ b/playbooks/common/openshift-cluster/openshift_default_storage_class.yml @@ -3,4 +3,4 @@ hosts: oo_first_master roles: - role: openshift_default_storage_class - when: openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce') + when: openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce' or openshift_cloudprovider_kind == 'openstack') diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index 32e5e708a..15ee60dc0 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -1,14 +1,15 @@ --- - name: Hosted Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Hosted install 'In Progress' + run_once: true set_stats: data: - installer_phase_hosted: "In Progress" - aggregate: false + installer_phase_hosted: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - include: create_persistent_volumes.yml @@ -25,13 +26,19 @@ - include: openshift_prometheus.yml when: openshift_hosted_prometheus_deploy | default(False) | bool +- include: install_docker_gc.yml + when: + - openshift_use_crio | default(False) | bool + - openshift_crio_enable_docker_gc | default(False) | bool + - name: Hosted Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Hosted install 'Complete' + run_once: true set_stats: data: - installer_phase_hosted: "Complete" - aggregate: false + installer_phase_hosted: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-cluster/openshift_logging.yml b/playbooks/common/openshift-cluster/openshift_logging.yml index 69f50fbcd..bc59bd95a 100644 --- a/playbooks/common/openshift-cluster/openshift_logging.yml +++ b/playbooks/common/openshift-cluster/openshift_logging.yml @@ -1,14 +1,15 @@ --- - name: Logging Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Logging install 'In Progress' + run_once: true set_stats: data: - installer_phase_logging: "In Progress" - aggregate: false + installer_phase_logging: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - name: OpenShift Aggregated Logging hosts: oo_first_master @@ -24,12 +25,13 @@ tasks_from: update_master_config - name: Logging Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Logging install 'Complete' + run_once: true set_stats: data: - installer_phase_logging: "Complete" - aggregate: false + installer_phase_logging: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-cluster/openshift_metrics.yml b/playbooks/common/openshift-cluster/openshift_metrics.yml index e369dcd86..80cd93e5f 100644 --- a/playbooks/common/openshift-cluster/openshift_metrics.yml +++ b/playbooks/common/openshift-cluster/openshift_metrics.yml @@ -1,14 +1,15 @@ --- - name: Metrics Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Metrics install 'In Progress' + run_once: true set_stats: data: - installer_phase_metrics: "In Progress" - aggregate: false + installer_phase_metrics: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - name: OpenShift Metrics hosts: oo_first_master @@ -25,12 +26,13 @@ tasks_from: update_master_config.yaml - name: Metrics Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Metrics install 'Complete' + run_once: true set_stats: data: - installer_phase_metrics: "Complete" - aggregate: false + installer_phase_metrics: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-cluster/openshift_prometheus.yml b/playbooks/common/openshift-cluster/openshift_prometheus.yml index ac2d250a3..7aa9a16e6 100644 --- a/playbooks/common/openshift-cluster/openshift_prometheus.yml +++ b/playbooks/common/openshift-cluster/openshift_prometheus.yml @@ -1,5 +1,29 @@ --- +- name: Prometheus Install Checkpoint Start + hosts: all + gather_facts: false + tasks: + - name: Set Prometheus install 'In Progress' + run_once: true + set_stats: + data: + installer_phase_prometheus: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" + - name: Create Hosted Resources - openshift_prometheus hosts: oo_first_master roles: - role: openshift_prometheus + +- name: Prometheus Install Checkpoint End + hosts: all + gather_facts: false + tasks: + - name: Set Prometheus install 'Complete' + run_once: true + set_stats: + data: + installer_phase_prometheus: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml index 12cd209d2..eb225dfb5 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml @@ -1,11 +1,4 @@ --- -- name: Verify OpenShift version is greater than or equal to 1.2 or 3.2 - hosts: oo_first_master - tasks: - - fail: - msg: "The current OpenShift version is less than 1.2/3.2 and does not support CA bundles." - when: not openshift.common.version_gte_3_2_or_1_2 | bool - - name: Check cert expirys hosts: oo_nodes_to_config:oo_masters_to_config:oo_etcd_to_config vars: @@ -43,11 +36,6 @@ when: (g_master_config_output.content|b64decode|from_yaml).oauthConfig.masterCA != 'ca-bundle.crt' - modify_yaml: dest: "{{ openshift.common.config_base }}/master/master-config.yaml" - yaml_key: servingInfo.clientCA - yaml_value: ca-bundle.crt - when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca-bundle.crt' - - modify_yaml: - dest: "{{ openshift.common.config_base }}/master/master-config.yaml" yaml_key: etcdClientInfo.ca yaml_value: ca-bundle.crt when: @@ -67,6 +55,13 @@ when: - groups.oo_etcd_to_config | default([]) | length == 0 - (g_master_config_output.content|b64decode|from_yaml).etcdConfig.servingInfo.clientCA != 'ca-bundle.crt' + # Set servingInfo.clientCA to client-ca-bundle.crt in order to roll the CA certificate. + # This change will be reverted in playbooks/byo/openshift-cluster/redeploy-certificates.yml + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: client-ca-bundle.crt + when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'client-ca-bundle.crt' - name: Copy current OpenShift CA to legacy directory hosts: oo_masters_to_config @@ -114,12 +109,18 @@ register: g_new_openshift_ca_mktemp changed_when: false -- include: ../../openshift-master/ca.yml +- name: Create OpenShift CA + hosts: oo_first_master vars: # Set openshift_ca_config_dir to a temporary directory where CA # will be created. We'll replace the existing CA with the CA # created in the temporary directory. openshift_ca_config_dir: "{{ hostvars[groups.oo_first_master.0].g_new_openshift_ca_mktemp.stdout }}" + roles: + - role: openshift_master_facts + - role: openshift_named_certificates + - role: openshift_ca + openshift_ca_host: "{{ groups.oo_first_master.0 }}" - name: Create temp directory for syncing certs hosts: localhost @@ -149,6 +150,7 @@ - ca.key - ca-bundle.crt - ca.serial.txt + - client-ca-bundle.crt delegate_to: "{{ openshift_ca_host }}" run_once: true changed_when: false @@ -167,6 +169,7 @@ - ca.key - ca-bundle.crt - ca.serial.txt + - client-ca-bundle.crt - name: Update master client kubeconfig CA data kubeclient_ca: client_path: "{{ openshift.common.config_base }}/master/openshift-master.kubeconfig" diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml index afd5463b2..7e9363c5f 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml @@ -70,9 +70,7 @@ --hostnames="{{ docker_registry_service_ip.results.clusterip }},docker-registry.default.svc,docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}" --cert={{ openshift.common.config_base }}/master/registry.crt --key={{ openshift.common.config_base }}/master/registry.key - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_hosted_registry_cert_expire_days | default(730) }} - {% endif %} - name: Update registry certificates secret oc_secret: diff --git a/playbooks/common/openshift-cluster/service_catalog.yml b/playbooks/common/openshift-cluster/service_catalog.yml index 95a8f601c..7bb8511f6 100644 --- a/playbooks/common/openshift-cluster/service_catalog.yml +++ b/playbooks/common/openshift-cluster/service_catalog.yml @@ -1,14 +1,15 @@ --- - name: Service Catalog Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Service Catalog install 'In Progress' + run_once: true set_stats: data: - installer_phase_servicecatalog: "In Progress" - aggregate: false + installer_phase_servicecatalog: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - name: Service Catalog hosts: oo_first_master @@ -20,12 +21,13 @@ first_master: "{{ groups.oo_first_master[0] }}" - name: Service Catalog Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Service Catalog install 'Complete' + run_once: true set_stats: data: - installer_phase_servicecatalog: "Complete" - aggregate: false + installer_phase_servicecatalog: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-cluster/std_include.yml b/playbooks/common/openshift-cluster/std_include.yml deleted file mode 100644 index 090ad6445..000000000 --- a/playbooks/common/openshift-cluster/std_include.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- name: Initialization Checkpoint Start - hosts: localhost - connection: local - gather_facts: false - roles: - - installer_checkpoint - tasks: - - name: Set install initialization 'In Progress' - set_stats: - data: - installer_phase_initialize: "In Progress" - aggregate: false - -- include: evaluate_groups.yml - tags: - - always - -- include: initialize_facts.yml - tags: - - always - -- include: sanity_checks.yml - tags: - - always - -- include: validate_hostnames.yml - tags: - - node - -- include: initialize_openshift_repos.yml - tags: - - always - -- include: initialize_openshift_version.yml - tags: - - always - -- name: Initialization Checkpoint End - hosts: localhost - connection: local - gather_facts: false - tasks: - - name: Set install initialization 'Complete' - set_stats: - data: - installer_phase_initialize: "Complete" - aggregate: false diff --git a/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml index 98953f72e..6d4ddf011 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml @@ -1,5 +1,5 @@ --- -- include: ../../evaluate_groups.yml +- include: ../../../../init/evaluate_groups.yml vars: # Do not allow adding hosts during upgrade. g_new_master_hosts: [] diff --git a/playbooks/common/openshift-cluster/upgrades/files/shared_resource_viewer_role.yaml b/playbooks/common/openshift-cluster/upgrades/files/shared_resource_viewer_role.yaml new file mode 100644 index 000000000..9c9c260fb --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/files/shared_resource_viewer_role.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: v1 +kind: Role +metadata: + name: shared-resource-viewer + namespace: openshift +rules: +- apiGroups: + - "" + - template.openshift.io + attributeRestrictions: null + resources: + - templates + verbs: + - get + - list + - watch +- apiGroups: + - "" + - image.openshift.io + attributeRestrictions: null + resources: + - imagestreamimages + - imagestreams + - imagestreamtags + verbs: + - get + - list + - watch +- apiGroups: + - "" + - image.openshift.io + attributeRestrictions: null + resources: + - imagestreams/layers + verbs: + - get diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml index 2826951e6..9981d905b 100644 --- a/playbooks/common/openshift-cluster/upgrades/init.yml +++ b/playbooks/common/openshift-cluster/upgrades/init.yml @@ -1,15 +1,20 @@ --- -- include: ../evaluate_groups.yml +- include: ../../../init/evaluate_groups.yml vars: # Do not allow adding hosts during upgrade. g_new_master_hosts: [] g_new_node_hosts: [] -- include: ../initialize_facts.yml +- include: ../../../init/facts.yml - name: Ensure firewall is not switched during upgrade hosts: oo_all_hosts + vars: + openshift_master_installed_version: "{{ hostvars[groups.oo_first_master.0].openshift.common.version }}" tasks: + - name: set currently installed version + set_fact: + openshift_currently_installed_version: "{{ openshift_master_installed_version }}" - name: Check if iptables is running command: systemctl status iptables changed_when: false diff --git a/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml index 72de63070..fc1cbf32a 100644 --- a/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml @@ -30,6 +30,7 @@ ansible_become: "{{ g_sudo | default(omit) }}" with_items: " {{ groups['oo_nodes_to_config'] }}" when: + - hostvars[item].openshift is defined - hostvars[item].openshift.common.hostname in nodes_to_upgrade.results.results[0]['items'] | map(attribute='metadata.name') | list changed_when: false diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index 07e521a89..c634e0ab8 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -85,6 +85,8 @@ roles: - openshift_manageiq + - role: openshift_project_request_template + when: openshift_project_request_template_manage # Create the new templates shipped in 3.2, existing templates are left # unmodified. This prevents the subsequent role definition for # openshift_examples from failing when trying to replace templates that do @@ -103,14 +105,20 @@ openshift_hosted_templates_import_command: replace # Check for warnings to be printed at the end of the upgrade: -- name: Check for warnings +- name: Clean up and display warnings hosts: oo_masters_to_config - tasks: + tags: + - always + gather_facts: no + roles: + - role: openshift_excluder + r_openshift_excluder_action: enable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" + post_tasks: # Check if any masters are using pluginOrderOverride and warn if so, only for 1.3/3.3 and beyond: - name: grep pluginOrderOverride command: grep pluginOrderOverride {{ openshift.common.config_base }}/master/master-config.yaml register: grep_plugin_order_override - when: openshift.common.version_gte_3_3_or_1_3 | bool changed_when: false failed_when: false @@ -121,12 +129,8 @@ - not grep_plugin_order_override | skipped - grep_plugin_order_override.rc == 0 -- name: Re-enable excluder if it was previously enabled - hosts: oo_masters_to_config - tags: - - always - gather_facts: no - roles: - - role: openshift_excluder - r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" + - name: Warn if shared-resource-viewer could not be updated + debug: + msg: "WARNING the shared-resource-viewer role could not be upgraded to 3.6 spec because it's marked protected, please see https://bugzilla.redhat.com/show_bug.cgi?id=1493213" + when: + - __shared_resource_viewer_protected | default(false) diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml index 45022cd61..6a5bc24f7 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml @@ -9,16 +9,29 @@ local_facts: ha: "{{ groups.oo_masters_to_config | length > 1 }}" - - name: Ensure HA Master is running - service: - name: "{{ openshift.common.service_type }}-master-api" - state: started - enabled: yes - when: openshift.common.is_containerized | bool + - when: openshift.common.is_containerized | bool + block: + - set_fact: + master_services: + - "{{ openshift.common.service_type }}-master" - - name: Ensure HA Master is running - service: - name: "{{ openshift.common.service_type }}-master-controllers" - state: started - enabled: yes - when: openshift.common.is_containerized | bool + # In case of the non-ha to ha upgrade. + - name: Check if the {{ openshift.common.service_type }}-master-api.service exists + command: > + systemctl list-units {{ openshift.common.service_type }}-master-api.service --no-legend + register: master_api_service_status + + - set_fact: + master_services: + - "{{ openshift.common.service_type }}-master-api" + - "{{ openshift.common.service_type }}-master-controllers" + when: + - master_api_service_status.stdout_lines | length > 0 + - (openshift.common.service_type + '-master-api.service') in master_api_service_status.stdout_lines[0] + + - name: Ensure Master is running + service: + name: "{{ item }}" + state: started + enabled: yes + with_items: "{{ master_services }}" diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_health_checks.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_health_checks.yml index ad6325ca0..2a8de50a2 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_health_checks.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_health_checks.yml @@ -1,12 +1,14 @@ --- -- name: Verify Host Requirements +- name: OpenShift Health Checks hosts: oo_all_hosts + any_errors_fatal: true roles: - openshift_health_checker vars: - r_openshift_health_checker_playbook_context: upgrade post_tasks: - - action: openshift_health_check + - name: Run health checks (upgrade) + action: openshift_health_check args: checks: - disk_availability diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml index 142ce5f3d..13fa37b09 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml @@ -4,6 +4,12 @@ msg: Verify OpenShift is already installed when: openshift.common.version is not defined +- name: Update oreg_auth docker login credentials if necessary + include_role: + name: docker + tasks_from: registry_auth.yml + when: oreg_auth_user is defined + - name: Verify containers are available for upgrade command: > docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} @@ -37,7 +43,7 @@ fail: msg: "OpenShift {{ avail_openshift_version }} is available, but {{ openshift_upgrade_target }} or greater is required" when: - - openshift_pkg_version | default('0.0', True) | version_compare(openshift_release, '<') + - (openshift_pkg_version | default('-0.0', True)).split('-')[1] | version_compare(openshift_release, '<') - name: Fail when openshift version does not meet minium requirement for Origin upgrade fail: diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index da47491c1..fa65567c2 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -3,22 +3,6 @@ # Upgrade Masters ############################################################################### -# oc adm migrate storage should be run prior to etcd v3 upgrade -# See: https://github.com/openshift/origin/pull/14625#issuecomment-308467060 -- name: Pre master upgrade - Upgrade all storage - hosts: oo_first_master - tasks: - - name: Upgrade all storage - command: > - {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig - migrate storage --include=* --confirm - register: l_pb_upgrade_control_plane_pre_upgrade_storage - when: openshift_upgrade_pre_storage_migration_enabled | default(true) | bool - failed_when: - - openshift_upgrade_pre_storage_migration_enabled | default(true) | bool - - l_pb_upgrade_control_plane_pre_upgrade_storage.rc != 0 - - openshift_upgrade_pre_storage_migration_fatal | default(true) | bool - # If facts cache were for some reason deleted, this fact may not be set, and if not set # it will always default to true. This causes problems for the etcd data dir fact detection # so we must first make sure this is set correctly before attempting the backup. @@ -31,7 +15,6 @@ role: master local_facts: embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" - debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level | default(2)) }}" - name: Upgrade and backup etcd include: ./etcd/main.yml @@ -49,6 +32,22 @@ - include: create_service_signer_cert.yml +# oc adm migrate storage should be run prior to etcd v3 upgrade +# See: https://github.com/openshift/origin/pull/14625#issuecomment-308467060 +- name: Pre master upgrade - Upgrade all storage + hosts: oo_first_master + tasks: + - name: Upgrade all storage + command: > + {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig + migrate storage --include=* --confirm + register: l_pb_upgrade_control_plane_pre_upgrade_storage + when: openshift_upgrade_pre_storage_migration_enabled | default(true) | bool + failed_when: + - openshift_upgrade_pre_storage_migration_enabled | default(true) | bool + - l_pb_upgrade_control_plane_pre_upgrade_storage.rc != 0 + - openshift_upgrade_pre_storage_migration_fatal | default(true) | bool + # Set openshift_master_facts separately. In order to reconcile # admission_config's, we currently must run openshift_master_facts and # then run openshift_facts. @@ -64,13 +63,9 @@ vars: openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" serial: 1 - handlers: - - include: ../../../../roles/openshift_master/handlers/main.yml - static: yes - roles: - - openshift_facts - - lib_utils - post_tasks: + tasks: + - include_role: + name: openshift_facts # Run the pre-upgrade hook if defined: - debug: msg="Running master pre-upgrade hook {{ openshift_master_upgrade_pre_hook }}" @@ -79,52 +74,9 @@ - include: "{{ openshift_master_upgrade_pre_hook }}" when: openshift_master_upgrade_pre_hook is defined - - include: rpm_upgrade.yml component=master - when: not openshift.common.is_containerized | bool - - - include_vars: ../../../../roles/openshift_master_facts/vars/main.yml - - - include: upgrade_scheduler.yml - - - include: "{{ master_config_hook }}" - when: master_config_hook is defined - - - include_vars: ../../../../roles/openshift_master/vars/main.yml - - - name: Remove any legacy systemd units and update systemd units - include: ../../../../roles/openshift_master/tasks/systemd_units.yml - - - name: Check for ca-bundle.crt - stat: - path: "{{ openshift.common.config_base }}/master/ca-bundle.crt" - register: ca_bundle_stat - failed_when: false - - - name: Check for ca.crt - stat: - path: "{{ openshift.common.config_base }}/master/ca.crt" - register: ca_crt_stat - failed_when: false - - - name: Migrate ca.crt to ca-bundle.crt - command: mv ca.crt ca-bundle.crt - args: - chdir: "{{ openshift.common.config_base }}/master" - when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists - - - name: Link ca.crt to ca-bundle.crt - file: - src: "{{ openshift.common.config_base }}/master/ca-bundle.crt" - path: "{{ openshift.common.config_base }}/master/ca.crt" - state: link - when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists - - - name: Update oreg value - yedit: - src: "{{ openshift.common.config_base }}/master/master-config.yaml" - key: 'imageConfig.format' - value: "{{ oreg_url | default(oreg_url_master) }}" - when: oreg_url is defined or oreg_url_master is defined + - include_role: + name: openshift_master + tasks_from: upgrade.yml # Run the upgrade hook prior to restarting services/system if defined: - debug: msg="Running master upgrade hook {{ openshift_master_upgrade_hook }}" @@ -151,7 +103,9 @@ {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig migrate storage --include=clusterpolicies --confirm register: l_pb_upgrade_control_plane_post_upgrade_storage - when: openshift_upgrade_post_storage_migration_enabled | default(true) | bool + when: + - openshift_upgrade_post_storage_migration_enabled | default(true) | bool + - openshift_version | version_compare('3.7','<') failed_when: - openshift_upgrade_post_storage_migration_enabled | default(true) | bool - l_pb_upgrade_control_plane_post_upgrade_storage.rc != 0 @@ -193,13 +147,14 @@ # Another spot where we assume docker is running and do not want to accidentally trigger an unsafe # restart. skip_docker_role: True + __master_shared_resource_viewer_file: "shared_resource_viewer_role.yaml" tasks: - name: Reconcile Cluster Roles command: > {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-roles --additive-only=true --confirm -o name register: reconcile_cluster_role_result - when: not openshift.common.version_gte_3_7 | bool + when: openshift_version | version_compare('3.7','<') changed_when: - reconcile_cluster_role_result.stdout != '' - reconcile_cluster_role_result.rc == 0 @@ -214,7 +169,7 @@ --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm -o name - when: not openshift.common.version_gte_3_7 | bool + when: openshift_version | version_compare('3.7','<') register: reconcile_bindings_result changed_when: - reconcile_bindings_result.stdout != '' @@ -229,7 +184,51 @@ changed_when: - reconcile_jenkins_role_binding_result.stdout != '' - reconcile_jenkins_role_binding_result.rc == 0 - when: (not openshift.common.version_gte_3_7 | bool) and (openshift.common.version_gte_3_4_or_1_4 | bool) + when: + - openshift_version | version_compare('3.7','<') + + - when: openshift_upgrade_target | version_compare('3.7','<') + block: + - name: Retrieve shared-resource-viewer + oc_obj: + state: list + kind: role + name: "shared-resource-viewer" + namespace: "openshift" + register: objout + + - name: Determine if shared-resource-viewer is protected + set_fact: + __shared_resource_viewer_protected: true + when: + - "'results' in objout" + - "'results' in objout['results']" + - "'annotations' in objout['results']['results'][0]['metadata']" + - "'openshift.io/reconcile-protect' in objout['results']['results'][0]['metadata']['annotations']" + - "objout['results']['results'][0]['metadata']['annotations']['openshift.io/reconcile-protect'] == 'true'" + - copy: + src: "{{ item }}" + dest: "/tmp/{{ item }}" + with_items: + - "{{ __master_shared_resource_viewer_file }}" + when: __shared_resource_viewer_protected is not defined + + - name: Fixup shared-resource-viewer role + oc_obj: + state: present + kind: role + name: "shared-resource-viewer" + namespace: "openshift" + files: + - "/tmp/{{ __master_shared_resource_viewer_file }}" + delete_after: true + when: __shared_resource_viewer_protected is not defined + register: result + retries: 3 + delay: 5 + until: result.rc == 0 + ignore_errors: true + - name: Reconcile Security Context Constraints command: > @@ -318,13 +317,13 @@ delay: 60 roles: - - lib_openshift - openshift_facts - - docker - - openshift_node_dnsmasq - - openshift_node_upgrade - post_tasks: + - include_role: + name: openshift_node + tasks_from: upgrade.yml + vars: + openshift_node_upgrade_in_progress: True - name: Set node schedulability oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml index c93a5d89c..5dc8193a7 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml @@ -34,16 +34,18 @@ delay: 60 roles: - - lib_openshift - openshift_facts - - docker - - openshift_node_dnsmasq - - openshift_node_upgrade - - role: openshift_excluder - r_openshift_excluder_action: enable - r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - post_tasks: + - include_role: + name: openshift_node + tasks_from: upgrade.yml + vars: + openshift_node_upgrade_in_progress: True + - include_role: + name: openshift_excluder + vars: + r_openshift_excluder_action: enable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - name: Set node schedulability oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml deleted file mode 100644 index d69472fad..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.acceptContentTypes' - yaml_value: 'application/vnd.kubernetes.protobuf,application/json' - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.contentType' - yaml_value: 'application/vnd.kubernetes.protobuf' - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.burst' - yaml_value: 400 - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.qps' - yaml_value: 200 - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.acceptContentTypes' - yaml_value: 'application/vnd.kubernetes.protobuf,application/json' - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.contentType' - yaml_value: 'application/vnd.kubernetes.protobuf' - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.burst' - yaml_value: 600 - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.qps' - yaml_value: 300 - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'controllerConfig.servicesServingCert.signer.certFile' - yaml_value: service-signer.crt - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'controllerConfig.servicesServingCert.signer.keyFile' - yaml_value: service-signer.key - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'admissionConfig.pluginConfig' - yaml_value: "{{ openshift.master.admission_plugin_config }}" - when: "'admission_plugin_config' in openshift.master" - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'admissionConfig.pluginOrderOverride' - yaml_value: - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'kubernetesMasterConfig.admissionConfig' - yaml_value: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml deleted file mode 100644 index 89b524f14..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- modify_yaml: - dest: "{{ openshift.common.config_base}}/node/node-config.yaml" - yaml_key: 'masterClientConnectionOverrides.acceptContentTypes' - yaml_value: 'application/vnd.kubernetes.protobuf,application/json' - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/node/node-config.yaml" - yaml_key: 'masterClientConnectionOverrides.contentType' - yaml_value: 'application/vnd.kubernetes.protobuf' - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/node/node-config.yaml" - yaml_key: 'masterClientConnectionOverrides.burst' - yaml_value: 40 - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/node/node-config.yaml" - yaml_key: 'masterClientConnectionOverrides.qps' - yaml_value: 20 diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/roles b/playbooks/common/openshift-cluster/upgrades/v3_3/roles deleted file mode 120000 index 6bc1a7aef..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/roles +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade.yml deleted file mode 100644 index a241ef039..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade.yml +++ /dev/null @@ -1,118 +0,0 @@ ---- -# -# Full Control Plane + Nodes Upgrade -# -- include: ../init.yml - tags: - - pre_upgrade - -- name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_upgrade_target: "{{ '1.3' if deployment_type == 'origin' else '3.3' }}" - openshift_upgrade_min: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" - -# Pre-upgrade - -- include: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos and initialize facts on all hosts - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- include: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- include: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- include: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- include: ../../initialize_openshift_version.yml - tags: - - pre_upgrade - vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - - # We skip the docker role at this point in upgrade to prevent - # unintended package, container, or config upgrades which trigger - # docker restarts. At this early stage of upgrade we can assume - # docker is configured and running. - skip_docker_role: True - -- include: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- include: ../../../openshift-master/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tasks: - - include: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config - tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- include: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. - -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config - tasks: - - include: ../cleanup_unused_images.yml - -- include: ../upgrade_control_plane.yml - vars: - master_config_hook: "v3_3/master_config_upgrade.yml" - -- include: ../upgrade_nodes.yml - vars: - node_config_hook: "v3_3/node_config_upgrade.yml" - -- include: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml deleted file mode 100644 index f64f0e003..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml +++ /dev/null @@ -1,119 +0,0 @@ ---- -# -# Control Plane Upgrade Playbook -# -# Upgrades masters and Docker (only on standalone etcd hosts) -# -# This upgrade does not include: -# - node service running on masters -# - docker running on masters -# - node service running on dedicated nodes -# -# You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. -# -- include: ../init.yml - tags: - - pre_upgrade - -- name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_upgrade_target: "{{ '1.3' if deployment_type == 'origin' else '3.3' }}" - openshift_upgrade_min: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" - -# Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos on control plane hosts - hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- include: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- include: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- include: ../../initialize_openshift_version.yml - tags: - - pre_upgrade - vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - openshift_install_base_package_group: "oo_masters_to_config" - - # We skip the docker role at this point in upgrade to prevent - # unintended package, container, or config upgrades which trigger - # docker restarts. At this early stage of upgrade we can assume - # docker is configured and running. - skip_docker_role: True - -- include: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- include: ../../../openshift-master/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config - tasks: - - include: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_etcd_to_config - tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- include: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. - -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_masters_to_config:oo_etcd_to_config - tasks: - - include: ../cleanup_unused_images.yml - -- include: ../upgrade_control_plane.yml - vars: - master_config_hook: "v3_3/master_config_upgrade.yml" - -- include: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml deleted file mode 100644 index cee4e9087..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml +++ /dev/null @@ -1,113 +0,0 @@ ---- -# -# Node Upgrade Playbook -# -# Upgrades nodes only, but requires the control plane to have already been upgraded. -# -- include: ../init.yml - tags: - - pre_upgrade - -- name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_upgrade_target: "{{ '1.3' if deployment_type == 'origin' else '3.3' }}" - openshift_upgrade_min: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}" - -# Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos on nodes - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - roles: - - openshift_repos - tags: - - pre_upgrade - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_upgrade'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- include: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- include: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- include: ../../initialize_openshift_version.yml - tags: - - pre_upgrade - vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - - # We skip the docker role at this point in upgrade to prevent - # unintended package, container, or config upgrades which trigger - # docker restarts. At this early stage of upgrade we can assume - # docker is configured and running. - skip_docker_role: True - -- name: Verify masters are already upgraded - hosts: oo_masters_to_config - tags: - - pre_upgrade - tasks: - - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." - when: openshift.common.version != openshift_version - -- include: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- include: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. - -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_nodes_to_upgrade - tasks: - - include: ../cleanup_unused_images.yml - -- include: ../upgrade_nodes.yml - vars: - node_config_hook: "v3_3/node_config_upgrade.yml" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml deleted file mode 100644 index ed89dbe8d..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'admissionConfig.pluginConfig' - yaml_value: "{{ openshift.master.admission_plugin_config }}" - when: "'admission_plugin_config' in openshift.master" - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'admissionConfig.pluginOrderOverride' - yaml_value: - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'kubernetesMasterConfig.admissionConfig' - yaml_value: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/roles b/playbooks/common/openshift-cluster/upgrades/v3_4/roles deleted file mode 120000 index 6bc1a7aef..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_4/roles +++ /dev/null @@ -1 +0,0 @@ -../../../../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade.yml deleted file mode 100644 index ae217ba2e..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- -# -# Full Control Plane + Nodes Upgrade -# -- include: ../init.yml - tags: - - pre_upgrade - -- name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_upgrade_target: "{{ '1.4' if deployment_type == 'origin' else '3.4' }}" - openshift_upgrade_min: "{{ '1.3' if deployment_type == 'origin' else '3.3' }}" - -# Pre-upgrade - -- include: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos and initialize facts on all hosts - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- include: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- include: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- include: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- include: ../../initialize_openshift_version.yml - tags: - - pre_upgrade - vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - - # We skip the docker role at this point in upgrade to prevent - # unintended package, container, or config upgrades which trigger - # docker restarts. At this early stage of upgrade we can assume - # docker is configured and running. - skip_docker_role: True - -- include: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- include: ../../../openshift-master/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tasks: - - include: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config - tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- include: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. - -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config - tasks: - - include: ../cleanup_unused_images.yml - -- include: ../upgrade_control_plane.yml - vars: - master_config_hook: "v3_4/master_config_upgrade.yml" - -- include: ../upgrade_nodes.yml - -- include: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml deleted file mode 100644 index 43da5b629..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml +++ /dev/null @@ -1,119 +0,0 @@ ---- -# -# Control Plane Upgrade Playbook -# -# Upgrades masters and Docker (only on standalone etcd hosts) -# -# This upgrade does not include: -# - node service running on masters -# - docker running on masters -# - node service running on dedicated nodes -# -# You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. -# -- include: ../init.yml - tags: - - pre_upgrade - -- name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_upgrade_target: "{{ '1.4' if deployment_type == 'origin' else '3.4' }}" - openshift_upgrade_min: "{{ '1.3' if deployment_type == 'origin' else '3.3' }}" - -# Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos on control plane hosts - hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- include: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- include: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- include: ../../initialize_openshift_version.yml - tags: - - pre_upgrade - vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - openshift_install_base_package_group: "oo_masters_to_config" - - # We skip the docker role at this point in upgrade to prevent - # unintended package, container, or config upgrades which trigger - # docker restarts. At this early stage of upgrade we can assume - # docker is configured and running. - skip_docker_role: True - -- include: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- include: ../../../openshift-master/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config - tasks: - - include: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_etcd_to_config - tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- include: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. - -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_masters_to_config:oo_etcd_to_config - tasks: - - include: ../cleanup_unused_images.yml - -- include: ../upgrade_control_plane.yml - vars: - master_config_hook: "v3_4/master_config_upgrade.yml" - -- include: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/master_config_upgrade.yml deleted file mode 100644 index ed89dbe8d..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/master_config_upgrade.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'admissionConfig.pluginConfig' - yaml_value: "{{ openshift.master.admission_plugin_config }}" - when: "'admission_plugin_config' in openshift.master" - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'admissionConfig.pluginOrderOverride' - yaml_value: - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'kubernetesMasterConfig.admissionConfig' - yaml_value: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml deleted file mode 100644 index e29d0f8e6..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -# -# Node Upgrade Playbook -# -# Upgrades nodes only, but requires the control plane to have already been upgraded. -# -- include: ../init.yml - tags: - - pre_upgrade - -- name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_upgrade_target: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" - openshift_upgrade_min: "{{ '1.4' if deployment_type == 'origin' else '3.4' }}" - -# Pre-upgrade -- include: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos on nodes - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - roles: - - openshift_repos - tags: - - pre_upgrade - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_upgrade'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- include: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- include: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- include: ../../initialize_openshift_version.yml - tags: - - pre_upgrade - vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - - # We skip the docker role at this point in upgrade to prevent - # unintended package, container, or config upgrades which trigger - # docker restarts. At this early stage of upgrade we can assume - # docker is configured and running. - skip_docker_role: True - -- name: Verify masters are already upgraded - hosts: oo_masters_to_config - tags: - - pre_upgrade - tasks: - - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." - when: openshift.common.version != openshift_version - -- include: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- include: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. - -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_nodes_to_upgrade - tasks: - - include: ../cleanup_unused_images.yml - -- include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/validator.yml deleted file mode 100644 index ae63c9ca9..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/validator.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -############################################################################### -# Pre upgrade checks for known data problems, if this playbook fails you should -# contact support. If you're not supported contact users@lists.openshift.com -# -# oc_objectvalidator provides these two checks -# 1 - SDN Data issues, never seen in the wild but known possible due to code audits -# https://github.com/openshift/origin/issues/12697 -# 2 - Namespace protections, https://bugzilla.redhat.com/show_bug.cgi?id=1428934 -# -############################################################################### -- name: Verify 3.5 specific upgrade checks - hosts: oo_first_master - roles: - - { role: lib_openshift } - tasks: - - name: Check for invalid namespaces and SDN errors - oc_objectvalidator: - - # What's all this PetSet business about? - # - # 'PetSets' were ALPHA resources in Kube <= 3.4. In >= 3.5 they are - # no longer supported. The BETA resource 'StatefulSets' replaces - # them. We can't migrate clients PetSets to - # StatefulSets. Additionally, Red Hat has never officially supported - # these resource types. Sorry users, but if you were using - # unsupported resources from the Kube documentation then we can't - # help you at this time. - # - # Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1428229 - - name: Check if legacy PetSets exist - oc_obj: - state: list - all_namespaces: true - kind: petsets - register: l_do_petsets_exist - - - name: Fail on unsupported resource migration 'PetSets' - fail: - msg: > - PetSet objects were detected in your cluster. These are an - Alpha feature in upstream Kubernetes 1.4 and are not supported - by Red Hat. In Kubernetes 1.5, they are replaced by the Beta - feature StatefulSets. Red Hat currently does not offer support - for either PetSets or StatefulSets. - - Automatically migrating PetSets to StatefulSets in OpenShift - Container Platform (OCP) 3.5 is not supported. See the - Kubernetes "Upgrading from PetSets to StatefulSets" - documentation for additional information: - - https://kubernetes.io/docs/tasks/manage-stateful-set/upgrade-pet-set-to-stateful-set/ - - PetSets MUST be removed before upgrading to OCP 3.5. Red Hat - strongly recommends reading the above referenced documentation - in its entirety before taking any destructive actions. - - If you want to simply remove all PetSets without manually - migrating to StatefulSets, run this command as a user with - cluster-admin privileges: - - $ oc get petsets --all-namespaces -o yaml | oc delete -f - --cascade=false - when: - # Search did not fail, valid resource type found - - l_do_petsets_exist.results.returncode == 0 - # Items do exist in the search results - - l_do_petsets_exist.results.results.0['items'] | length > 0 diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml deleted file mode 100644 index ed89dbe8d..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'admissionConfig.pluginConfig' - yaml_value: "{{ openshift.master.admission_plugin_config }}" - when: "'admission_plugin_config' in openshift.master" - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'admissionConfig.pluginOrderOverride' - yaml_value: - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'kubernetesMasterConfig.admissionConfig' - yaml_value: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml index 920dc2ffc..ef52f214b 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -63,7 +63,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -116,6 +116,8 @@ - include: ../cleanup_unused_images.yml - include: ../upgrade_control_plane.yml + vars: + master_config_hook: "v3_6/master_config_upgrade.yml" - include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 27d8515dc..4c6646a38 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -67,7 +67,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -76,7 +76,6 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False - openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml index ba6fcc3f8..f25cfe0d0 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml @@ -56,7 +56,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml deleted file mode 100644 index ed89dbe8d..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'admissionConfig.pluginConfig' - yaml_value: "{{ openshift.master.admission_plugin_config }}" - when: "'admission_plugin_config' in openshift.master" - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'admissionConfig.pluginOrderOverride' - yaml_value: - -- modify_yaml: - dest: "{{ openshift.common.config_base}}/master/master-config.yaml" - yaml_key: 'kubernetesMasterConfig.admissionConfig' - yaml_value: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml index f1ca1edb9..e3c012380 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -67,7 +67,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -120,6 +120,22 @@ - include: ../cleanup_unused_images.yml - include: ../upgrade_control_plane.yml + vars: + master_config_hook: "v3_7/master_config_upgrade.yml" + +# All controllers must be stopped at the same time then restarted +- name: Cycle all controller services to force new leader election mode + hosts: oo_masters_to_config + gather_facts: no + tasks: + - name: Stop {{ openshift.common.service_type }}-master-controllers + systemd: + name: "{{ openshift.common.service_type }}-master-controllers" + state: stopped + - name: Start {{ openshift.common.service_type }}-master-controllers + systemd: + name: "{{ openshift.common.service_type }}-master-controllers" + state: started - include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index 6c4f9671b..a88fa7b2e 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -71,7 +71,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -80,7 +80,6 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False - openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger @@ -128,4 +127,18 @@ vars: master_config_hook: "v3_7/master_config_upgrade.yml" +# All controllers must be stopped at the same time then restarted +- name: Cycle all controller services to force new leader election mode + hosts: oo_masters_to_config + gather_facts: no + tasks: + - name: Stop {{ openshift.common.service_type }}-master-controllers + systemd: + name: "{{ openshift.common.service_type }}-master-controllers" + state: stopped + - name: Start {{ openshift.common.service_type }}-master-controllers + systemd: + name: "{{ openshift.common.service_type }}-master-controllers" + state: started + - include: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml index bc080f9a3..c0546bd2d 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml @@ -56,7 +56,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml index f76fc68d1..74d0cd8ad 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml @@ -11,13 +11,15 @@ tasks: - name: Check for invalid namespaces and SDN errors oc_objectvalidator: - + # DO NOT DISABLE THIS, YOUR UPGRADE WILL FAIL IF YOU DO SO - name: Confirm OpenShift authorization objects are in sync command: > {{ openshift.common.client_binary }} adm migrate authorization - when: not openshift.common.version_gte_3_7 | bool + when: + - openshift_currently_installed_version | version_compare('3.7','<') + - openshift_upgrade_pre_authorization_migration_enabled | default(true) | bool changed_when: false register: l_oc_result until: l_oc_result.rc == 0 - retries: 4 + retries: 2 delay: 15 diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_8/filter_plugins index 7de3c1dd7..7de3c1dd7 120000 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/filter_plugins +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/filter_plugins diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/master_config_upgrade.yml new file mode 100644 index 000000000..1d4d1919c --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/master_config_upgrade.yml @@ -0,0 +1,20 @@ +--- +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.election.lockName' + yaml_value: 'openshift-master-controllers' + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.serviceServingCert.signer.certFile' + yaml_value: service-signer.crt + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile' + yaml_value: service-signer.key + +- modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: ca.crt diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/roles b/playbooks/common/openshift-cluster/upgrades/v3_8/roles index 415645be6..415645be6 120000 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/roles +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/roles diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml index 30e719d8f..73df15d53 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml @@ -12,8 +12,8 @@ - pre_upgrade tasks: - set_fact: - openshift_upgrade_target: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" - openshift_upgrade_min: "{{ '1.4' if deployment_type == 'origin' else '3.4' }}" + openshift_upgrade_target: '3.8' + openshift_upgrade_min: '3.7' # Pre-upgrade @@ -21,6 +21,10 @@ tags: - pre_upgrade +- include: ../pre/verify_etcd3_backend.yml + tags: + - pre_upgrade + - name: Update repos and initialize facts on all hosts hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config tags: @@ -47,6 +51,10 @@ tags: - pre_upgrade +- include: ../pre/verify_health_checks.yml + tags: + - pre_upgrade + - include: ../pre/verify_control_plane_running.yml tags: - pre_upgrade @@ -59,7 +67,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -112,6 +120,22 @@ - include: ../cleanup_unused_images.yml - include: ../upgrade_control_plane.yml + vars: + master_config_hook: "v3_7/master_config_upgrade.yml" + +# All controllers must be stopped at the same time then restarted +- name: Cycle all controller services to force new leader election mode + hosts: oo_masters_to_config + gather_facts: no + tasks: + - name: Stop {{ openshift.common.service_type }}-master-controllers + systemd: + name: "{{ openshift.common.service_type }}-master-controllers" + state: stopped + - name: Start {{ openshift.common.service_type }}-master-controllers + systemd: + name: "{{ openshift.common.service_type }}-master-controllers" + state: started - include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml index e9cec9220..48d55c16f 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml @@ -21,14 +21,18 @@ - pre_upgrade tasks: - set_fact: - openshift_upgrade_target: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" - openshift_upgrade_min: "{{ '1.4' if deployment_type == 'origin' else '3.4' }}" + openshift_upgrade_target: '3.8' + openshift_upgrade_min: '3.7' # Pre-upgrade - include: ../initialize_nodes_to_upgrade.yml tags: - pre_upgrade +- include: ../pre/verify_etcd3_backend.yml + tags: + - pre_upgrade + - name: Update repos on control plane hosts hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config tags: @@ -55,6 +59,10 @@ tags: - pre_upgrade +- include: ../pre/verify_health_checks.yml + tags: + - pre_upgrade + - include: ../pre/verify_control_plane_running.yml tags: - pre_upgrade @@ -63,7 +71,7 @@ tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: @@ -72,7 +80,6 @@ # defined, and overriding the normal behavior of protecting the installed version openshift_release: "{{ openshift_upgrade_target }}" openshift_protect_installed_version: False - openshift_install_base_package_group: "oo_masters_to_config" # We skip the docker role at this point in upgrade to prevent # unintended package, container, or config upgrades which trigger @@ -118,6 +125,20 @@ - include: ../upgrade_control_plane.yml vars: - master_config_hook: "v3_5/master_config_upgrade.yml" + master_config_hook: "v3_7/master_config_upgrade.yml" + +# All controllers must be stopped at the same time then restarted +- name: Cycle all controller services to force new leader election mode + hosts: oo_masters_to_config + gather_facts: no + tasks: + - name: Stop {{ openshift.common.service_type }}-master-controllers + systemd: + name: "{{ openshift.common.service_type }}-master-controllers" + state: stopped + - name: Start {{ openshift.common.service_type }}-master-controllers + systemd: + name: "{{ openshift.common.service_type }}-master-controllers" + state: started - include: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml index 8531e6045..abd56e762 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml @@ -14,8 +14,8 @@ - pre_upgrade tasks: - set_fact: - openshift_upgrade_target: "{{ '1.4' if deployment_type == 'origin' else '3.4' }}" - openshift_upgrade_min: "{{ '1.3' if deployment_type == 'origin' else '3.3' }}" + openshift_upgrade_target: '3.8' + openshift_upgrade_min: '3.7' # Pre-upgrade - include: ../initialize_nodes_to_upgrade.yml @@ -48,11 +48,15 @@ tags: - pre_upgrade +- include: ../pre/verify_health_checks.yml + tags: + - pre_upgrade + - include: ../disable_node_excluders.yml tags: - pre_upgrade -- include: ../../initialize_openshift_version.yml +- include: ../../../../init/version.yml tags: - pre_upgrade vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/validator.yml new file mode 100644 index 000000000..d8540abfb --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/validator.yml @@ -0,0 +1,7 @@ +--- +- name: Verify 3.8 specific upgrade checks + hosts: oo_first_master + roles: + - { role: lib_openshift } + tasks: + - debug: msg="noop" diff --git a/playbooks/common/openshift-etcd/certificates.yml b/playbooks/common/openshift-etcd/certificates.yml index 31a0f50d8..eb6b94f33 100644 --- a/playbooks/common/openshift-etcd/certificates.yml +++ b/playbooks/common/openshift-etcd/certificates.yml @@ -1,29 +1,4 @@ --- -- name: Create etcd server certificates for etcd hosts - hosts: oo_etcd_to_config - any_errors_fatal: true - roles: - - role: openshift_etcd_facts - post_tasks: - - include_role: - name: etcd - tasks_from: server_certificates - vars: - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" - etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" - etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" +- include: server_certificates.yml -- name: Create etcd client certificates for master hosts - hosts: oo_masters_to_config - any_errors_fatal: true - roles: - - role: openshift_etcd_facts - - role: openshift_etcd_client_certificates - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" - etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}" - etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" - etcd_cert_prefix: "master.etcd-" - openshift_ca_host: "{{ groups.oo_first_master.0 }}" - r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config +- include: master_etcd_certificates.yml diff --git a/playbooks/common/openshift-etcd/config.yml b/playbooks/common/openshift-etcd/config.yml index 2cae231b4..3fe483785 100644 --- a/playbooks/common/openshift-etcd/config.yml +++ b/playbooks/common/openshift-etcd/config.yml @@ -1,14 +1,19 @@ --- - name: etcd Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set etcd install 'In Progress' + run_once: true set_stats: data: - installer_phase_etcd: "In Progress" - aggregate: false + installer_phase_etcd: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" + +- include: ca.yml + +- include: certificates.yml - name: Configure etcd hosts: oo_etcd_to_config @@ -23,12 +28,13 @@ - role: nickhammond.logrotate - name: etcd Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set etcd install 'Complete' + run_once: true set_stats: data: - installer_phase_etcd: "Complete" - aggregate: false + installer_phase_etcd: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-etcd/embedded2external.yml b/playbooks/common/openshift-etcd/embedded2external.yml new file mode 100644 index 000000000..b16b78c4f --- /dev/null +++ b/playbooks/common/openshift-etcd/embedded2external.yml @@ -0,0 +1,172 @@ +--- +- name: Pre-migrate checks + hosts: localhost + tasks: + # Check there is only one etcd host + - assert: + that: groups.oo_etcd_to_config | default([]) | length == 1 + msg: "[etcd] group must contain only one host" + # Check there is only one master + - assert: + that: groups.oo_masters_to_config | default([]) | length == 1 + msg: "[master] group must contain only one host" + +# 1. stop a master +- name: Prepare masters for etcd data migration + hosts: oo_first_master + roles: + - role: openshift_facts + tasks: + - name: Check the master API is ready + include_role: + name: openshift_master + tasks_from: check_master_api_is_ready + - set_fact: + master_service: "{{ openshift.common.service_type + '-master' }}" + embedded_etcd_backup_suffix: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" + - debug: + msg: "master service name: {{ master_service }}" + - name: Stop master + service: + name: "{{ master_service }}" + state: stopped + # 2. backup embedded etcd + # Can't use with_items with include_role: https://github.com/ansible/ansible/issues/21285 + - include_role: + name: etcd + tasks_from: backup + vars: + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + r_etcd_common_backup_tag: pre-migrate + r_etcd_common_embedded_etcd: "{{ true }}" + r_etcd_common_backup_sufix_name: "{{ embedded_etcd_backup_suffix }}" + + - include_role: + name: etcd + tasks_from: backup.archive + vars: + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + r_etcd_common_backup_tag: pre-migrate + r_etcd_common_embedded_etcd: "{{ true }}" + r_etcd_common_backup_sufix_name: "{{ embedded_etcd_backup_suffix }}" + +# 3. deploy certificates (for etcd and master) +- include: ca.yml + +- include: server_certificates.yml + +- name: Backup etcd client certificates for master host + hosts: oo_first_master + tasks: + - include_role: + name: etcd + tasks_from: backup_master_etcd_certificates + +- name: Redeploy master etcd certificates + include: master_etcd_certificates.yml + vars: + etcd_certificates_redeploy: "{{ true }}" + +# 4. deploy external etcd +- include: ../openshift-etcd/config.yml + +# 5. stop external etcd +- name: Cleanse etcd + hosts: oo_etcd_to_config[0] + gather_facts: no + pre_tasks: + - include_role: + name: etcd + tasks_from: disable_etcd + vars: + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + - include_role: + name: etcd + tasks_from: clean_data + vars: + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + +# 6. copy the embedded etcd backup to the external host +# TODO(jchaloup): if the etcd and first master are on the same host, just copy the directory +- name: Copy embedded etcd backup to the external host + hosts: localhost + tasks: + - name: Create local temp directory for syncing etcd backup + local_action: command mktemp -d /tmp/etcd_backup-XXXXXXX + register: g_etcd_client_mktemp + changed_when: False + become: no + + - include_role: + name: etcd + tasks_from: backup.fetch + vars: + r_etcd_common_etcd_runtime: "{{ hostvars[groups.oo_first_master.0].openshift.common.etcd_runtime }}" + etcd_backup_sync_directory: "{{ g_etcd_client_mktemp.stdout }}" + r_etcd_common_backup_tag: pre-migrate + r_etcd_common_embedded_etcd: "{{ true }}" + r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" + delegate_to: "{{ groups.oo_first_master[0] }}" + + - include_role: + name: etcd + tasks_from: backup.copy + vars: + r_etcd_common_etcd_runtime: "{{ hostvars[groups.oo_etcd_to_config.0].openshift.common.etcd_runtime }}" + etcd_backup_sync_directory: "{{ g_etcd_client_mktemp.stdout }}" + r_etcd_common_backup_tag: pre-migrate + r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" + delegate_to: "{{ groups.oo_etcd_to_config[0] }}" + + - debug: + msg: "etcd_backup_dest_directory: {{ g_etcd_client_mktemp.stdout }}" + + - name: Delete temporary directory + local_action: file path="{{ g_etcd_client_mktemp.stdout }}" state=absent + changed_when: False + become: no + +# 7. force new cluster from the backup +- name: Force new etcd cluster + hosts: oo_etcd_to_config[0] + tasks: + - include_role: + name: etcd + tasks_from: backup.unarchive + vars: + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + r_etcd_common_backup_tag: pre-migrate + r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" + + - include_role: + name: etcd + tasks_from: backup.force_new_cluster + vars: + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + r_etcd_common_backup_tag: pre-migrate + r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" + etcd_peer: "{{ openshift.common.ip }}" + etcd_url_scheme: "https" + etcd_peer_url_scheme: "https" + +# 8. re-configure master to use the external etcd +- name: Configure master to use external etcd + hosts: oo_first_master + tasks: + - include_role: + name: openshift_master + tasks_from: configure_external_etcd + vars: + etcd_peer_url_scheme: "https" + etcd_ip: "{{ hostvars[groups.oo_etcd_to_config.0].openshift.common.ip }}" + etcd_peer_port: 2379 + + # 9. start the master + - name: Start master + service: + name: "{{ master_service }}" + state: started + register: service_status + until: service_status.state is defined and service_status.state == "started" + retries: 5 + delay: 10 diff --git a/playbooks/common/openshift-etcd/master_etcd_certificates.yml b/playbooks/common/openshift-etcd/master_etcd_certificates.yml new file mode 100644 index 000000000..0a25aac57 --- /dev/null +++ b/playbooks/common/openshift-etcd/master_etcd_certificates.yml @@ -0,0 +1,14 @@ +--- +- name: Create etcd client certificates for master hosts + hosts: oo_masters_to_config + any_errors_fatal: true + roles: + - role: openshift_etcd_facts + - role: openshift_etcd_client_certificates + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}" + etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" + etcd_cert_prefix: "master.etcd-" + openshift_ca_host: "{{ groups.oo_first_master.0 }}" + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" + when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config diff --git a/playbooks/common/openshift-etcd/migrate.yml b/playbooks/common/openshift-etcd/migrate.yml index 2456ad3a8..31362f2f6 100644 --- a/playbooks/common/openshift-etcd/migrate.yml +++ b/playbooks/common/openshift-etcd/migrate.yml @@ -1,4 +1,17 @@ --- +- name: Check if the master has embedded etcd + hosts: localhost + connection: local + become: no + gather_facts: no + tags: + - always + tasks: + - fail: + msg: "Migration of an embedded etcd is not supported. Please, migrate the embedded etcd into an external etcd first." + when: + - groups.oo_etcd_to_config | default([]) | length == 0 + - name: Run pre-checks hosts: oo_etcd_to_migrate tasks: @@ -60,12 +73,11 @@ hosts: oo_etcd_to_migrate gather_facts: no pre_tasks: - - set_fact: - l_etcd_service: "{{ 'etcd_container' if openshift.common.is_containerized else 'etcd' }}" - - name: Disable etcd members - service: - name: "{{ l_etcd_service }}" - state: stopped + - include_role: + name: etcd + tasks_from: disable_etcd + vars: + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - name: Migrate data on first etcd hosts: oo_etcd_to_migrate[0] diff --git a/playbooks/common/openshift-etcd/scaleup.yml b/playbooks/common/openshift-etcd/scaleup.yml index b5ba2bbba..20061366c 100644 --- a/playbooks/common/openshift-etcd/scaleup.yml +++ b/playbooks/common/openshift-etcd/scaleup.yml @@ -46,7 +46,7 @@ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" etcd_initial_cluster_state: "existing" - initial_etcd_cluster: "{{ etcd_add_check.stdout_lines[3] | regex_replace('ETCD_INITIAL_CLUSTER=','') | regex_replace('\"','') }}" + etcd_initial_cluster: "{{ etcd_add_check.stdout_lines[3] | regex_replace('ETCD_INITIAL_CLUSTER=','') | regex_replace('\"','') }}" etcd_ca_setup: False r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" - role: nickhammond.logrotate @@ -71,7 +71,7 @@ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" openshift_ca_host: "{{ groups.oo_first_master.0 }}" openshift_master_etcd_hosts: "{{ hostvars - | oo_select_keys(groups['oo_etcd_to_config'] | union(groups['oo_new_etcd_to_config'])) + | oo_select_keys(groups['oo_etcd_to_config'] | union(groups['oo_new_etcd_to_config'] | default([]) )) | oo_collect('openshift.common.hostname') | default(none, true) }}" openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}" diff --git a/playbooks/common/openshift-etcd/server_certificates.yml b/playbooks/common/openshift-etcd/server_certificates.yml new file mode 100644 index 000000000..10e06747b --- /dev/null +++ b/playbooks/common/openshift-etcd/server_certificates.yml @@ -0,0 +1,15 @@ +--- +- name: Create etcd server certificates for etcd hosts + hosts: oo_etcd_to_config + any_errors_fatal: true + roles: + - role: openshift_etcd_facts + post_tasks: + - include_role: + name: etcd + tasks_from: server_certificates + vars: + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" + etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" + r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" diff --git a/playbooks/common/openshift-glusterfs/config.yml b/playbooks/common/openshift-glusterfs/config.yml index 516618de2..19e14ab3e 100644 --- a/playbooks/common/openshift-glusterfs/config.yml +++ b/playbooks/common/openshift-glusterfs/config.yml @@ -1,14 +1,15 @@ --- - name: GlusterFS Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set GlusterFS install 'In Progress' + run_once: true set_stats: data: - installer_phase_glusterfs: "In Progress" - aggregate: false + installer_phase_glusterfs: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - name: Open firewall ports for GlusterFS nodes hosts: glusterfs @@ -18,6 +19,11 @@ tasks_from: firewall.yml when: - openshift_storage_glusterfs_is_native | default(True) | bool + - include_role: + name: openshift_storage_glusterfs + tasks_from: kernel_modules.yml + when: + - openshift_storage_glusterfs_is_native | default(True) | bool - name: Open firewall ports for GlusterFS registry nodes hosts: glusterfs_registry @@ -27,6 +33,11 @@ tasks_from: firewall.yml when: - openshift_storage_glusterfs_registry_is_native | default(True) | bool + - include_role: + name: openshift_storage_glusterfs + tasks_from: kernel_modules.yml + when: + - openshift_storage_glusterfs_registry_is_native | default(True) | bool - name: Configure GlusterFS hosts: oo_first_master @@ -37,12 +48,13 @@ when: groups.oo_glusterfs_to_config | default([]) | count > 0 - name: GlusterFS Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set GlusterFS install 'Complete' + run_once: true set_stats: data: - installer_phase_glusterfs: "Complete" - aggregate: false + installer_phase_glusterfs: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-loadbalancer/config.yml b/playbooks/common/openshift-loadbalancer/config.yml index ecbb092bc..d737b836b 100644 --- a/playbooks/common/openshift-loadbalancer/config.yml +++ b/playbooks/common/openshift-loadbalancer/config.yml @@ -1,14 +1,24 @@ --- - name: Load Balancer Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set load balancer install 'In Progress' + run_once: true set_stats: data: - installer_phase_loadbalancer: "In Progress" - aggregate: false + installer_phase_loadbalancer: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" + +- name: Configure firewall and docker for load balancers + hosts: oo_lb_to_config:!oo_masters_to_config:!oo_nodes_to_config + vars: + openshift_image_tag: "{{ hostvars[groups.oo_first_master.0].openshift_image_tag }}" + roles: + - role: os_firewall + - role: openshift_docker + when: openshift.common.is_containerized | default(False) | bool and not skip_docker_role | default(False) | bool - name: Configure load balancers hosts: oo_lb_to_config @@ -25,16 +35,17 @@ + openshift_loadbalancer_additional_backends | default([]) }}" openshift_image_tag: "{{ hostvars[groups.oo_first_master.0].openshift_image_tag }}" roles: - - role: os_firewall - role: openshift_loadbalancer + - role: tuned - name: Load Balancer Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set load balancer install 'Complete' + run_once: true set_stats: data: - installer_phase_loadbalancer: "Complete" - aggregate: false + installer_phase_loadbalancer: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-management/add_container_provider.yml b/playbooks/common/openshift-management/add_container_provider.yml new file mode 100644 index 000000000..facb3a5b9 --- /dev/null +++ b/playbooks/common/openshift-management/add_container_provider.yml @@ -0,0 +1,8 @@ +--- +- name: Add Container Provider to Management + hosts: oo_first_master + tasks: + - name: Run the Management Integration Tasks + include_role: + name: openshift_management + tasks_from: add_container_provider diff --git a/playbooks/common/openshift-management/config.yml b/playbooks/common/openshift-management/config.yml new file mode 100644 index 000000000..3f1cdf713 --- /dev/null +++ b/playbooks/common/openshift-management/config.yml @@ -0,0 +1,39 @@ +--- +- name: Management Install Checkpoint Start + hosts: all + gather_facts: false + tasks: + - name: Set Management install 'In Progress' + run_once: true + set_stats: + data: + installer_phase_management: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" + +- name: Setup CFME + hosts: oo_first_master + pre_tasks: + - name: Create a temporary place to evaluate the PV templates + command: mktemp -d /tmp/openshift-ansible-XXXXXXX + register: r_openshift_management_mktemp + changed_when: false + + tasks: + - name: Run the CFME Setup Role + include_role: + name: openshift_management + vars: + template_dir: "{{ hostvars[groups.masters.0].r_openshift_management_mktemp.stdout }}" + +- name: Management Install Checkpoint End + hosts: all + gather_facts: false + tasks: + - name: Set Management install 'Complete' + run_once: true + set_stats: + data: + installer_phase_management: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-cfme/filter_plugins b/playbooks/common/openshift-management/filter_plugins index 99a95e4ca..99a95e4ca 120000 --- a/playbooks/common/openshift-cfme/filter_plugins +++ b/playbooks/common/openshift-management/filter_plugins diff --git a/playbooks/common/openshift-cfme/library b/playbooks/common/openshift-management/library index ba40d2f56..ba40d2f56 120000 --- a/playbooks/common/openshift-cfme/library +++ b/playbooks/common/openshift-management/library diff --git a/playbooks/common/openshift-cfme/roles b/playbooks/common/openshift-management/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/common/openshift-cfme/roles +++ b/playbooks/common/openshift-management/roles diff --git a/playbooks/common/openshift-cfme/uninstall.yml b/playbooks/common/openshift-management/uninstall.yml index 78b8e7668..9f35cc276 100644 --- a/playbooks/common/openshift-cfme/uninstall.yml +++ b/playbooks/common/openshift-management/uninstall.yml @@ -1,8 +1,8 @@ --- - name: Uninstall CFME - hosts: masters + hosts: masters[0] tasks: - name: Run the CFME Uninstall Role Tasks include_role: - name: openshift_cfme + name: openshift_management tasks_from: uninstall diff --git a/playbooks/common/openshift-master/additional_config.yml b/playbooks/common/openshift-master/additional_config.yml index ee76e2ed7..32f638d42 100644 --- a/playbooks/common/openshift-master/additional_config.yml +++ b/playbooks/common/openshift-master/additional_config.yml @@ -1,14 +1,15 @@ --- - name: Master Additional Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Master Additional install 'In Progress' + run_once: true set_stats: data: - installer_phase_master_additional: "In Progress" - aggregate: false + installer_phase_master_additional: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - name: Additional master configuration hosts: oo_first_master @@ -20,16 +21,18 @@ roles: - role: openshift_master_cluster when: openshift_master_ha | bool and openshift.master.cluster_method == "pacemaker" + - role: openshift_project_request_template + when: openshift_project_request_template_manage - role: openshift_examples when: openshift_install_examples | default(true, true) | bool registry_url: "{{ openshift.master.registry_url }}" - role: openshift_hosted_templates registry_url: "{{ openshift.master.registry_url }}" - role: openshift_manageiq - when: openshift_use_manageiq | default(false) | bool + when: openshift_use_manageiq | default(true) | bool - role: cockpit when: - - openshift.common.is_atomic + - not openshift.common.is_atomic | bool - deployment_type == 'openshift-enterprise' - osm_use_cockpit is undefined or osm_use_cockpit | bool - openshift.common.deployment_subtype != 'registry' @@ -37,12 +40,13 @@ when: openshift_use_flannel | default(false) | bool - name: Master Additional Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Master Additional install 'Complete' + run_once: true set_stats: data: - installer_phase_master_additional: "Complete" - aggregate: false + installer_phase_master_additional: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-master/ca.yml b/playbooks/common/openshift-master/ca.yml deleted file mode 100644 index 5bb796fa3..000000000 --- a/playbooks/common/openshift-master/ca.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Create OpenShift CA - hosts: oo_masters_to_config - roles: - - role: openshift_master_facts - - role: openshift_named_certificates - - role: openshift_ca - openshift_ca_host: "{{ groups.oo_first_master.0 }}" diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 766e0e501..6b0fd6b7c 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -1,14 +1,17 @@ --- - name: Master Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Master install 'In Progress' + run_once: true set_stats: data: - installer_phase_master: "In Progress" - aggregate: false + installer_phase_master: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" + +- include: certificates.yml - name: Disable excluders hosts: oo_masters_to_config @@ -196,6 +199,7 @@ openshift_master_default_registry_value: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value }}" openshift_master_default_registry_value_api: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value_api }}" openshift_master_default_registry_value_controllers: "{{ hostvars[groups.oo_first_master.0].l_default_registry_value_controllers }}" + - role: tuned - role: nuage_ca when: openshift_use_nuage | default(false) | bool - role: nuage_common @@ -204,6 +208,18 @@ when: openshift_use_nuage | default(false) | bool - role: calico_master when: openshift_use_calico | default(false) | bool + tasks: + - include_role: + name: kuryr + tasks_from: master + when: openshift_use_kuryr | default(false) | bool + + - name: Setup the node group config maps + include_role: + name: openshift_node_group + when: openshift_master_bootstrap_enabled | default(false) | bool + run_once: True + post_tasks: - name: Create group for deployment type group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} @@ -224,12 +240,13 @@ r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" - name: Master Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Master install 'Complete' + run_once: true set_stats: data: - installer_phase_master: "Complete" - aggregate: false + installer_phase_master: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-master/files/openshift-ansible-catalog-console.js b/playbooks/common/openshift-master/files/openshift-ansible-catalog-console.js deleted file mode 100644 index d0a9f11dc..000000000 --- a/playbooks/common/openshift-master/files/openshift-ansible-catalog-console.js +++ /dev/null @@ -1,2 +0,0 @@ -// empty file so that the master-config can still point to a file that exists -// this file will be replaced by the template service broker role if enabled diff --git a/playbooks/common/openshift-master/restart_services.yml b/playbooks/common/openshift-master/restart_services.yml index 4f8b758fd..4e1b3a3be 100644 --- a/playbooks/common/openshift-master/restart_services.yml +++ b/playbooks/common/openshift-master/restart_services.yml @@ -1,22 +1,4 @@ --- -- name: Restart master API - service: - name: "{{ openshift.common.service_type }}-master-api" - state: restarted - when: openshift_master_ha | bool -- name: Wait for master API to come back online - wait_for: - host: "{{ openshift.common.hostname }}" - state: started - delay: 10 - port: "{{ openshift.master.api_port }}" - timeout: 600 - when: openshift_master_ha | bool -- name: Restart master controllers - service: - name: "{{ openshift.common.service_type }}-master-controllers" - state: restarted - # Ignore errrors since it is possible that type != simple for - # pre-3.1.1 installations. - ignore_errors: true - when: openshift_master_ha | bool +- include_role: + name: openshift_master + tasks_from: restart.yml diff --git a/playbooks/common/openshift-master/revert-client-ca.yml b/playbooks/common/openshift-master/revert-client-ca.yml new file mode 100644 index 000000000..9ae23bf5b --- /dev/null +++ b/playbooks/common/openshift-master/revert-client-ca.yml @@ -0,0 +1,17 @@ +--- +- name: Set servingInfo.clientCA = ca.crt in master config + hosts: oo_masters_to_config + tasks: + - name: Read master config + slurp: + src: "{{ openshift.common.config_base }}/master/master-config.yaml" + register: g_master_config_output + + # servingInfo.clientCA may be set as the client-ca-bundle.crt from + # CA redeployment and this task reverts that change. + - name: Set servingInfo.clientCA = ca.crt in master config + modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: ca.crt + when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt' diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index d007fac85..4c415ebce 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -22,16 +22,17 @@ - name: restart master api service: name={{ openshift.common.service_type }}-master-controllers state=restarted notify: verify api server + # We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - service: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 - name: verify api server command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: @@ -47,8 +48,6 @@ - include: ../openshift-etcd/certificates.yml -- include: ../openshift-master/certificates.yml - - include: ../openshift-master/config.yml - include: ../openshift-loadbalancer/config.yml diff --git a/playbooks/common/openshift-master/tasks/wire_aggregator.yml b/playbooks/common/openshift-master/tasks/wire_aggregator.yml index 560eea785..97acc5d5d 100644 --- a/playbooks/common/openshift-master/tasks/wire_aggregator.yml +++ b/playbooks/common/openshift-master/tasks/wire_aggregator.yml @@ -136,9 +136,15 @@ when: - not front_proxy_kubeconfig.stat.exists -- name: copy tech preview extension file for service console UI - copy: - src: openshift-ansible-catalog-console.js +- name: Delete temp directory + file: + name: "{{ certtemp.stdout }}" + state: absent + changed_when: False + +- name: Setup extension file for service console UI + template: + src: ../templates/openshift-ansible-catalog-console.js dest: /etc/origin/master/openshift-ansible-catalog-console.js - name: Update master config @@ -179,8 +185,13 @@ - yedit_output.changed - openshift.master.cluster_method == 'native' +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: - yedit_output.changed - openshift.master.cluster_method == 'native' @@ -190,11 +201,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: @@ -207,9 +214,3 @@ changed_when: false when: - yedit_output.changed - -- name: Delete temp directory - file: - name: "{{ certtemp.stdout }}" - state: absent - changed_when: False diff --git a/playbooks/common/openshift-master/templates/openshift-ansible-catalog-console.js b/playbooks/common/openshift-master/templates/openshift-ansible-catalog-console.js new file mode 100644 index 000000000..fd02325ba --- /dev/null +++ b/playbooks/common/openshift-master/templates/openshift-ansible-catalog-console.js @@ -0,0 +1 @@ +window.OPENSHIFT_CONSTANTS.TEMPLATE_SERVICE_BROKER_ENABLED = {{ 'true' if (template_service_broker_install | default(True)) else 'false' }}; diff --git a/playbooks/common/openshift-nfs/config.yml b/playbooks/common/openshift-nfs/config.yml index 66303d6f7..6ea77e00b 100644 --- a/playbooks/common/openshift-nfs/config.yml +++ b/playbooks/common/openshift-nfs/config.yml @@ -1,14 +1,15 @@ --- - name: NFS Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set NFS install 'In Progress' + run_once: true set_stats: data: - installer_phase_nfs: "In Progress" - aggregate: false + installer_phase_nfs: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - name: Configure nfs hosts: oo_nfs_to_config @@ -17,12 +18,13 @@ - role: openshift_storage_nfs - name: NFS Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set NFS install 'Complete' + run_once: true set_stats: data: - installer_phase_nfs: "Complete" - aggregate: false + installer_phase_nfs: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-node/additional_config.yml b/playbooks/common/openshift-node/additional_config.yml index fe51ef833..ac757397b 100644 --- a/playbooks/common/openshift-node/additional_config.yml +++ b/playbooks/common/openshift-node/additional_config.yml @@ -19,10 +19,14 @@ - group_by: key: oo_nodes_use_{{ (openshift_use_contiv | default(False)) | ternary('contiv','nothing') }} changed_when: False + # Create group for kuryr nodes + - group_by: + key: oo_nodes_use_{{ (openshift_use_kuryr | default(False)) | ternary('kuryr','nothing') }} + changed_when: False - include: etcd_client_config.yml vars: - openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv" + openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv:oo_nodes_use_kuryr" - name: Additional node config hosts: oo_nodes_use_flannel @@ -50,3 +54,11 @@ - role: contiv contiv_role: netplugin when: openshift_use_contiv | default(false) | bool + +- name: Configure Kuryr node + hosts: oo_nodes_use_kuryr + tasks: + - include_role: + name: kuryr + tasks_from: node + when: openshift_use_kuryr | default(false) | bool diff --git a/playbooks/common/openshift-node/clean_image.yml b/playbooks/common/openshift-node/clean_image.yml new file mode 100644 index 000000000..38753d0af --- /dev/null +++ b/playbooks/common/openshift-node/clean_image.yml @@ -0,0 +1,10 @@ +--- +- name: Configure nodes + hosts: oo_nodes_to_config:!oo_containerized_master_nodes + tasks: + - name: Remove any ansible facts created during AMI creation + file: + path: "/etc/ansible/facts.d/{{ item }}" + state: absent + with_items: + - openshift.fact diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 6fd8aa6f1..28e3c1b1b 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -1,14 +1,17 @@ --- - name: Node Install Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Node install 'In Progress' + run_once: true set_stats: data: - installer_phase_node: "In Progress" - aggregate: false + installer_phase_node: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" + +- include: certificates.yml - include: setup.yml @@ -23,12 +26,13 @@ - include: enable_excluders.yml - name: Node Install Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set Node install 'Complete' + run_once: true set_stats: data: - installer_phase_node: "Complete" - aggregate: false + installer_phase_node: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-node/configure_nodes.yml b/playbooks/common/openshift-node/configure_nodes.yml index c96e4921c..17259422d 100644 --- a/playbooks/common/openshift-node/configure_nodes.yml +++ b/playbooks/common/openshift-node/configure_nodes.yml @@ -13,4 +13,5 @@ roles: - role: os_firewall - role: openshift_node + - role: tuned - role: nickhammond.logrotate diff --git a/playbooks/common/openshift-node/image_prep.yml b/playbooks/common/openshift-node/image_prep.yml new file mode 100644 index 000000000..3c042acdc --- /dev/null +++ b/playbooks/common/openshift-node/image_prep.yml @@ -0,0 +1,21 @@ +--- +- name: normalize groups + include: ../../init/evaluate_groups.yml + +- name: initialize the facts + include: ../../init/facts.yml + +- name: initialize the repositories + include: ../../init/repos.yml + +- name: run node config setup + include: setup.yml + +- name: run node config + include: configure_nodes.yml + +- name: Re-enable excluders + include: enable_excluders.yml + +- name: Remove any undesired artifacts from build + include: clean_image.yml diff --git a/playbooks/common/openshift-node/network_manager.yml b/playbooks/common/openshift-node/network_manager.yml index b3a7399dc..c2efb0483 100644 --- a/playbooks/common/openshift-node/network_manager.yml +++ b/playbooks/common/openshift-node/network_manager.yml @@ -1,5 +1,5 @@ --- -- include: ../openshift-cluster/evaluate_groups.yml +- include: ../../init/evaluate_groups.yml - name: Install and configure NetworkManager hosts: oo_all_hosts diff --git a/playbooks/gcp/openshift-cluster/provision.yml b/playbooks/gcp/openshift-cluster/provision.yml index a3d1d46a6..097717607 100644 --- a/playbooks/gcp/openshift-cluster/provision.yml +++ b/playbooks/gcp/openshift-cluster/provision.yml @@ -9,11 +9,8 @@ include_role: name: openshift_gcp -- name: normalize groups - include: ../../byo/openshift-cluster/initialize_groups.yml - -- name: run the std_include - include: ../../common/openshift-cluster/std_include.yml +- name: run the init + include: ../../init/main.yml - name: run the config include: ../../common/openshift-cluster/config.yml diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/init/evaluate_groups.yml index e55b2f964..8787c87e1 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/init/evaluate_groups.yml @@ -5,6 +5,9 @@ become: no gather_facts: no tasks: + - name: Load group name mapping variables + include_vars: vars/cluster_hosts.yml + - name: Evaluate groups - g_etcd_hosts or g_new_etcd_hosts required fail: msg: This playbook requires g_etcd_hosts or g_new_etcd_hosts to be set @@ -51,7 +54,7 @@ when: - g_etcd_hosts | default([]) | length not in [3,1] - not openshift_master_unsupported_embedded_etcd | default(False) - - not openshift_node_bootstrap | default(False) + - not (openshift_node_bootstrap | default(False)) - name: Evaluate oo_all_hosts add_host: diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/init/facts.yml index be2f8b5f4..91223d368 100644 --- a/playbooks/common/openshift-cluster/initialize_facts.yml +++ b/playbooks/init/facts.yml @@ -10,6 +10,7 @@ - name: load openshift_facts module include_role: name: openshift_facts + static: yes # TODO: Should this role be refactored into health_checks?? - name: Run openshift_sanitize_inventory to set variables @@ -145,7 +146,19 @@ https_proxy: "{{ openshift_https_proxy | default(None) }}" no_proxy: "{{ openshift_no_proxy | default(None) }}" generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" - no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" + + - name: Set fact of no_proxy_internal_hostnames + openshift_facts: + role: common + local_facts: + no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: + - openshift_http_proxy is defined or openshift_https_proxy is defined + - openshift_generate_no_proxy_hosts | default(True) | bool - name: initialize_facts set_fact repoquery command set_fact: diff --git a/playbooks/init/main.yml b/playbooks/init/main.yml new file mode 100644 index 000000000..87ffeafc7 --- /dev/null +++ b/playbooks/init/main.yml @@ -0,0 +1,38 @@ +--- +- name: Initialization Checkpoint Start + hosts: all + gather_facts: false + roles: + - installer_checkpoint + tasks: + - name: Set install initialization 'In Progress' + run_once: true + set_stats: + data: + installer_phase_initialize: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" + +- include: evaluate_groups.yml + +- include: facts.yml + +- include: sanity_checks.yml + +- include: validate_hostnames.yml + +- include: repos.yml + +- include: version.yml + +- name: Initialization Checkpoint End + hosts: all + gather_facts: false + tasks: + - name: Set install initialization 'Complete' + run_once: true + set_stats: + data: + installer_phase_initialize: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-cluster/initialize_openshift_repos.yml b/playbooks/init/repos.yml index a7114fc80..a7114fc80 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_repos.yml +++ b/playbooks/init/repos.yml diff --git a/playbooks/init/roles b/playbooks/init/roles new file mode 120000 index 000000000..b741aa3db --- /dev/null +++ b/playbooks/init/roles @@ -0,0 +1 @@ +../../roles
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/sanity_checks.yml b/playbooks/init/sanity_checks.yml index 26716a92d..26716a92d 100644 --- a/playbooks/common/openshift-cluster/sanity_checks.yml +++ b/playbooks/init/sanity_checks.yml diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/init/validate_hostnames.yml index be2e6a15a..be2e6a15a 100644 --- a/playbooks/common/openshift-cluster/validate_hostnames.yml +++ b/playbooks/init/validate_hostnames.yml diff --git a/playbooks/byo/openshift-cluster/cluster_hosts.yml b/playbooks/init/vars/cluster_hosts.yml index e807ac004..e807ac004 100644 --- a/playbooks/byo/openshift-cluster/cluster_hosts.yml +++ b/playbooks/init/vars/cluster_hosts.yml diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/init/version.yml index 6100c36e1..37a5284d5 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml +++ b/playbooks/init/version.yml @@ -1,15 +1,4 @@ --- -# openshift_install_base_package_group may be set in a play variable to limit -# the host groups the base package is installed on. This is currently used -# for master/control-plane upgrades. -- name: Set version_install_base_package true on masters and nodes - hosts: "{{ openshift_install_base_package_group | default('oo_masters_to_config:oo_nodes_to_config') }}" - tasks: - - name: Set version_install_base_package true - set_fact: - version_install_base_package: True - when: version_install_base_package is not defined - # NOTE: requires openshift_facts be run - name: Determine openshift_version to configure on first master hosts: oo_first_master @@ -19,8 +8,8 @@ # NOTE: We set this even on etcd hosts as they may also later run as masters, # and we don't want to install wrong version of docker and have to downgrade # later. -- name: Set openshift_version for all hosts - hosts: oo_all_hosts:!oo_first_master +- name: Set openshift_version for etcd, node, and master hosts + hosts: oo_etcd_to_config:oo_nodes_to_config:oo_masters_to_config:!oo_first_master vars: openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}" pre_tasks: diff --git a/playbooks/byo/openshift-checks/README.md b/playbooks/openshift-checks/README.md index b26e7d7ed..0b7ea91ff 100644 --- a/playbooks/byo/openshift-checks/README.md +++ b/playbooks/openshift-checks/README.md @@ -47,19 +47,19 @@ against your inventory file. Here is the step-by-step: 3. Run the appropriate playbook: ```console - $ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/pre-install.yml + $ ansible-playbook -i <inventory file> playbooks/openshift-checks/pre-install.yml ``` or ```console - $ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/health.yml + $ ansible-playbook -i <inventory file> playbooks/openshift-checks/health.yml ``` or ```console - $ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/certificate_expiry/default.yaml -v + $ ansible-playbook -i <inventory file> playbooks/openshift-checks/certificate_expiry/default.yaml -v ``` ### The adhoc playbook @@ -72,19 +72,19 @@ using the `-e` flag. For example, to run the `docker_storage` check: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml -e openshift_checks=docker_storage +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml -e openshift_checks=docker_storage ``` To run more checks, use a comma-separated list of check names: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml -e openshift_checks=docker_storage,disk_availability +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml -e openshift_checks=docker_storage,disk_availability ``` To run an entire class of checks, use the name of a check group tag, prefixed by `@`. This will run all checks tagged `preflight`: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml -e openshift_checks=@preflight +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml -e openshift_checks=@preflight ``` It is valid to specify multiple check tags and individual check names together @@ -94,7 +94,7 @@ To list all of the available checks and tags, run the adhoc playbook without setting the `openshift_checks` variable: ```console -$ ansible-playbook -i <inventory file> playbooks/byo/openshift-checks/adhoc.yml +$ ansible-playbook -i <inventory file> playbooks/openshift-checks/adhoc.yml ``` ## Running in a container diff --git a/playbooks/byo/openshift-checks/adhoc.yml b/playbooks/openshift-checks/adhoc.yml index 226bed732..036a63776 100644 --- a/playbooks/byo/openshift-checks/adhoc.yml +++ b/playbooks/openshift-checks/adhoc.yml @@ -1,6 +1,6 @@ --- # NOTE: ideally this would be just part of a single play in -# common/openshift-checks/adhoc.yml that lists the existing checks when +# private/adhoc.yml that lists the existing checks when # openshift_checks is not set or run the requested checks. However, to actually # run the checks we need to have the included dependencies to run first and that # takes time. To speed up listing checks, we use this separate play that runs @@ -20,8 +20,6 @@ action: openshift_health_check when: openshift_checks is undefined or not openshift_checks -- include: ../openshift-cluster/initialize_groups.yml +- include: ../init/main.yml -- include: ../../common/openshift-cluster/std_include.yml - -- include: ../../common/openshift-checks/adhoc.yml +- include: private/adhoc.yml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/default.yaml b/playbooks/openshift-checks/certificate_expiry/default.yaml index 630135cae..630135cae 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/default.yaml +++ b/playbooks/openshift-checks/certificate_expiry/default.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml b/playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml index 378d1f154..378d1f154 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml +++ b/playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml b/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml index ae41c7c14..ae41c7c14 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +++ b/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml b/playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml index d80cb6ff4..d80cb6ff4 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml +++ b/playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml b/playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml index 2189455b7..2189455b7 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml +++ b/playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml b/playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml index 87a0f3be4..87a0f3be4 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml +++ b/playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml diff --git a/playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml b/playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml index 960457c4b..960457c4b 100644 --- a/playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml +++ b/playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml diff --git a/playbooks/common/openshift-checks/roles b/playbooks/openshift-checks/certificate_expiry/roles index 20c4c58cf..20c4c58cf 120000 --- a/playbooks/common/openshift-checks/roles +++ b/playbooks/openshift-checks/certificate_expiry/roles diff --git a/playbooks/openshift-checks/health.yml b/playbooks/openshift-checks/health.yml new file mode 100644 index 000000000..64bfa411d --- /dev/null +++ b/playbooks/openshift-checks/health.yml @@ -0,0 +1,4 @@ +--- +- include: ../init/main.yml + +- include: private/health.yml diff --git a/playbooks/openshift-checks/pre-install.yml b/playbooks/openshift-checks/pre-install.yml new file mode 100644 index 000000000..410204d6a --- /dev/null +++ b/playbooks/openshift-checks/pre-install.yml @@ -0,0 +1,4 @@ +--- +- include: ../init/main.yml + +- include: private/pre-install.yml diff --git a/playbooks/common/openshift-checks/adhoc.yml b/playbooks/openshift-checks/private/adhoc.yml index dfcef8435..d0deaeb65 100644 --- a/playbooks/common/openshift-checks/adhoc.yml +++ b/playbooks/openshift-checks/private/adhoc.yml @@ -1,12 +1,13 @@ --- -- name: OpenShift health checks +- name: OpenShift Health Checks hosts: oo_all_hosts + roles: - openshift_health_checker vars: - r_openshift_health_checker_playbook_context: adhoc post_tasks: - - name: Run health checks + - name: Run health checks (adhoc) action: openshift_health_check args: checks: '{{ openshift_checks | default([]) }}' diff --git a/playbooks/common/openshift-checks/health.yml b/playbooks/openshift-checks/private/health.yml index 21ea785ef..d0921b9d3 100644 --- a/playbooks/common/openshift-checks/health.yml +++ b/playbooks/openshift-checks/private/health.yml @@ -1,11 +1,13 @@ --- -- name: Run OpenShift health checks +- name: OpenShift Health Checks hosts: oo_all_hosts + roles: - openshift_health_checker vars: - r_openshift_health_checker_playbook_context: health post_tasks: - - action: openshift_health_check + - name: Run health checks (@health) + action: openshift_health_check args: checks: ['@health'] diff --git a/playbooks/openshift-checks/private/install.yml b/playbooks/openshift-checks/private/install.yml new file mode 100644 index 000000000..93cf6c359 --- /dev/null +++ b/playbooks/openshift-checks/private/install.yml @@ -0,0 +1,51 @@ +--- +- name: Health Check Checkpoint Start + hosts: all + gather_facts: false + tasks: + - name: Set Health Check 'In Progress' + run_once: true + set_stats: + data: + installer_phase_health: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" + +- name: OpenShift Health Checks + hosts: oo_all_hosts + any_errors_fatal: true + roles: + - openshift_health_checker + vars: + - r_openshift_health_checker_playbook_context: install + post_tasks: + - name: Run health checks (install) - EL + when: ansible_distribution != "Fedora" + action: openshift_health_check + args: + checks: + - disk_availability + - memory_availability + - package_availability + - package_version + - docker_image_availability + - docker_storage + + - name: Run health checks (install) - Fedora + when: ansible_distribution == "Fedora" + action: openshift_health_check + args: + checks: + - docker_image_availability + +- name: Health Check Checkpoint End + hosts: all + gather_facts: false + tasks: + - name: Set Health Check 'Complete' + run_once: true + set_stats: + data: + installer_phase_health: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/common/openshift-checks/pre-install.yml b/playbooks/openshift-checks/private/pre-install.yml index 88e6f9120..32449d4e4 100644 --- a/playbooks/common/openshift-checks/pre-install.yml +++ b/playbooks/openshift-checks/private/pre-install.yml @@ -1,11 +1,13 @@ --- -- name: run OpenShift pre-install checks +- name: OpenShift Health Checks hosts: oo_all_hosts + roles: - openshift_health_checker vars: - r_openshift_health_checker_playbook_context: pre-install post_tasks: - - action: openshift_health_check + - name: Run health checks (@preflight) + action: openshift_health_check args: checks: ['@preflight'] diff --git a/playbooks/openshift-checks/private/roles b/playbooks/openshift-checks/private/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/openshift-checks/private/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/openshift-checks/roles b/playbooks/openshift-checks/roles new file mode 120000 index 000000000..b741aa3db --- /dev/null +++ b/playbooks/openshift-checks/roles @@ -0,0 +1 @@ +../../roles
\ No newline at end of file diff --git a/playbooks/openstack/README.md b/playbooks/openstack/README.md new file mode 100644 index 000000000..f3fe13530 --- /dev/null +++ b/playbooks/openstack/README.md @@ -0,0 +1,262 @@ +# OpenStack Provisioning + +This directory contains [Ansible][ansible] playbooks and roles to create +OpenStack resources (servers, networking, volumes, security groups, +etc.). The result is an environment ready for OpenShift installation +via [openshift-ansible]. + +We provide everything necessary to be able to install OpenShift on +OpenStack (including the DNS and load balancer servers when +necessary). In addition, we work on providing integration with the +OpenStack-native services (storage, lbaas, baremetal as a service, +dns, etc.). + + +## OpenStack Requirements + +Before you start the installation, you need to have an OpenStack +environment to connect to. You can use a public cloud or an OpenStack +within your organisation. It is also possible to +use [Devstack][devstack] or [TripleO][tripleo]. In the case of +TripleO, we will be running on top of the **overcloud**. + +The OpenStack release must be Newton (for Red Hat OpenStack this is +version 10) or newer. It must also satisfy these requirements: + +* Heat (Orchestration) must be available +* The deployment image (CentOS 7 or RHEL 7) must be loaded +* The deployment flavor must be available to your user + - `m1.medium` / 4GB RAM + 40GB disk should be enough for testing + - look at + the [Minimum Hardware Requirements page][hardware-requirements] + for production +* The keypair for SSH must be available in openstack +* `keystonerc` file that lets you talk to the openstack services + * NOTE: only Keystone V2 is currently supported + +Optional: +* External Neutron network with a floating IP address pool + + +## DNS Requirements + +OpenShift requires DNS to operate properly. OpenStack supports DNS-as-a-service +in the form of the Designate project, but the playbooks here don't support it +yet. Until we do, you will need to provide a DNS solution yourself (or in case +you are not running Designate when we do). + +If your server supports nsupdate, we will use it to add the necessary records. + +TODO(shadower): describe how to build a sample DNS server and how to configure +our playbooks for nsupdate. + + +## Installation + +There are four main parts to the installation: + +1. [Preparing Ansible and dependencies](#1-preparing-ansible-and-dependencies) +2. [Configuring the desired OpenStack environment and OpenShift cluster](#2-configuring-the-openstack-environment-and-openshift-cluster) +3. [Creating the OpenStack resources (VMs, networking, etc.)](#3-creating-the-openstack-resources-vms-networking-etc) +4. [Installing OpenShift](#4-installing-openshift) + +This guide is going to install [OpenShift Origin][origin] +with [CentOS 7][centos7] images with minimal customisation. + +We will create the VMs for running OpenShift, in a new Neutron +network, assign Floating IP addresses and configure DNS. + +The OpenShift cluster will have a single Master node that will run +`etcd`, a single Infra node and two App nodes. + +You can look at +the [Advanced Configuration page][advanced-configuration] for +additional options. + + + +### 1. Preparing Ansible and dependencies + +First, you need to select where to run [Ansible][ansible] from (the +*Ansible host*). This can be the computer you read this guide on or an +OpenStack VM you'll create specifically for this purpose. + +We will use +a +[Docker image that has all the dependencies installed][control-host-image] to +make things easier. If you don't want to use Docker, take a look at +the [Ansible host dependencies][ansible-dependencies] and make sure +they're installed. + +Your *Ansible host* needs to have the following: + +1. Docker +2. `keystonerc` file with your OpenStack credentials +3. SSH private key for logging in to your OpenShift nodes + +Assuming your private key is `~/.ssh/id_rsa` and `keystonerc` in your +current directory: + +```bash +$ sudo docker run -it -v ~/.ssh:/mnt/.ssh:Z \ + -v $PWD/keystonerc:/root/.config/openstack/keystonerc.sh:Z \ + redhatcop/control-host-openstack bash +``` + +This will create the container, add your SSH key and source your +`keystonerc`. It should be set up for the installation. + +You can verify that everything is in order: + + +```bash +$ less .ssh/id_rsa +$ ansible --version +$ openstack image list +``` + + +### 2. Configuring the OpenStack Environment and OpenShift Cluster + +The configuration is all done in an Ansible inventory directory. We +will clone the [openshift-ansible][openshift-ansible] repository and set +things up for a minimal installation. + + +``` +$ git clone https://github.com/openshift/openshift-ansible +$ cp -r openshift-ansible/playbooks/openstack/sample-inventory/ inventory +``` + +If you're testing multiple configurations, you can have multiple +inventories and switch between them. + +#### OpenStack Configuration + +The OpenStack configuration is in `inventory/group_vars/all.yml`. + +Open the file and plug in the image, flavor and network configuration +corresponding to your OpenStack installation. + +```bash +$ vi inventory/group_vars/all.yml +``` + +1. Set the `openshift_openstack_keypair_name` to your OpenStack keypair name. + - See `openstack keypair list` to find the keypairs registered with + OpenShift. + - This must correspond to your private SSH key in `~/.ssh/id_rsa` +2. Set the `openshift_openstack_external_network_name` to the floating IP + network of your openstack. + - See `openstack network list` for the list of networks. + - It's often called `public`, `external` or `ext-net`. +3. Set the `openshift_openstack_default_image_name` to the image you want your + OpenShift VMs to run. + - See `openstack image list` for the list of available images. +4. Set the `openshift_openstack_default_flavor` to the flavor you want your + OpenShift VMs to use. + - See `openstack flavor list` for the list of available flavors. +5. Set the `openshift_openstack_dns_nameservers` to the list of the IP addresses + of the DNS servers used for the **private** address resolution. + +**NOTE ON DNS**: at minimum, the OpenShift nodes need to be able to access each +other by their hostname. OpenStack doesn't provide this by default, so you +need to provide a DNS server. Put the address of that DNS server in +`openshift_openstack_dns_nameservers` variable. + + + + +#### OpenShift configuration + +The OpenShift configuration is in `inventory/group_vars/OSEv3.yml`. + +The default options will mostly work, but unless you used the large +flavors for a production-ready environment, openshift-ansible's +hardware check will fail. + +Let's disable those checks by putting this in +`inventory/group_vars/OSEv3.yml`: + +```yaml +openshift_disable_check: disk_availability,memory_availability +``` + +**NOTE**: The default authentication method will allow **any username +and password** in! If you're running this in a public place, you need +to set up access control. + +Feel free to look at +the [Sample OpenShift Inventory][sample-openshift-inventory] and +the [advanced configuration][advanced-configuration]. + + +### 3. Creating the OpenStack resources (VMs, networking, etc.) + +We provide an `ansible.cfg` file which has some useful defaults -- you should +copy it to the directory you're going to run `ansible-playbook` from. + +```bash +$ cp openshift-ansible/ansible.cfg ansible.cfg +``` + +Then run the provisioning playbook -- this will create the OpenStack +resources: + +```bash +$ ansible-playbook --user openshift -i inventory openshift-ansible/playbooks/openstack/openshift-cluster/provision.yaml +``` + +If you're using multiple inventories, make sure you pass the path to +the right one to `-i`. + +If your SSH private key is not in `~/.ssh/id_rsa` use the `--private-key` +option to specify the correct path. + + +### 4. Installing OpenShift + +Run the `byo/config.yml` playbook on top of the OpenStack nodes we have +prepared. + +```bash +$ ansible-playbook -i inventory openshift-ansible/playbooks/byo/config.yml +``` + + +### Next Steps + +And that's it! You should have a small but functional OpenShift +cluster now. + +Take a look at [how to access the cluster][accessing-openshift] +and [how to remove it][uninstall-openshift] as well as the more +advanced configuration: + +* [Accessing the OpenShift cluster][accessing-openshift] +* [Removing the OpenShift cluster][uninstall-openshift] +* Set Up Authentication (TODO) +* [Multiple Masters with a load balancer][loadbalancer] +* [External Dns][external-dns] +* Multiple Clusters (TODO) +* [Cinder Registry][cinder-registry] +* [Bastion Node][bastion] + + +[ansible]: https://www.ansible.com/ +[openshift-ansible]: https://github.com/openshift/openshift-ansible +[devstack]: https://docs.openstack.org/devstack/ +[tripleo]: http://tripleo.org/ +[ansible-dependencies]: ./advanced-configuration.md#dependencies-for-localhost-ansible-controladmin-node +[control-host-image]: https://hub.docker.com/r/redhatcop/control-host-openstack/ +[hardware-requirements]: https://docs.openshift.org/latest/install_config/install/prerequisites.html#hardware +[origin]: https://www.openshift.org/ +[centos7]: https://www.centos.org/ +[sample-openshift-inventory]: https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.example +[advanced-configuration]: ./advanced-configuration.md +[accessing-openshift]: ./advanced-configuration.md#accessing-the-openshift-cluster +[uninstall-openshift]: ./advanced-configuration.md#removing-the-openshift-cluster +[loadbalancer]: ./advanced-configuration.md#multi-master-configuration +[external-dns]: ./advanced-configuration.md#dns-configuration-variables +[cinder-registry]: ./advanced-configuration.md#creating-and-using-a-cinder-volume-for-the-openshift-registry +[bastion]: ./advanced-configuration.md#configure-static-inventory-and-access-via-a-bastion-node diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md new file mode 100644 index 000000000..90cc20b98 --- /dev/null +++ b/playbooks/openstack/advanced-configuration.md @@ -0,0 +1,772 @@ +## Dependencies for localhost (ansible control/admin node) + +* [Ansible 2.3](https://pypi.python.org/pypi/ansible) +* [Ansible-galaxy](https://pypi.python.org/pypi/ansible-galaxy-local-deps) +* [jinja2](http://jinja.pocoo.org/docs/2.9/) +* [shade](https://pypi.python.org/pypi/shade) +* python-jmespath / [jmespath](https://pypi.python.org/pypi/jmespath) +* python-dns / [dnspython](https://pypi.python.org/pypi/dnspython) +* Become (sudo) is not required. + +**NOTE**: You can use a Docker image with all dependencies set up. +Find more in the [Deployment section](#deployment). + +### Optional Dependencies for localhost +**Note**: When using rhel images, `rhel-7-server-openstack-10-rpms` repository is required in order to install these packages. + +* `python-openstackclient` +* `python-heatclient` + +## Dependencies for OpenStack hosted cluster nodes (servers) + +There are no additional dependencies for the cluster nodes. Required +configuration steps are done by Heat given a specific user data config +that normally should not be changed. + +## Required galaxy modules + +In order to pull in external dependencies for DNS configuration steps, +the following commads need to be executed: + + ansible-galaxy install \ + -r openshift-ansible-contrib/playbooks/provisioning/openstack/galaxy-requirements.yaml \ + -p openshift-ansible-contrib/roles + +Alternatively you can install directly from github: + + ansible-galaxy install git+https://github.com/redhat-cop/infra-ansible,master \ + -p openshift-ansible-contrib/roles + +Notes: +* This assumes we're in the directory that contains the clonned +openshift-ansible-contrib repo in its root path. +* When trying to install a different version, the previous one must be removed first +(`infra-ansible` directory from [roles](https://github.com/openshift/openshift-ansible-contrib/tree/master/roles)). +Otherwise, even if there are differences between the two versions, installation of the newer version is skipped. + + +## Accessing the OpenShift Cluster + +### Use the Cluster DNS + +In addition to the OpenShift nodes, we created a DNS server with all +the necessary entries. We will configure your *Ansible host* to use +this new DNS and talk to the deployed OpenShift. + +First, get the DNS IP address: + +```bash +$ openstack server show dns-0.openshift.example.com --format value --column addresses +openshift-ansible-openshift.example.com-net=192.168.99.11, 10.40.128.129 +``` + +Note the floating IP address (it's `10.40.128.129` in this case) -- if +you're not sure, try pinging them both -- it's the one that responds +to pings. + +Next, edit your `/etc/resolv.conf` as root and put `nameserver DNS_IP` as your +**first entry**. + +If your `/etc/resolv.conf` currently looks like this: + +``` +; generated by /usr/sbin/dhclient-script +search openstacklocal +nameserver 192.168.0.3 +nameserver 192.168.0.2 +``` + +Change it to this: + +``` +; generated by /usr/sbin/dhclient-script +search openstacklocal +nameserver 10.40.128.129 +nameserver 192.168.0.3 +nameserver 192.168.0.2 +``` + +### Get the `oc` Client + +**NOTE**: You can skip this section if you're using the Docker image +-- it already has the `oc` binary. + +You need to download the OpenShift command line client (called `oc`). +You can download and extract `openshift-origin-client-tools` from the +OpenShift release page: + +https://github.com/openshift/origin/releases/latest/ + +Or you can now copy it from the master node: + + $ ansible -i inventory masters[0] -m fetch -a "src=/bin/oc dest=oc" + +Either way, find the `oc` binary and put it in your `PATH`. + + +### Logging in Using the Command Line + + +``` +oc login --insecure-skip-tls-verify=true https://master-0.openshift.example.com:8443 -u user -p password +oc new-project test +oc new-app --template=cakephp-mysql-example +oc status -v +curl http://cakephp-mysql-example-test.apps.openshift.example.com +``` + +This will trigger an image build. You can run `oc logs -f +bc/cakephp-mysql-example` to follow its progress. + +Wait until the build has finished and both pods are deployed and running: + +``` +$ oc status -v +In project test on server https://master-0.openshift.example.com:8443 + +http://cakephp-mysql-example-test.apps.openshift.example.com (svc/cakephp-mysql-example) + dc/cakephp-mysql-example deploys istag/cakephp-mysql-example:latest <- + bc/cakephp-mysql-example source builds https://github.com/openshift/cakephp-ex.git on openshift/php:7.0 + deployment #1 deployed about a minute ago - 1 pod + +svc/mysql - 172.30.144.36:3306 + dc/mysql deploys openshift/mysql:5.7 + deployment #1 deployed 3 minutes ago - 1 pod + +Info: + * pod/cakephp-mysql-example-1-build has no liveness probe to verify pods are still running. + try: oc set probe pod/cakephp-mysql-example-1-build --liveness ... +View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'. + +``` + +You can now look at the deployed app using its route: + +``` +$ curl http://cakephp-mysql-example-test.apps.openshift.example.com +``` + +Its `title` should say: "Welcome to OpenShift". + + +### Accessing the UI + +You can also access the OpenShift cluster with a web browser by going to: + +https://master-0.openshift.example.com:8443 + +Note that for this to work, the OpenShift nodes must be accessible +from your computer and it's DNS configuration must use the cruster's +DNS. + + +## Removing the OpenShift Cluster + +Everything in the cluster is contained within a Heat stack. To +completely remove the cluster and all the related OpenStack resources, +run this command: + +```bash +openstack stack delete --wait --yes openshift.example.com +``` + + +## DNS configuration variables + +Pay special attention to the values in the first paragraph -- these +will depend on your OpenStack environment. + +Note that the provsisioning playbooks update the original Neutron subnet +created with the Heat stack to point to the configured DNS servers. +So the provisioned cluster nodes will start using those natively as +default nameservers. Technically, this allows to deploy OpenShift clusters +without dnsmasq proxies. + +The `openshift_openstack_clusterid` and `openshift_openstack_public_dns_domain` will form the cluster's DNS domain all +your servers will be under. With the default values, this will be +`openshift.example.com`. For workloads, the default subdomain is 'apps'. +That sudomain can be set as well by the `openshift_openstack_app_subdomain` variable in +the inventory. + +The `openstack_<role name>_hostname` is a set of variables used for customising +hostnames of servers with a given role. When such a variable stays commented, +default hostname (usually the role name) is used. + +The `openshift_openstack_dns_nameservers` is a list of DNS servers accessible from all +the created Nova servers. These will provide the internal name resolution for +your OpenShift nodes (as well as upstream name resolution for installing +packages, etc.). + +The `openshift_use_dnsmasq` controls either dnsmasq is deployed or not. +By default, dnsmasq is deployed and comes as the hosts' /etc/resolv.conf file +first nameserver entry that points to the local host instance of the dnsmasq +daemon that in turn proxies DNS requests to the authoritative DNS server. +When Network Manager is enabled for provisioned cluster nodes, which is +normally the case, you should not change the defaults and always deploy dnsmasq. + +`openshift_openstack_external_nsupdate_keys` describes an external authoritative DNS server(s) +processing dynamic records updates in the public and private cluster views: + + openshift_openstack_external_nsupdate_keys: + public: + key_secret: <some nsupdate key> + key_algorithm: 'hmac-md5' + key_name: 'update-key' + server: <public DNS server IP> + private: + key_secret: <some nsupdate key 2> + key_algorithm: 'hmac-sha256' + server: <public or private DNS server IP> + +Here, for the public view section, we specified another key algorithm and +optional `key_name`, which normally defaults to the cluster's DNS domain. +This just illustrates a compatibility mode with a DNS service deployed +by OpenShift on OSP10 reference architecture, and used in a mixed mode with +another external DNS server. + +Another example defines an external DNS server for the public view +additionally to the in-stack DNS server used for the private view only: + + openshift_openstack_external_nsupdate_keys: + public: + key_secret: <some nsupdate key> + key_algorithm: 'hmac-sha256' + server: <public DNS server IP> + +Here, updates matching the public view will be hitting the given public +server IP. While updates matching the private view will be sent to the +auto evaluated in-stack DNS server's **public** IP. + +Note, for the in-stack DNS server, private view updates may be sent only +via the public IP of the server. You can not send updates via the private +IP yet. This forces the in-stack private server to have a floating IP. +See also the [security notes](#security-notes) + +## Flannel networking + +In order to configure the +[flannel networking](https://docs.openshift.com/container-platform/3.6/install_config/configuring_sdn.html#using-flannel), +uncomment and adjust the appropriate `inventory/group_vars/OSEv3.yml` group vars. +Note that the `osm_cluster_network_cidr` must not overlap with the default +Docker bridge subnet of 172.17.0.0/16. Or you should change the docker0 default +CIDR range otherwise. For example, by adding `--bip=192.168.2.1/24` to +`DOCKER_NETWORK_OPTIONS` located in `/etc/sysconfig/docker-network`. + +Also note that the flannel network will be provisioned on a separate isolated Neutron +subnet defined from `osm_cluster_network_cidr` and having ports security disabled. +Use the `openstack_private_data_network_name` variable to define the network +name for the heat stack resource. + +After the cluster deployment done, you should run an additional post installation +step for flannel and docker iptables configuration: + + ansible-playbook openshift-ansible-contrib/playbooks/provisioning/openstack/post-install.yml + +## Other configuration variables + +`openshift_openstack_keypair_name` is a Nova keypair - you can see your +keypairs with `openstack keypair list`. It must correspond to the +private SSH key Ansible will use to log into the created VMs. This is +`~/.ssh/id_rsa` by default, but you can use a different key by passing +`--private-key` to `ansible-playbook`. + +`openshift_openstack_default_image_name` is the default name of the Glance image the +servers will use. You can see your images with `openstack image list`. +In order to set a different image for a role, uncomment the line with the +corresponding variable (e.g. `openshift_openstack_lb_image_name` for load balancer) and +set its value to another available image name. `openshift_openstack_default_image_name` +must stay defined as it is used as a default value for the rest of the roles. + +`openshift_openstack_default_flavor` is the default Nova flavor the servers will use. +You can see your flavors with `openstack flavor list`. +In order to set a different flavor for a role, uncomment the line with the +corresponding variable (e.g. `openshift_openstack_lb_flavor` for load balancer) and +set its value to another available flavor. `openshift_openstack_default_flavor` must +stay defined as it is used as a default value for the rest of the roles. + +`openshift_openstack_external_network_name` is the name of the Neutron network +providing external connectivity. It is often called `public`, +`external` or `ext-net`. You can see your networks with `openstack +network list`. + +`openshift_openstack_private_network_name` is the name of the private Neutron network +providing admin/control access for ansible. It can be merged with other +cluster networks, there are no special requirements for networking. + +The `openshift_openstack_num_masters`, `openshift_openstack_num_infra` and +`openshift_openstack_num_nodes` values specify the number of Master, Infra and +App nodes to create. + +The `openshift_openstack_cluster_node_labels` defines custom labels for your openshift +cluster node groups. It currently supports app and infra node groups. +The default value of this variable sets `region: primary` to app nodes and +`region: infra` to infra nodes. +An example of setting a customised label: +``` +openshift_openstack_cluster_node_labels: + app: + mylabel: myvalue +``` + +The `openshift_openstack_nodes_to_remove` allows you to specify the numerical indexes +of App nodes that should be removed; for example, ['0', '2'], + +The `docker_volume_size` is the default Docker volume size the servers will use. +In order to set a different volume size for a role, +uncomment the line with the corresponding variable (e. g. `docker_master_volume_size` +for master) and change its value. `docker_volume_size` must stay defined as it is +used as a default value for some of the servers (master, infra, app node). +The rest of the roles (etcd, load balancer, dns) have their defaults hard-coded. + +**Note**: If the `openshift_openstack_ephemeral_volumes` is set to `true`, the `*_volume_size` variables +will be ignored and the deployment will not create any cinder volumes. + +The `openshift_openstack_flat_secgrp`, controls Neutron security groups creation for Heat +stacks. Set it to true, if you experience issues with sec group rules +quotas. It trades security for number of rules, by sharing the same set +of firewall rules for master, node, etcd and infra nodes. + +The `openshift_openstack_required_packages` variable also provides a list of the additional +prerequisite packages to be installed before to deploy an OpenShift cluster. +Those are ignored though, if the `manage_packages: False`. + +The `openstack_inventory` controls either a static inventory will be created after the +cluster nodes provisioned on OpenStack cloud. Note, the fully dynamic inventory +is yet to be supported, so the static inventory will be created anyway. + +The `openstack_inventory_path` points the directory to host the generated static inventory. +It should point to the copied example inventory directory, otherwise ti creates +a new one for you. + +## Multi-master configuration + +Please refer to the official documentation for the +[multi-master setup](https://docs.openshift.com/container-platform/3.6/install_config/install/advanced_install.html#multiple-masters) +and define the corresponding [inventory +variables](https://docs.openshift.com/container-platform/3.6/install_config/install/advanced_install.html#configuring-cluster-variables) +in `inventory/group_vars/OSEv3.yml`. For example, given a load balancer node +under the ansible group named `ext_lb`: + + openshift_master_cluster_method: native + openshift_master_cluster_hostname: "{{ groups.ext_lb.0 }}" + openshift_master_cluster_public_hostname: "{{ groups.ext_lb.0 }}" + +## Provider Network + +Normally, the playbooks create a new Neutron network and subnet and attach +floating IP addresses to each node. If you have a provider network set up, this +is all unnecessary as you can just access servers that are placed in the +provider network directly. + +To use a provider network, set its name in `openshift_openstack_provider_network_name` in +`inventory/group_vars/all.yml`. + +If you set the provider network name, the `openshift_openstack_external_network_name` and +`openshift_openstack_private_network_name` fields will be ignored. + +**NOTE**: this will not update the nodes' DNS, so running openshift-ansible +right after provisioning will fail (unless you're using an external DNS server +your provider network knows about). You must make sure your nodes are able to +resolve each other by name. + +## Security notes + +Configure required `*_ingress_cidr` variables to restrict public access +to provisioned servers from your laptop (a /32 notation should be used) +or your trusted network. The most important is the `openshift_openstack_node_ingress_cidr` +that restricts public access to the deployed DNS server and cluster +nodes' ephemeral ports range. + +Note, the command ``curl https://api.ipify.org`` helps fiding an external +IP address of your box (the ansible admin node). + +There is also the `manage_packages` variable (defaults to True) you +may want to turn off in order to speed up the provisioning tasks. This may +be the case for development environments. When turned off, the servers will +be provisioned omitting the ``yum update`` command. This brings security +implications though, and is not recommended for production deployments. + +### DNS servers security options + +Aside from `openshift_openstack_node_ingress_cidr` restricting public access to in-stack DNS +servers, there are following (bind/named specific) DNS security +options available: + + named_public_recursion: 'no' + named_private_recursion: 'yes' + +External DNS servers, which is not included in the 'dns' hosts group, +are not managed. It is up to you to configure such ones. + +## Configure the OpenShift parameters + +Finally, you need to update the DNS entry in +`inventory/group_vars/OSEv3.yml` (look at +`openshift_master_default_subdomain`). + +In addition, this is the place where you can customise your OpenShift +installation for example by specifying the authentication. + +The full list of options is available in this sample inventory: + +https://github.com/openshift/openshift-ansible/blob/master/inventory/byo/hosts.ose.example + +Note, that in order to deploy OpenShift origin, you should update the following +variables for the `inventory/group_vars/OSEv3.yml`, `all.yml`: + + deployment_type: origin + openshift_deployment_type: "{{ deployment_type }}" + + +## Setting a custom entrypoint + +In order to set a custom entrypoint, update `openshift_master_cluster_public_hostname` + + openshift_master_cluster_public_hostname: api.openshift.example.com + +Note than an empty hostname does not work, so if your domain is `openshift.example.com`, +you cannot set this value to simply `openshift.example.com`. + +## Creating and using a Cinder volume for the OpenShift registry + +You can optionally have the playbooks create a Cinder volume and set +it up as the OpenShift hosted registry. + +To do that you need specify the desired Cinder volume name and size in +Gigabytes in `inventory/group_vars/all.yml`: + + openshift_openstack_cinder_hosted_registry_name: cinder-registry + openshift_openstack_cinder_hosted_registry_size_gb: 10 + +With this, the playbooks will create the volume and set up its +filesystem. If there is an existing volume of the same name, we will +use it but keep the existing data on it. + +To use the volume for the registry, you must first configure it with +the OpenStack credentials by putting the following to `OSEv3.yml`: + + openshift_cloudprovider_openstack_username: "{{ lookup('env','OS_USERNAME') }}" + openshift_cloudprovider_openstack_password: "{{ lookup('env','OS_PASSWORD') }}" + openshift_cloudprovider_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}" + openshift_cloudprovider_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}" + +This will use the credentials from your shell environment. If you want +to enter them explicitly, you can. You can also use credentials +different from the provisioning ones (say for quota or access control +reasons). + +**NOTE**: If you're testing this on (DevStack)[devstack], you must +explicitly set your Keystone API version to v2 (e.g. +`OS_AUTH_URL=http://10.34.37.47/identity/v2.0`) instead of the default +value provided by `openrc`. You may also encounter the following issue +with Cinder: + +https://github.com/kubernetes/kubernetes/issues/50461 + +You can read the (OpenShift documentation on configuring +OpenStack)[openstack] for more information. + +[devstack]: https://docs.openstack.org/devstack/latest/ +[openstack]: https://docs.openshift.org/latest/install_config/configuring_openstack.html + + +Next, we need to instruct OpenShift to use the Cinder volume for it's +registry. Again in `OSEv3.yml`: + + #openshift_hosted_registry_storage_kind: openstack + #openshift_hosted_registry_storage_access_modes: ['ReadWriteOnce'] + #openshift_hosted_registry_storage_openstack_filesystem: xfs + +The filesystem value here will be used in the initial formatting of +the volume. + +If you're using the dynamic inventory, you must uncomment these two values as +well: + + #openshift_hosted_registry_storage_openstack_volumeID: "{{ lookup('os_cinder', openshift_openstack_cinder_hosted_registry_name).id }}" + #openshift_hosted_registry_storage_volume_size: "{{ openshift_openstack_cinder_hosted_registry_size_gb }}Gi" + +But note that they use the `os_cinder` lookup plugin we provide, so you must +tell Ansible where to find it either in `ansible.cfg` (the one we provide is +configured properly) or by exporting the +`ANSIBLE_LOOKUP_PLUGINS=openshift-ansible-contrib/lookup_plugins` environment +variable. + + + +## Use an existing Cinder volume for the OpenShift registry + +You can also use a pre-existing Cinder volume for the storage of your +OpenShift registry. + +To do that, you need to have a Cinder volume. You can create one by +running: + + openstack volume create --size <volume size in gb> <volume name> + +The volume needs to have a file system created before you put it to +use. + +As with the automatically-created volume, you have to set up the +OpenStack credentials in `inventory/group_vars/OSEv3.yml` as well as +registry values: + + #openshift_hosted_registry_storage_kind: openstack + #openshift_hosted_registry_storage_access_modes: ['ReadWriteOnce'] + #openshift_hosted_registry_storage_openstack_filesystem: xfs + #openshift_hosted_registry_storage_openstack_volumeID: e0ba2d73-d2f9-4514-a3b2-a0ced507fa05 + #openshift_hosted_registry_storage_volume_size: 10Gi + +Note the `openshift_hosted_registry_storage_openstack_volumeID` and +`openshift_hosted_registry_storage_volume_size` values: these need to +be added in addition to the previous variables. + +The **Cinder volume ID**, **filesystem** and **volume size** variables +must correspond to the values in your volume. The volume ID must be +the **UUID** of the Cinder volume, *not its name*. + +We can do formate the volume for you if you ask for it in +`inventory/group_vars/all.yml`: + + openshift_openstack_prepare_and_format_registry_volume: true + +**NOTE:** doing so **will destroy any data that's currently on the volume**! + +You can also run the registry setup playbook directly: + + ansible-playbook -i inventory playbooks/provisioning/openstack/prepare-and-format-cinder-volume.yaml + +(the provisioning phase must be completed, first) + + + +## Configure static inventory and access via a bastion node + +Example inventory variables: + + openshift_openstack_use_bastion: true + openshift_openstack_bastion_ingress_cidr: "{{openshift_openstack_subnet_prefix}}.0/24" + openstack_private_ssh_key: ~/.ssh/id_rsa + openstack_inventory: static + openstack_inventory_path: ../../../../inventory + openstack_ssh_config_path: /tmp/ssh.config.openshift.ansible.openshift.example.com + +The `openshift_openstack_subnet_prefix` is the openstack private network for your cluster. +And the `openshift_openstack_bastion_ingress_cidr` defines accepted range for SSH connections to nodes +additionally to the `openshift_openstack_ssh_ingress_cidr`` (see the security notes above). + +The SSH config will be stored on the ansible control node by the +gitven path. Ansible uses it automatically. To access the cluster nodes with +that ssh config, use the `-F` prefix, f.e.: + + ssh -F /tmp/ssh.config.openshift.ansible.openshift.example.com master-0.openshift.example.com echo OK + +Note, relative paths will not work for the `openstack_ssh_config_path`, but it +works for the `openstack_private_ssh_key` and `openstack_inventory_path`. In this +guide, the latter points to the current directory, where you run ansible commands +from. + +To verify nodes connectivity, use the command: + + ansible -v -i inventory/hosts -m ping all + +If something is broken, double-check the inventory variables, paths and the +generated `<openstack_inventory_path>/hosts` and `openstack_ssh_config_path` files. + +The `inventory: dynamic` can be used instead to access cluster nodes directly via +floating IPs. In this mode you can not use a bastion node and should specify +the dynamic inventory file in your ansible commands , like `-i openstack.py`. + +## Using Docker on the Ansible host + +If you don't want to worry about the dependencies, you can use the +[OpenStack Control Host image][control-host-image]. + +[control-host-image]: https://hub.docker.com/r/redhatcop/control-host-openstack/ + +It has all the dependencies installed, but you'll need to map your +code and credentials to it. Assuming your SSH keys live in `~/.ssh` +and everything else is in your current directory (i.e. `ansible.cfg`, +`keystonerc`, `inventory`, `openshift-ansible`, +`openshift-ansible-contrib`), this is how you run the deployment: + + sudo docker run -it -v ~/.ssh:/mnt/.ssh:Z \ + -v $PWD:/root/openshift:Z \ + -v $PWD/keystonerc:/root/.config/openstack/keystonerc.sh:Z \ + redhatcop/control-host-openstack bash + +(feel free to replace `$PWD` with an actual path to your inventory and +checkouts, but note that relative paths don't work) + +The first run may take a few minutes while the image is being +downloaded. After that, you'll be inside the container and you can run +the playbooks: + + cd openshift + ansible-playbook openshift-ansible-contrib/playbooks/provisioning/openstack/provision.yaml + + +### Run the playbook + +Assuming your OpenStack (Keystone) credentials are in the `keystonerc` +this is how you stat the provisioning process from your ansible control node: + + . keystonerc + ansible-playbook openshift-ansible-contrib/playbooks/provisioning/openstack/provision.yaml + +Note, here you start with an empty inventory. The static inventory will be populated +with data so you can omit providing additional arguments for future ansible commands. + +If bastion enabled, the generates SSH config must be applied for ansible. +Otherwise, it is auto included by the previous step. In order to execute it +as a separate playbook, use the following command: + + ansible-playbook openshift-ansible-contrib/playbooks/provisioning/openstack/post-provision-openstack.yml + +The first infra node then becomes a bastion node as well and proxies access +for future ansible commands. The post-provision step also configures Satellite, +if requested, and DNS server, and ensures other OpenShift requirements to be met. + + +## Running Custom Post-Provision Actions + +A custom playbook can be run like this: + +``` +ansible-playbook --private-key ~/.ssh/openshift -i inventory/ openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/custom-playbook.yml +``` + +If you'd like to limit the run to one particular host, you can do so as follows: + +``` +ansible-playbook --private-key ~/.ssh/openshift -i inventory/ openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/custom-playbook.yml -l app-node-0.openshift.example.com +``` + +You can also create your own custom playbook. Here are a few examples: + +### Adding additional YUM repositories + +``` +--- +- hosts: app + tasks: + + # enable EPL + - name: Add repository + yum_repository: + name: epel + description: EPEL YUM repo + baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ +``` + +This example runs against app nodes. The list of options include: + + - cluster_hosts (all hosts: app, infra, masters, dns, lb) + - OSEv3 (app, infra, masters) + - app + - dns + - masters + - infra_hosts + +### Attaching additional RHN pools + +``` +--- +- hosts: cluster_hosts + tasks: + - name: Attach additional RHN pool + become: true + command: "/usr/bin/subscription-manager attach --pool=<pool ID>" + register: attach_rhn_pool_result + until: attach_rhn_pool_result.rc == 0 + retries: 10 + delay: 1 +``` + +This playbook runs against all cluster nodes. In order to help prevent slow connectivity +problems, the task is retried 10 times in case of initial failure. +Note that in order for this example to work in your deployment, your servers must use the RHEL image. + +### Adding extra Docker registry URLs + +This playbook is located in the [custom-actions](https://github.com/openshift/openshift-ansible-contrib/tree/master/playbooks/provisioning/openstack/custom-actions) directory. + +It adds URLs passed as arguments to the docker configuration program. +Going into more detail, the configuration program (which is in the YAML format) is loaded into an ansible variable +([lines 27-30](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml#L27-L30)) +and in its structure, `registries` and `insecure_registries` sections are expanded with the newly added items +([lines 56-76](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml#L56-L76)). +The new content is then saved into the original file +([lines 78-82](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml#L78-L82)) +and docker is restarted. + +Example usage: +``` +ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml --extra-vars '{"registries": "reg1", "insecure_registries": ["ins_reg1","ins_reg2"]}' +``` + +### Adding extra CAs to the trust chain + +This playbook is also located in the [custom-actions](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions) directory. +It copies passed CAs to the trust chain location and updates the trust chain on each selected host. + +Example usage: +``` +ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-cas.yml --extra-vars '{"ca_files": [<absolute path to ca1 file>, <absolute path to ca2 file>]}' +``` + +Please consider contributing your custom playbook back to openshift-ansible-contrib! + +A library of custom post-provision actions exists in `openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions`. Playbooks include: + +* [add-yum-repos.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-yum-repos.yml): adds a list of custom yum repositories to every node in the cluster +* [add-rhn-pools.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): attaches a list of additional RHN pools to every node in the cluster +* [add-docker-registry.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-docker-registry.yml): adds a list of docker registries to the docker configuration on every node in the cluster +* [add-cas.yml](https://github.com/openshift/openshift-ansible-contrib/blob/master/playbooks/provisioning/openstack/custom-actions/add-rhn-pools.yml): adds a list of CAs to the trust chain on every node in the cluster + + +## Install OpenShift + +Once it succeeds, you can install openshift by running: + + ansible-playbook openshift-ansible/playbooks/byo/config.yml + +## Access UI + +OpenShift UI may be accessed via the 1st master node FQDN, port 8443. + +When using a bastion, you may want to make an SSH tunnel from your control node +to access UI on the `https://localhost:8443`, with this inventory variable: + + openshift_openstack_ui_ssh_tunnel: True + +Note, this requires sudo rights on the ansible control node and an absolute path +for the `openstack_private_ssh_key`. You should also update the control node's +`/etc/hosts`: + + 127.0.0.1 master-0.openshift.example.com + +In order to access UI, the ssh-tunnel service will be created and started on the +control node. Make sure to remove these changes and the service manually, when not +needed anymore. + +## Scale Deployment up/down + +### Scaling up + +One can scale up the number of application nodes by executing the ansible playbook +`openshift-ansible-contrib/playbooks/provisioning/openstack/scale-up.yaml`. +This process can be done even if there is currently no deployment available. +The `increment_by` variable is used to specify by how much the deployment should +be scaled up (if none exists, it serves as a target number of application nodes). +The path to `openshift-ansible` directory can be customised by the `openshift_ansible_dir` +variable. Its value must be an absolute path to `openshift-ansible` and it cannot +contain the '/' symbol at the end. + +Usage: + +``` +ansible-playbook -i <path to inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/scale-up.yaml` [-e increment_by=<number>] [-e openshift_ansible_dir=<path to openshift-ansible>] +``` + +Note: This playbook works only without a bastion node (`openshift_openstack_use_bastion: False`). diff --git a/playbooks/openstack/openshift-cluster/install.yml b/playbooks/openstack/openshift-cluster/install.yml new file mode 100644 index 000000000..1c4f609e3 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/install.yml @@ -0,0 +1,15 @@ +--- +# NOTE(shadower): the AWS playbook builds an in-memory inventory of +# all the EC2 instances here. We don't need to as that's done by the +# dynamic inventory. + +# TODO(shadower): the AWS playbook sets the +# `openshift_master_cluster_hostname` and `osm_custom_cors_origins` +# values here. We do it in the OSEv3 group vars. Do we need to add +# some logic here? + +- name: run the initialization + include: ../../init/main.yml + +- name: run the config + include: ../../common/openshift-cluster/config.yml diff --git a/playbooks/openstack/openshift-cluster/prerequisites.yml b/playbooks/openstack/openshift-cluster/prerequisites.yml new file mode 100644 index 000000000..0356b37dd --- /dev/null +++ b/playbooks/openstack/openshift-cluster/prerequisites.yml @@ -0,0 +1,12 @@ +--- +- hosts: localhost + tasks: + - name: Check dependencies and OpenStack prerequisites + include_role: + name: openshift_openstack + tasks_from: check-prerequisites.yml + + - name: Check network configuration + include_role: + name: openshift_openstack + tasks_from: net_vars_check.yaml diff --git a/playbooks/openstack/openshift-cluster/provision.yml b/playbooks/openstack/openshift-cluster/provision.yml new file mode 100644 index 000000000..36d8c8215 --- /dev/null +++ b/playbooks/openstack/openshift-cluster/provision.yml @@ -0,0 +1,59 @@ +--- +- name: Create the OpenStack resources for cluster installation + hosts: localhost + tasks: + - name: provision cluster + include_role: + name: openshift_openstack + tasks_from: provision.yml + + +# NOTE(shadower): Bring in the host groups: +- name: evaluate groups + include: ../../init/evaluate_groups.yml + + +- name: Wait for the nodes and gather their facts + hosts: oo_all_hosts + become: yes + # NOTE: The nodes may not be up yet, don't gather facts here. + # They'll be collected after `wait_for_connection`. + gather_facts: no + tasks: + - name: Wait for the the nodes to come up + wait_for_connection: + + - name: Gather facts for the new nodes + setup: + + +# NOTE(shadower): the (internal) DNS must be functional at this point!! +# That will have happened in provision.yml if nsupdate was configured. + +# TODO(shadower): consider splitting this up so people can stop here +# and configure their DNS if they have to. +- name: Populate the DNS entries + hosts: localhost + tasks: + - name: Populate DNS entries + include_role: + name: openshift_openstack + tasks_from: populate-dns.yml + when: + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys.private is defined or openshift_openstack_external_nsupdate_keys.public is defined + +- name: Prepare the Nodes in the cluster for installation + hosts: oo_all_hosts + become: yes + gather_facts: yes + tasks: + - name: Install dependencies + include_role: + name: openshift_openstack + tasks_from: node-packages.yml + + - name: Configure Node + include_role: + name: openshift_openstack + tasks_from: node-configuration.yml diff --git a/playbooks/openstack/openshift-cluster/provision_install.yml b/playbooks/openstack/openshift-cluster/provision_install.yml new file mode 100644 index 000000000..5d88c105f --- /dev/null +++ b/playbooks/openstack/openshift-cluster/provision_install.yml @@ -0,0 +1,9 @@ +--- +- name: Check the prerequisites for cluster provisioning in OpenStack + include: prerequisites.yml + +- name: Include the provision.yml playbook to create cluster + include: provision.yml + +- name: Include the install.yml playbook to install cluster + include: install.yml diff --git a/playbooks/openstack/openshift-cluster/roles b/playbooks/openstack/openshift-cluster/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/playbooks/openstack/openshift-cluster/roles @@ -0,0 +1 @@ +../../../roles/
\ No newline at end of file diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml new file mode 100644 index 000000000..1e55adb9e --- /dev/null +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -0,0 +1,59 @@ +--- +openshift_deployment_type: origin +#openshift_deployment_type: openshift-enterprise +#openshift_release: v3.5 +openshift_master_default_subdomain: "apps.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" + +openshift_master_cluster_method: native +openshift_master_cluster_hostname: "console.{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" +openshift_master_cluster_public_hostname: "{{ openshift_master_cluster_hostname }}" + +osm_default_node_selector: 'region=primary' + +openshift_hosted_router_wait: True +openshift_hosted_registry_wait: True + +## Openstack credentials +#openshift_cloudprovider_kind=openstack +#openshift_cloudprovider_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}" +#openshift_cloudprovider_openstack_username: "{{ lookup('env','OS_USERNAME') }}" +#openshift_cloudprovider_openstack_password: "{{ lookup('env','OS_PASSWORD') }}" +#openshift_cloudprovider_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}" +#openshift_cloudprovider_openstack_region="{{ lookup('env', 'OS_REGION_NAME') }}" + + +## Use Cinder volume for Openshift registry: +#openshift_hosted_registry_storage_kind: openstack +#openshift_hosted_registry_storage_access_modes: ['ReadWriteOnce'] +#openshift_hosted_registry_storage_openstack_filesystem: xfs + +## NOTE(shadower): This won't work until the openshift-ansible issue #5657 is fixed: +## https://github.com/openshift/openshift-ansible/issues/5657 +## If you're using the `openshift_openstack_cinder_hosted_registry_name` option from +## `all.yml`, uncomment these lines: +#openshift_hosted_registry_storage_openstack_volumeID: "{{ lookup('os_cinder', openshift_openstack_cinder_hosted_registry_name).id }}" +#openshift_hosted_registry_storage_volume_size: "{{ openshift_openstack_cinder_hosted_registry_size_gb }}Gi" + +## If you're using a Cinder volume you've set up yourself, uncomment these lines: +#openshift_hosted_registry_storage_openstack_volumeID: e0ba2d73-d2f9-4514-a3b2-a0ced507fa05 +#openshift_hosted_registry_storage_volume_size: 10Gi + + +# NOTE(shadower): the hostname check seems to always fail because the +# host's floating IP address doesn't match the address received from +# inside the host. +openshift_override_hostname_check: true + +# For POCs or demo environments that are using smaller instances than +# the official recommended values for RAM and DISK, uncomment the line below. +#openshift_disable_check: disk_availability,memory_availability + +# NOTE(shadower): Always switch to root on the OSEv3 nodes. +# openshift-ansible requires an explicit `become`. +ansible_become: true + +# # Flannel networking +#osm_cluster_network_cidr: 10.128.0.0/14 +#openshift_use_openshift_sdn: false +#openshift_use_flannel: true +#flannel_interface: eth1 diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml new file mode 100644 index 000000000..921edb867 --- /dev/null +++ b/playbooks/openstack/sample-inventory/group_vars/all.yml @@ -0,0 +1,147 @@ +--- +openshift_openstack_clusterid: "openshift" +openshift_openstack_public_dns_domain: "example.com" +openshift_openstack_dns_nameservers: [] + +# # Used Hostnames +# # - set custom hostnames for roles by uncommenting corresponding lines +#openshift_openstack_master_hostname: "master" +#openshift_openstack_infra_hostname: "infra-node" +#openshift_openstack_node_hostname: "app-node" +#openshift_openstack_lb_hostname: "lb" +#openshift_openstack_etcd_hostname: "etcd" +#openshift_openstack_dns_hostname: "dns" + +openshift_openstack_keypair_name: "openshift" +openshift_openstack_external_network_name: "public" +#openshift_openstack_private_network_name: "openshift-ansible-{{ openshift_openstack_stack_name }}-net" +# # A dedicated Neutron network name for containers data network +# # Configures the data network to be separated from openshift_openstack_private_network_name +# # NOTE: this is only supported with Flannel SDN yet +#openstack_private_data_network_name: "openshift-ansible-{{ openshift_openstack_stack_name }}-data-net" + +## If you want to use a provider network, set its name here. +## NOTE: the `openshift_openstack_external_network_name` and +## `openshift_openstack_private_network_name` options will be ignored when using a +## provider network. +#openshift_openstack_provider_network_name: "provider" + +# # Used Images +# # - set specific images for roles by uncommenting corresponding lines +# # - note: do not remove openshift_openstack_default_image_name definition +#openshift_openstack_master_image_name: "centos7" +#openshift_openstack_infra_image_name: "centos7" +#openshift_openstack_node_image_name: "centos7" +#openshift_openstack_lb_image_name: "centos7" +#openshift_openstack_etcd_image_name: "centos7" +#openshift_openstack_dns_image_name: "centos7" +openshift_openstack_default_image_name: "centos7" + +openshift_openstack_num_masters: 1 +openshift_openstack_num_infra: 1 +openshift_openstack_num_nodes: 2 + +# # Used Flavors +# # - set specific flavors for roles by uncommenting corresponding lines +# # - note: do note remove openshift_openstack_default_flavor definition +#openshift_openstack_master_flavor: "m1.medium" +#openshift_openstack_infra_flavor: "m1.medium" +#openshift_openstack_node_flavor: "m1.medium" +#openshift_openstack_lb_flavor: "m1.medium" +#openshift_openstack_etcd_flavor: "m1.medium" +#openshift_openstack_dns_flavor: "m1.medium" +openshift_openstack_default_flavor: "m1.medium" + +# # Numerical index of nodes to remove +# openshift_openstack_nodes_to_remove: [] + +# # Docker volume size +# # - set specific volume size for roles by uncommenting corresponding lines +# # - note: do not remove docker_default_volume_size definition +#openshift_openstack_docker_master_volume_size: "15" +#openshift_openstack_docker_infra_volume_size: "15" +#openshift_openstack_docker_node_volume_size: "15" +#openshift_openstack_docker_etcd_volume_size: "2" +#openshift_openstack_docker_dns_volume_size: "1" +#openshift_openstack_docker_lb_volume_size: "5" +openshift_openstack_docker_volume_size: "15" + +## Specify server group policies for master and infra nodes. Nova must be configured to +## enable these policies. 'anti-affinity' will ensure that each VM is launched on a +## different physical host. +#openshift_openstack_master_server_group_policies: [anti-affinity] +#openshift_openstack_infra_server_group_policies: [anti-affinity] + +## Create a Cinder volume and use it for the OpenShift registry. +## NOTE: the openstack credentials and hosted registry options must be set in OSEv3.yml! +#openshift_openstack_cinder_hosted_registry_name: cinder-registry +#openshift_openstack_cinder_hosted_registry_size_gb: 10 + +## Set up a filesystem on the cinder volume specified in `OSEv3.yaml`. +## You need to specify the file system and volume ID in OSEv3 via +## `openshift_hosted_registry_storage_openstack_filesystem` and +## `openshift_hosted_registry_storage_openstack_volumeID`. +## WARNING: This will delete any data on the volume! +#openshift_openstack_prepare_and_format_registry_volume: False + +openshift_openstack_subnet_prefix: "192.168.99" + +## Red Hat subscription defaults to false which means we will not attempt to +## subscribe the nodes +#rhsm_register: False + +# # Using Red Hat Satellite: +#rhsm_register: True +#rhsm_satellite: 'sat-6.example.com' +#rhsm_org: 'OPENSHIFT_ORG' +#rhsm_activationkey: '<activation-key>' + +# # Or using RHN username, password and optionally pool: +#rhsm_register: True +#rhsm_username: '<username>' +#rhsm_password: '<password>' +#rhsm_pool: '<pool id>' + +#rhsm_repos: +# - "rhel-7-server-rpms" +# - "rhel-7-server-ose-3.5-rpms" +# - "rhel-7-server-extras-rpms" +# - "rhel-7-fast-datapath-rpms" + + +# # Roll-your-own DNS +#openshift_openstack_num_dns: 0 +#openshift_openstack_external_nsupdate_keys: +# public: +# key_secret: 'SKqKNdpfk7llKxZ57bbxUnUDobaaJp9t8CjXLJPl+fRI5mPcSBuxTAyvJPa6Y9R7vUg9DwCy/6WTpgLNqnV4Hg==' +# key_algorithm: 'hmac-md5' +# server: '192.168.1.1' +# private: +# key_secret: 'kVE2bVTgZjrdJipxPhID8BEZmbHD8cExlVPR+zbFpW6la8kL5wpXiwOh8q5AAosXQI5t95UXwq3Inx8QT58duw==' +# key_algorithm: 'hmac-md5' +# server: '192.168.1.2' + +# # Customize DNS server security options +#named_public_recursion: 'no' +#named_private_recursion: 'yes' + + +# NOTE(shadower): Do not change this value. The Ansible user is currently +# hardcoded to `openshift`. +ansible_user: openshift + +# # Use a single security group for a cluster (default: false) +#openshift_openstack_flat_secgrp: false + +# If you want to use the VM storage instead of Cinder volumes, set this to `true`. +# NOTE: this is for testing only! Your data will be gone once the VM disappears! +# openshift_openstack_ephemeral_volumes: false + +# # OpenShift node labels +# # - in order to customise node labels for app and/or infra group, set the +# # openshift_openstack_cluster_node_labels variable +#openshift_openstack_cluster_node_labels: +# app: +# region: primary +# infra: +# region: infra diff --git a/playbooks/openstack/sample-inventory/inventory.py b/playbooks/openstack/sample-inventory/inventory.py new file mode 100755 index 000000000..47c56d94d --- /dev/null +++ b/playbooks/openstack/sample-inventory/inventory.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +""" +This is an Ansible dynamic inventory for OpenStack. + +It requires your OpenStack credentials to be set in clouds.yaml or your shell +environment. + +""" + +from __future__ import print_function + +import json + +import shade + + +def build_inventory(): + '''Build the dynamic inventory.''' + cloud = shade.openstack_cloud() + + inventory = {} + + # TODO(shadower): filter the servers based on the `OPENSHIFT_CLUSTER` + # environment variable. + cluster_hosts = [ + server for server in cloud.list_servers() + if 'metadata' in server and 'clusterid' in server.metadata] + + masters = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'master'] + + etcd = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'etcd'] + if not etcd: + etcd = masters + + infra_hosts = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'node' and + server.metadata['sub-host-type'] == 'infra'] + + app = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'node' and + server.metadata['sub-host-type'] == 'app'] + + nodes = list(set(masters + infra_hosts + app)) + + dns = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'dns'] + + load_balancers = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'lb'] + + osev3 = list(set(nodes + etcd + load_balancers)) + + inventory['cluster_hosts'] = {'hosts': [s.name for s in cluster_hosts]} + inventory['OSEv3'] = {'hosts': osev3} + inventory['masters'] = {'hosts': masters} + inventory['etcd'] = {'hosts': etcd} + inventory['nodes'] = {'hosts': nodes} + inventory['infra_hosts'] = {'hosts': infra_hosts} + inventory['app'] = {'hosts': app} + inventory['dns'] = {'hosts': dns} + inventory['lb'] = {'hosts': load_balancers} + + for server in cluster_hosts: + if 'group' in server.metadata: + group = server.metadata.group + if group not in inventory: + inventory[group] = {'hosts': []} + inventory[group]['hosts'].append(server.name) + + inventory['_meta'] = {'hostvars': {}} + + for server in cluster_hosts: + ssh_ip_address = server.public_v4 or server.private_v4 + hostvars = { + 'ansible_host': ssh_ip_address + } + + public_v4 = server.public_v4 or server.private_v4 + if public_v4: + hostvars['public_v4'] = public_v4 + # TODO(shadower): what about multiple networks? + if server.private_v4: + hostvars['private_v4'] = server.private_v4 + + node_labels = server.metadata.get('node_labels') + if node_labels: + hostvars['openshift_node_labels'] = node_labels + + inventory['_meta']['hostvars'][server.name] = hostvars + return inventory + + +if __name__ == '__main__': + print(json.dumps(build_inventory(), indent=4, sort_keys=True)) diff --git a/requirements.txt b/requirements.txt index bf95b4ff9..be1bde18e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,10 +1,11 @@ # Versions are pinned to prevent pypi releases arbitrarily breaking # tests with new APIs/semantics. We want to update versions deliberately. -ansible==2.3.1.0 +ansible==2.4.0.0 boto==2.34.0 click==6.7 pyOpenSSL==16.2.0 # We need to disable ruamel.yaml for now because of test failures #ruamel.yaml six==1.10.0 +shade==1.24.0 passlib==1.6.5 diff --git a/roles/ansible_service_broker/defaults/main.yml b/roles/ansible_service_broker/defaults/main.yml index 9eb9db316..bea126618 100644 --- a/roles/ansible_service_broker/defaults/main.yml +++ b/roles/ansible_service_broker/defaults/main.yml @@ -1,11 +1,19 @@ --- ansible_service_broker_remove: false -ansible_service_broker_install: false +ansible_service_broker_install: true ansible_service_broker_log_level: info ansible_service_broker_output_request: false ansible_service_broker_recovery: true ansible_service_broker_bootstrap_on_startup: true -# Recommended you do not enable this for now ansible_service_broker_dev_broker: false +ansible_service_broker_refresh_interval: 600s +# Recommended you do not enable this for now ansible_service_broker_launch_apb_on_bind: false +ansible_service_broker_keep_namespace_on_error: true +ansible_service_broker_keep_namespace: false + +ansible_service_broker_image_pull_policy: IfNotPresent +ansible_service_broker_sandbox_role: edit +ansible_service_broker_auto_escalate: false +ansible_service_broker_local_registry_whitelist: [] diff --git a/roles/ansible_service_broker/tasks/generate_certs.yml b/roles/ansible_service_broker/tasks/generate_certs.yml new file mode 100644 index 000000000..3da896548 --- /dev/null +++ b/roles/ansible_service_broker/tasks/generate_certs.yml @@ -0,0 +1,44 @@ +--- + +- when: ansible_service_broker_certs_dir is undefined + block: + - name: Create ansible-service-broker cert directory + file: + path: "{{ openshift.common.config_base }}/ansible-service-broker" + state: directory + mode: 0755 + check_mode: no + + - name: Create self signing ca cert + command: 'openssl req -nodes -x509 -newkey rsa:4096 -keyout {{ openshift.common.config_base }}/ansible-service-broker/key.pem -out {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -days 365 -subj "/CN=asb-etcd.openshift-ansible-service-broker.svc"' + args: + creates: '{{ openshift.common.config_base }}/ansible-service-broker/cert.pem' + + - name: Create self signed client cert + command: '{{ item.cmd }}' + args: + creates: '{{ item.creates }}' + with_items: + - cmd: openssl genrsa -out {{ openshift.common.config_base }}/ansible-service-broker/client.key 2048 + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.key' + - cmd: 'openssl req -new -key {{ openshift.common.config_base }}/ansible-service-broker/client.key -out {{ openshift.common.config_base }}/ansible-service-broker/client.csr -subj "/CN=client"' + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.csr' + - cmd: openssl x509 -req -in {{ openshift.common.config_base }}/ansible-service-broker/client.csr -CA {{ openshift.common.config_base }}/ansible-service-broker/cert.pem -CAkey {{ openshift.common.config_base }}/ansible-service-broker/key.pem -CAcreateserial -out {{ openshift.common.config_base }}/ansible-service-broker/client.pem -days 1024 + creates: '{{ openshift.common.config_base }}/ansible-service-broker/client.pem' + + - set_fact: + ansible_service_broker_certs_dir: "{{ openshift.common.config_base }}/ansible-service-broker" + +- name: Read in certs for etcd + slurp: + src: '{{ ansible_service_broker_certs_dir }}/{{ item }}' + register: asb_etcd_certs + with_items: + - cert.pem + - client.pem + - client.key + +- set_fact: + etcd_ca_cert: "{{ asb_etcd_certs.results.0.content | b64decode }}" + etcd_client_cert: "{{ asb_etcd_certs.results.1.content | b64decode }}" + etcd_client_key: "{{ asb_etcd_certs.results.2.content | b64decode }}" diff --git a/roles/ansible_service_broker/tasks/install.yml b/roles/ansible_service_broker/tasks/install.yml index b3797ef96..ff90f59a3 100644 --- a/roles/ansible_service_broker/tasks/install.yml +++ b/roles/ansible_service_broker/tasks/install.yml @@ -17,10 +17,13 @@ ansible_service_broker_etcd_image_etcd_path: "{{ ansible_service_broker_etcd_image_etcd_path | default(__ansible_service_broker_etcd_image_etcd_path) }}" ansible_service_broker_registry_type: "{{ ansible_service_broker_registry_type | default(__ansible_service_broker_registry_type) }}" + ansible_service_broker_registry_name: "{{ ansible_service_broker_registry_name | default(__ansible_service_broker_registry_name) }}" ansible_service_broker_registry_url: "{{ ansible_service_broker_registry_url | default(__ansible_service_broker_registry_url) }}" ansible_service_broker_registry_user: "{{ ansible_service_broker_registry_user | default(__ansible_service_broker_registry_user) }}" ansible_service_broker_registry_password: "{{ ansible_service_broker_registry_password | default(__ansible_service_broker_registry_password) }}" ansible_service_broker_registry_organization: "{{ ansible_service_broker_registry_organization | default(__ansible_service_broker_registry_organization) }}" + ansible_service_broker_registry_tag: "{{ ansible_service_broker_registry_tag | default(__ansible_service_broker_registry_tag) }}" + ansible_service_broker_registry_whitelist: "{{ ansible_service_broker_registry_whitelist | default(__ansible_service_broker_registry_whitelist) }}" - name: set ansible-service-broker image facts using set prefix and tag set_fact: @@ -29,6 +32,7 @@ - include: validate_facts.yml +- include: generate_certs.yml # Deployment of ansible-service-broker starts here - name: create openshift-ansible-service-broker project @@ -42,53 +46,177 @@ namespace: openshift-ansible-service-broker state: present -- name: Set SA cluster-role +- name: create ansible-service-broker client serviceaccount + oc_serviceaccount: + name: asb-client + namespace: openshift-ansible-service-broker + state: present + +- name: Create asb-auth cluster role + oc_clusterrole: + state: present + name: asb-auth + rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["create", "delete"] + - apiGroups: ["authorization.openshift.io"] + resources: ["subjectrulesreview"] + verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + - apiGroups: ["image.openshift.io", ""] + resources: ["images"] + verbs: ["get", "list"] + +- name: Create asb-access cluster role + oc_clusterrole: + state: present + name: asb-access + rules: + - nonResourceURLs: ["/ansible-service-broker", "/ansible-service-broker/*"] + verbs: ["get", "post", "put", "patch", "delete"] + +- name: Bind admin cluster-role to asb serviceaccount oc_adm_policy_user: state: present - namespace: "openshift-ansible-service-broker" resource_kind: cluster-role resource_name: admin user: "system:serviceaccount:openshift-ansible-service-broker:asb" +- name: Bind auth cluster role to asb service account + oc_adm_policy_user: + state: present + resource_kind: cluster-role + resource_name: asb-auth + user: "system:serviceaccount:openshift-ansible-service-broker:asb" + +- name: Bind asb-access role to asb-client service account + oc_adm_policy_user: + state: present + resource_kind: cluster-role + resource_name: asb-access + user: "system:serviceaccount:openshift-ansible-service-broker:asb-client" + +- name: create asb-client token secret + oc_obj: + name: asb-client + namespace: openshift-ansible-service-broker + state: present + kind: Secret + content: + path: /tmp/asbclientsecretout + data: + apiVersion: v1 + kind: Secret + metadata: + name: asb-client + namespace: openshift-ansible-service-broker + annotations: + kubernetes.io/service-account.name: asb-client + type: kubernetes.io/service-account-token + +- name: Create etcd-auth secret + oc_secret: + name: etcd-auth-secret + namespace: openshift-ansible-service-broker + contents: + - path: ca.crt + data: '{{ etcd_ca_cert }}' + +- name: Create broker-etcd-auth secret + oc_secret: + name: broker-etcd-auth-secret + namespace: openshift-ansible-service-broker + contents: + - path: client.crt + data: '{{ etcd_client_cert }}' + - path: client.key + data: '{{ etcd_client_key }}' + +- oc_secret: + state: list + namespace: openshift-ansible-service-broker + name: asb-client + register: asb_client_secret + +- set_fact: + service_ca_crt: "{{ asb_client_secret.results.results.0.data['service-ca.crt'] }}" + +# Using oc_obj because oc_service doesn't seem to allow annotations +# TODO: Extend oc_service to allow annotations - name: create ansible-service-broker service - oc_service: + oc_obj: name: asb namespace: openshift-ansible-service-broker state: present - labels: - app: openshift-ansible-service-broker - service: asb - ports: - - name: port-1338 - port: 1338 - selector: - app: openshift-ansible-service-broker - service: asb + kind: Service + content: + path: /tmp/asbsvcout + data: + apiVersion: v1 + kind: Service + metadata: + name: asb + namespace: openshift-ansible-service-broker + labels: + app: openshift-ansible-service-broker + service: asb + annotations: + service.alpha.openshift.io/serving-cert-secret-name: asb-tls + spec: + ports: + - name: port-1338 + port: 1338 + targetPort: 1338 + protocol: TCP + selector: + app: openshift-ansible-service-broker + service: asb -- name: create etcd service - oc_service: - name: etcd +- name: create asb-etcd service + oc_obj: + name: asb-etcd namespace: openshift-ansible-service-broker state: present - ports: - - name: etcd-advertise - port: 2379 - selector: - app: openshift-ansible-service-broker - service: etcd + kind: Service + content: + path: /tmp/asbetcdsvcout + data: + apiVersion: v1 + kind: Service + metadata: + name: asb-etcd + labels: + app: etcd + service: asb-etcd + annotations: + service.alpha.openshift.io/serving-cert-secret-name: etcd-tls + spec: + ports: + - name: port-2379 + port: 2379 + targetPort: 2379 + protocol: TCP + selector: + app: etcd + service: asb-etcd - name: create route for ansible-service-broker service oc_route: name: asb-1338 namespace: openshift-ansible-service-broker state: present + labels: + app: openshift-ansible-service-broker + service: asb service_name: asb port: 1338 - register: asb_route_out - -- name: get ansible-service-broker route name - set_fact: - ansible_service_broker_route: "{{ asb_route_out.results.results[0].spec.host }}" + tls_termination: Reencrypt - name: create persistent volume claim for etcd oc_obj: @@ -97,7 +225,7 @@ state: present kind: PersistentVolumeClaim content: - path: /tmp/dcout + path: /tmp/pvcout data: apiVersion: v1 kind: PersistentVolumeClaim @@ -111,116 +239,149 @@ requests: storage: 1Gi -- name: create etcd deployment +- name: Create Ansible Service Broker deployment config oc_obj: - name: etcd + name: asb namespace: openshift-ansible-service-broker state: present - kind: Deployment + kind: DeploymentConfig content: path: /tmp/dcout data: - apiVersion: extensions/v1beta1 - kind: Deployment + apiVersion: v1 + kind: DeploymentConfig metadata: - name: etcd - namespace: openshift-ansible-service-broker + name: asb labels: app: openshift-ansible-service-broker - service: etcd + service: asb spec: + replicas: 1 selector: - matchLabels: - app: openshift-ansible-service-broker - service: etcd + app: openshift-ansible-service-broker strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - replicas: 1 + type: Rolling template: metadata: labels: app: openshift-ansible-service-broker - service: etcd + service: asb spec: - restartPolicy: Always + serviceAccount: asb containers: - - image: "{{ ansible_service_broker_etcd_image }}" - name: etcd + - image: "{{ ansible_service_broker_image }}" + name: asb imagePullPolicy: IfNotPresent - terminationMessagePath: /tmp/termination-log - workingDir: /etcd - args: - - '{{ ansible_service_broker_etcd_image_etcd_path }}' - - --data-dir=/data - - "--listen-client-urls=http://0.0.0.0:2379" - - "--advertise-client-urls=http://0.0.0.0:2379" + volumeMounts: + - name: config-volume + mountPath: /etc/ansible-service-broker + - name: asb-tls + mountPath: /etc/tls/private + - name: asb-etcd-auth + mountPath: /var/run/asb-etcd-auth ports: - - containerPort: 2379 + - containerPort: 1338 protocol: TCP env: - - name: ETCDCTL_API - value: "3" - volumeMounts: - - mountPath: /data - name: etcd + - name: BROKER_CONFIG + value: /etc/ansible-service-broker/config.yaml + resources: {} + terminationMessagePath: /tmp/termination-log + readinessProbe: + httpGet: + port: 1338 + path: /healthz + scheme: HTTPS + initialDelaySeconds: 15 + timeoutSeconds: 1 + livenessProbe: + httpGet: + port: 1338 + path: /healthz + scheme: HTTPS + initialDelaySeconds: 15 + timeoutSeconds: 1 volumes: - - name: etcd - persistentVolumeClaim: - claimName: etcd + - name: config-volume + configMap: + name: broker-config + items: + - key: broker-config + path: config.yaml + - name: asb-tls + secret: + secretName: asb-tls + - name: asb-etcd-auth + secret: + secretName: broker-etcd-auth-secret -- name: create ansible-service-broker deployment +- name: Create asb-etcd deployment config oc_obj: - name: asb + name: etcd namespace: openshift-ansible-service-broker state: present - kind: Deployment + kind: DeploymentConfig content: path: /tmp/dcout data: - apiVersion: extensions/v1beta1 - kind: Deployment + apiVersion: v1 + kind: DeploymentConfig metadata: - name: asb - namespace: openshift-ansible-service-broker + name: asb-etcd labels: - app: openshift-ansible-service-broker - service: asb + app: etcd + service: asb-etcd spec: - strategy: - type: Recreate replicas: 1 + selector: + app: etcd + strategy: + type: Rolling template: metadata: labels: - app: openshift-ansible-service-broker - service: asb + app: etcd + service: asb-etcd spec: serviceAccount: asb - restartPolicy: Always containers: - - image: "{{ ansible_service_broker_image }}" - name: asb + - image: "{{ ansible_service_broker_etcd_image }}" + name: etcd imagePullPolicy: IfNotPresent - volumeMounts: - - name: config-volume - mountPath: /etc/ansible-service-broker + terminationMessagePath: /tmp/termination-log + workingDir: /etcd + args: + - "{{ ansible_service_broker_etcd_image_etcd_path }}" + - "--data-dir=/data" + - "--listen-client-urls=https://0.0.0.0:2379" + - "--advertise-client-urls=https://0.0.0.0:2379" + - "--client-cert-auth" + - "--trusted-ca-file=/var/run/etcd-auth-secret/ca.crt" + - "--cert-file=/etc/tls/private/tls.crt" + - "--key-file=/etc/tls/private/tls.key" ports: - - containerPort: 1338 + - containerPort: 2379 protocol: TCP env: - - name: BROKER_CONFIG - value: /etc/ansible-service-broker/config.yaml - terminationMessagePath: /tmp/termination-log + - name: ETCDCTL_API + value: "3" + volumeMounts: + - name: etcd + mountPath: /data + - name: etcd-tls + mountPath: /etc/tls/private + - name: etcd-auth + mountPath: /var/run/etcd-auth-secret volumes: - - name: config-volume - configMap: - name: broker-config - items: - - key: broker-config - path: config.yaml + - name: etcd + persistentVolumeClaim: + claimName: etcd + - name: etcd-tls + secret: + secretName: etcd-tls + - name: etcd-auth + secret: + secretName: etcd-auth-secret # TODO: saw a oc_configmap in the library, but didn't understand how to get it to do the following: @@ -239,42 +400,80 @@ name: broker-config namespace: openshift-ansible-service-broker labels: - app: ansible-service-broker + app: openshift-ansible-service-broker data: broker-config: | registry: - name: "{{ ansible_service_broker_registry_type }}" - url: "{{ ansible_service_broker_registry_url }}" - user: "{{ ansible_service_broker_registry_user }}" - pass: "{{ ansible_service_broker_registry_password }}" - org: "{{ ansible_service_broker_registry_organization }}" + - type: {{ ansible_service_broker_registry_type }} + name: {{ ansible_service_broker_registry_name }} + url: {{ ansible_service_broker_registry_url }} + org: {{ ansible_service_broker_registry_organization }} + tag: {{ ansible_service_broker_registry_tag }} + white_list: {{ ansible_service_broker_registry_whitelist | to_yaml }} + - type: local_openshift + name: localregistry + namespaces: ['openshift'] + white_list: {{ ansible_service_broker_local_registry_whitelist | to_yaml }} dao: - etcd_host: etcd + etcd_host: asb-etcd.openshift-ansible-service-broker.svc etcd_port: 2379 + etcd_ca_file: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt + etcd_client_cert: /var/run/asb-etcd-auth/client.crt + etcd_client_key: /var/run/asb-etcd-auth/client.key log: - logfile: /var/log/ansible-service-broker/asb.log stdout: true - level: "{{ ansible_service_broker_log_level }}" + level: {{ ansible_service_broker_log_level }} color: true - openshift: {} + openshift: + host: "" + ca_file: "" + bearer_token_file: "" + sandbox_role: {{ ansible_service_broker_sandbox_role }} + image_pull_policy: {{ ansible_service_broker_image_pull_policy }} + keep_namespace: {{ ansible_service_broker_keep_namespace | bool | lower }} + keep_namespace_on_error: {{ ansible_service_broker_keep_namespace_on_error | bool | lower }} broker: dev_broker: {{ ansible_service_broker_dev_broker | bool | lower }} + bootstrap_on_startup: {{ ansible_service_broker_bootstrap_on_startup | bool | lower }} + refresh_interval: {{ ansible_service_broker_refresh_interval }} launch_apb_on_bind: {{ ansible_service_broker_launch_apb_on_bind | bool | lower }} - recovery: {{ ansible_service_broker_recovery | bool | lower }} output_request: {{ ansible_service_broker_output_request | bool | lower }} - bootstrap_on_startup: {{ ansible_service_broker_bootstrap_on_startup | bool | lower }} + recovery: {{ ansible_service_broker_recovery | bool | lower }} + ssl_cert_key: /etc/tls/private/tls.key + ssl_cert: /etc/tls/private/tls.crt + auto_escalate: {{ ansible_service_broker_auto_escalate }} + auth: + - type: basic + enabled: false + +- oc_secret: + name: asb-registry-auth + namespace: openshift-ansible-service-broker + state: present + contents: + - path: username + data: "{{ ansible_service_broker_registry_user }}" + - path: password + data: "{{ ansible_service_broker_registry_password }}" - name: Create the Broker resource in the catalog oc_obj: name: ansible-service-broker state: present - kind: Broker + kind: ClusterServiceBroker content: path: /tmp/brokerout data: - apiVersion: servicecatalog.k8s.io/v1alpha1 - kind: Broker + apiVersion: servicecatalog.k8s.io/v1beta1 + kind: ClusterServiceBroker metadata: name: ansible-service-broker spec: - url: http://asb.openshift-ansible-service-broker.svc:1338 + url: https://asb.openshift-ansible-service-broker.svc:1338/ansible-service-broker + authInfo: + bearer: + secretRef: + name: asb-client + namespace: openshift-ansible-service-broker + kind: Secret + caBundle: "{{ service_ca_crt }}" diff --git a/roles/ansible_service_broker/tasks/main.yml b/roles/ansible_service_broker/tasks/main.yml index d8695bd3a..f5e06d163 100644 --- a/roles/ansible_service_broker/tasks/main.yml +++ b/roles/ansible_service_broker/tasks/main.yml @@ -2,7 +2,7 @@ # do any asserts here - include: install.yml - when: ansible_service_broker_install | default(false) | bool + when: ansible_service_broker_install | bool - include: remove.yml - when: ansible_service_broker_remove | default(false) | bool + when: ansible_service_broker_remove | bool diff --git a/roles/ansible_service_broker/tasks/remove.yml b/roles/ansible_service_broker/tasks/remove.yml index 2519f9f4c..a1ac740e0 100644 --- a/roles/ansible_service_broker/tasks/remove.yml +++ b/roles/ansible_service_broker/tasks/remove.yml @@ -1,22 +1,87 @@ --- -- name: remove openshift-ansible-service-broker project - oc_project: - name: openshift-ansible-service-broker - state: absent - - name: remove ansible-service-broker serviceaccount oc_serviceaccount: name: asb namespace: openshift-ansible-service-broker state: absent +- name: remove ansible-service-broker client serviceaccount + oc_serviceaccount: + name: asb-client + namespace: openshift-ansible-service-broker + state: absent + +- name: remove asb-auth cluster role + oc_clusterrole: + state: absent + name: asb-auth + +- name: remove asb-access cluster role + oc_clusterrole: + state: absent + name: asb-access + +- name: Unbind admin cluster-role to asb serviceaccount + oc_adm_policy_user: + state: absent + namespace: openshift-ansible-service-broker + resource_kind: cluster-role + resource_name: admin + user: "system:serviceaccount:openshift-ansible-service-broker:asb" + +- name: Unbind auth cluster role to asb service account + oc_adm_policy_user: + state: absent + namespace: openshift-ansible-service-broker + resource_kind: cluster-role + resource_name: asb-auth + user: "system:serviceaccount:openshift-ansible-service-broker:asb" + +- name: Unbind asb-access role to asb-client service account + oc_adm_policy_user: + state: absent + namespace: openshift-ansible-service-broker + resource_kind: cluster-role + resource_name: asb-access + user: "system:serviceaccount:openshift-ansible-service-broker:asb-client" + +- name: remove asb-registry auth secret + oc_secret: + state: absent + name: asb-registry-auth + namespace: openshift-ansible-service-broker + +- name: remove asb-client token secret + oc_secret: + state: absent + name: asb-client + namespace: openshift-ansible-service-broker + +- name: Remove etcd-auth secret + oc_secret: + state: absent + name: etcd-auth-secret + namespace: openshift-ansible-service-broker + +- name: Remove broker-etcd-auth secret + oc_secret: + state: absent + name: broker-etcd-auth-secret + namespace: openshift-ansible-service-broker + - name: remove ansible-service-broker service oc_service: name: asb namespace: openshift-ansible-service-broker state: absent +- name: remove asb-etcd service + oc_service: + state: absent + name: asb-etcd + namespace: openshift-ansible-service-broker + - name: remove etcd service oc_service: name: etcd @@ -35,19 +100,27 @@ namespace: openshift-ansible-service-broker state: absent -- name: remove etcd deployment +- name: remove Ansible Service Broker deployment config oc_obj: - name: etcd + name: asb namespace: openshift-ansible-service-broker + kind: DeploymentConfig state: absent - kind: Deployment -- name: remove ansible-service-broker deployment +- name: remove Ansible Service Broker etcd deployment config oc_obj: - name: asb + name: asb-etcd + namespace: openshift-ansible-service-broker + kind: DeploymentConfig + state: absent + + +- name: remove secret for broker auth + oc_obj: + name: asb-client namespace: openshift-ansible-service-broker + kind: Secret state: absent - kind: Deployment # TODO: saw a oc_configmap in the library, but didn't understand how to get it to do the following: - name: remove config map for ansible-service-broker @@ -58,8 +131,19 @@ kind: ConfigMap # TODO: Is this going to work? +- shell: > + oc get apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found" + register: get_apiservices + changed_when: no + - name: remove broker object from the catalog oc_obj: name: ansible-service-broker state: absent - kind: Broker + kind: ClusterServiceBroker + when: not "'not found' in get_apiservices.stdout" + +- name: remove openshift-ansible-service-broker project + oc_project: + name: openshift-ansible-service-broker + state: absent diff --git a/roles/ansible_service_broker/tasks/validate_facts.yml b/roles/ansible_service_broker/tasks/validate_facts.yml index 604d24e1d..a2345551b 100644 --- a/roles/ansible_service_broker/tasks/validate_facts.yml +++ b/roles/ansible_service_broker/tasks/validate_facts.yml @@ -1,11 +1,9 @@ --- - name: validate Dockerhub registry settings - fail: msg="To use the dockerhub registry, you must provide the ansible_service_broker_registry_user. ansible_service_broker_registry_password, and ansible_service_broker_registry_organization parameters" + fail: msg="To use the dockerhub registry, you must provide the ansible_service_broker_registry_organization" when: - ansible_service_broker_registry_type == 'dockerhub' - - not (ansible_service_broker_registry_user and - ansible_service_broker_registry_password and - ansible_service_broker_registry_organization) + - not ansible_service_broker_registry_organization - name: validate RHCC registry settings diff --git a/roles/ansible_service_broker/vars/default_images.yml b/roles/ansible_service_broker/vars/default_images.yml index 15e448515..248e0363d 100644 --- a/roles/ansible_service_broker/vars/default_images.yml +++ b/roles/ansible_service_broker/vars/default_images.yml @@ -8,7 +8,10 @@ __ansible_service_broker_etcd_image_tag: latest __ansible_service_broker_etcd_image_etcd_path: /usr/local/bin/etcd __ansible_service_broker_registry_type: dockerhub +__ansible_service_broker_registry_name: dh __ansible_service_broker_registry_url: null __ansible_service_broker_registry_user: null __ansible_service_broker_registry_password: null -__ansible_service_broker_registry_organization: null +__ansible_service_broker_registry_organization: ansibleplaybookbundle +__ansible_service_broker_registry_tag: latest +__ansible_service_broker_registry_whitelist: [] diff --git a/roles/ansible_service_broker/vars/openshift-enterprise.yml b/roles/ansible_service_broker/vars/openshift-enterprise.yml index ce2ae8365..c203f596e 100644 --- a/roles/ansible_service_broker/vars/openshift-enterprise.yml +++ b/roles/ansible_service_broker/vars/openshift-enterprise.yml @@ -1,14 +1,19 @@ --- __ansible_service_broker_image_prefix: registry.access.redhat.com/openshift3/ose- -__ansible_service_broker_image_tag: v3.6 +__ansible_service_broker_image_tag: v3.7 -__ansible_service_broker_etcd_image_prefix: rhel7/ +__ansible_service_broker_etcd_image_prefix: registry.access.redhat.com/rhel7/ __ansible_service_broker_etcd_image_tag: latest __ansible_service_broker_etcd_image_etcd_path: /bin/etcd + __ansible_service_broker_registry_type: rhcc +__ansible_service_broker_registry_name: rh __ansible_service_broker_registry_url: "https://registry.access.redhat.com" __ansible_service_broker_registry_user: null __ansible_service_broker_registry_password: null __ansible_service_broker_registry_organization: null +__ansible_service_broker_registry_tag: v3.7 +__ansible_service_broker_registry_whitelist: + - '.*-apb$' diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml index 244e2cc41..f60912033 100644 --- a/roles/cockpit-ui/tasks/main.yml +++ b/roles/cockpit-ui/tasks/main.yml @@ -37,11 +37,11 @@ cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_kubeconfig }} changed_when: False - # TODO: Need to fix the origin and enterprise templates so that they both respect IMAGE_PREFIX - name: Deploy registry-console command: > {{ openshift.common.client_binary }} new-app --template=registry-console {% if openshift_cockpit_deployer_prefix is defined %}-p IMAGE_PREFIX="{{ openshift_cockpit_deployer_prefix }}"{% endif %} + {% if openshift_cockpit_deployer_basename is defined %}-p IMAGE_BASENAME="{{ openshift_cockpit_deployer_basename }}"{% endif %} {% if openshift_cockpit_deployer_version is defined %}-p IMAGE_VERSION="{{ openshift_cockpit_deployer_version }}"{% endif %} -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}" -p REGISTRY_HOST="{{ docker_registry_route.results[0].spec.host }}" diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index e36dfa7b9..224844a06 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -1,5 +1,8 @@ --- docker_cli_auth_config_path: '/root/.docker' +openshift_docker_signature_verification: False + +openshift_docker_alternative_creds: False # oreg_url is defined by user input. oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" @@ -19,4 +22,19 @@ l2_docker_additional_registries: "{% if openshift_docker_additional_registries i l2_docker_blocked_registries: "{% if openshift_docker_blocked_registries is string %}{% if openshift_docker_blocked_registries == '' %}[]{% elif ',' in openshift_docker_blocked_registries %}{{ openshift_docker_blocked_registries.split(',') | list }}{% else %}{{ [ openshift_docker_blocked_registries ] }}{% endif %}{% else %}{{ openshift_docker_blocked_registries }}{% endif %}" l2_docker_insecure_registries: "{% if openshift_docker_insecure_registries is string %}{% if openshift_docker_insecure_registries == '' %}[]{% elif ',' in openshift_docker_insecure_registries %}{{ openshift_docker_insecure_registries.split(',') | list }}{% else %}{{ [ openshift_docker_insecure_registries ] }}{% endif %}{% else %}{{ openshift_docker_insecure_registries }}{% endif %}" +openshift_docker_use_etc_containers: False containers_registries_conf_path: /etc/containers/registries.conf + +r_crio_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" +r_crio_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" + +r_crio_os_firewall_deny: [] +r_crio_os_firewall_allow: +- service: crio + port: 10010/tcp + + +openshift_docker_is_node_or_master: "{{ True if inventory_hostname in (groups['oo_masters_to_config']|default([])) or inventory_hostname in (groups['oo_nodes_to_config']|default([])) else False | bool }}" + +docker_alt_storage_path: /var/lib/containers/docker +docker_default_storage_path: /var/lib/docker diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 591367467..866ed0452 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -4,6 +4,7 @@ systemd: name: "{{ openshift.docker.service_name }}" state: restarted + daemon_reload: yes register: r_docker_restart_docker_result until: not r_docker_restart_docker_result | failed retries: 3 diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml index b773a417c..d5faae8df 100644 --- a/roles/docker/meta/main.yml +++ b/roles/docker/meta/main.yml @@ -11,3 +11,5 @@ galaxy_info: - 7 dependencies: - role: lib_openshift +- role: lib_os_firewall +- role: lib_utils diff --git a/roles/docker/tasks/crio_firewall.yml b/roles/docker/tasks/crio_firewall.yml new file mode 100644 index 000000000..fbd1ff515 --- /dev/null +++ b/roles/docker/tasks/crio_firewall.yml @@ -0,0 +1,40 @@ +--- +- when: r_crio_firewall_enabled | bool and not r_crio_use_firewalld | bool + block: + - name: Add iptables allow rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: add + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_allow }}" + + - name: Remove iptables rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: remove + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_deny }}" + +- when: r_crio_firewall_enabled | bool and r_crio_use_firewalld | bool + block: + - name: Add firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: enabled + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_allow }}" + + - name: Remove firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: disabled + when: item.cond | default(True) + with_items: "{{ r_crio_os_firewall_deny }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index dae17c3ce..69ee62790 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -10,13 +10,14 @@ l_use_crio: "{{ openshift_use_crio | default(False) }}" l_use_crio_only: "{{ openshift_use_crio_only | default(False) }}" -- when: - - openshift_deployment_type == 'openshift-enterprise' - assert: - that: - - "openshift_image_tag is defined" - msg: > - openshift_image_tag is a required inventory variable when installing openshift-enterprise +- name: Add enterprise registry, if necessary + set_fact: + l2_docker_additional_registries: "{{ l2_docker_additional_registries + [openshift_docker_ent_reg] }}" + when: + - openshift.common.deployment_type == 'openshift-enterprise' + - openshift_docker_ent_reg != '' + - openshift_docker_ent_reg not in l2_docker_additional_registries + - not l_use_crio_only - name: Use Package Docker if Requested include: package_docker.yml @@ -24,6 +25,15 @@ - not l_use_system_container - not l_use_crio_only +- name: Ensure /var/lib/containers exists + file: + path: /var/lib/containers + state: directory + +- name: Fix SELinux Permissions on /var/lib/containers + command: "restorecon -R /var/lib/containers/" + changed_when: false + - name: Use System Container Docker if Requested include: systemcontainer_docker.yml when: @@ -34,4 +44,49 @@ include: systemcontainer_crio.yml when: - l_use_crio - - inventory_hostname in groups['oo_masters_to_config'] or inventory_hostname in groups['oo_nodes_to_config'] + - openshift_docker_is_node_or_master | bool + +- name: stat the docker data dir + stat: + path: "{{ docker_default_storage_path }}" + register: dockerstat + +- when: + - l_use_crio + - dockerstat.stat.islnk is defined and not (dockerstat.stat.islnk | bool) + block: + - name: stop the current running docker + systemd: + state: stopped + name: "{{ openshift.docker.service_name }}" + + - name: "Ensure {{ docker_alt_storage_path }} exists" + file: + path: "{{ docker_alt_storage_path }}" + state: directory + + - name: "Set the selinux context on {{ docker_alt_storage_path }}" + command: "semanage fcontext -a -e {{ docker_default_storage_path }} {{ docker_alt_storage_path }}" + register: results + failed_when: + - results.rc == 1 + - "'already exists' not in results.stderr" + + - name: "restorecon the {{ docker_alt_storage_path }}" + command: "restorecon -r {{ docker_alt_storage_path }}" + + - name: Remove the old docker location + file: + state: absent + path: "{{ docker_default_storage_path }}" + + - name: Setup the link + file: + state: link + src: "{{ docker_alt_storage_path }}" + path: "{{ docker_default_storage_path }}" + + - name: start docker + systemd: + state: started + name: "{{ openshift.docker.service_name }}" diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index a35335937..8121163a6 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -48,15 +48,9 @@ template: dest: "{{ docker_systemd_dir }}/custom.conf" src: custom.conf.j2 - when: not os_firewall_use_firewalld | default(False) | bool - -- name: Add enterprise registry, if necessary - set_fact: - l2_docker_additional_registries: "{{ l2_docker_additional_registries + [openshift_docker_ent_reg] }}" - when: - - openshift.common.deployment_type == 'openshift-enterprise' - - openshift_docker_ent_reg != '' - - openshift_docker_ent_reg not in l2_docker_additional_registries + notify: + - restart docker + when: not (os_firewall_use_firewalld | default(False)) | bool - stat: path=/etc/sysconfig/docker register: docker_check @@ -87,6 +81,7 @@ template: dest: "{{ containers_registries_conf_path }}" src: registries.conf + when: openshift_docker_use_etc_containers | bool notify: - restart docker @@ -113,11 +108,12 @@ dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*$' line: "OPTIONS='\ - {% if ansible_selinux.status | default(None) == 'enabled' and docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %}\ - {% if docker_log_driver is defined %} --log-driver {{ docker_log_driver }}{% endif %}\ - {% if docker_log_options is defined %} {{ docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\ - {% if docker_options is defined %} {{ docker_options }}{% endif %}\ - {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'" + {% if ansible_selinux.status | default(None) == 'enabled' and docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %} \ + {% if docker_log_driver is defined %} --log-driver {{ docker_log_driver }}{% endif %} \ + {% if docker_log_options is defined %} {{ docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %} \ + {% if docker_options is defined %} {{ docker_options }}{% endif %} \ + {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %} \ + --signature-verification={{ openshift_docker_signature_verification | bool }}'" when: docker_check.stat.isreg is defined and docker_check.stat.isreg notify: - restart docker @@ -137,17 +133,12 @@ notify: - restart docker -- name: Check for credentials file for registry auth - stat: - path: "{{ docker_cli_auth_config_path }}/config.json" - when: oreg_auth_user is defined - register: docker_cli_auth_credentials_stat - -- name: Create credentials for docker cli registry auth - command: "docker --config={{ docker_cli_auth_config_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" - when: - - oreg_auth_user is defined - - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool +# The following task is needed as the systemd module may report a change in +# state even though docker is already running. +- name: Detect if docker is already started + command: "systemctl show docker -p ActiveState" + changed_when: False + register: r_docker_already_running_result - name: Start the Docker service systemd: @@ -161,6 +152,9 @@ delay: 30 - set_fact: - docker_service_status_changed: "{{ r_docker_package_docker_start_result | changed }}" + docker_service_status_changed: "{{ (r_docker_package_docker_start_result | changed) and (r_docker_already_running_result.stdout != 'ActiveState=active' ) }}" - meta: flush_handlers + +# This needs to run after docker is restarted to account for proxy settings. +- include: registry_auth.yml diff --git a/roles/docker/tasks/registry_auth.yml b/roles/docker/tasks/registry_auth.yml new file mode 100644 index 000000000..2c7bc5711 --- /dev/null +++ b/roles/docker/tasks/registry_auth.yml @@ -0,0 +1,32 @@ +--- +- name: Check for credentials file for registry auth + stat: + path: "{{ docker_cli_auth_config_path }}/config.json" + when: oreg_auth_user is defined + register: docker_cli_auth_credentials_stat + +- name: Create credentials for docker cli registry auth + command: "docker --config={{ docker_cli_auth_config_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" + register: openshift_docker_credentials_create_res + retries: 3 + delay: 5 + until: openshift_docker_credentials_create_res.rc == 0 + when: + - not openshift_docker_alternative_creds | bool + - oreg_auth_user is defined + - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + +# docker_creds is a custom module from lib_utils +# 'docker login' requires a docker.service running on the local host, this is an +# alternative implementation for non-docker hosts. This implementation does not +# check the registry to determine whether or not the credentials will work. +- name: Create credentials for docker cli registry auth (alternative) + docker_creds: + path: "{{ docker_cli_auth_config_path }}" + registry: "{{ oreg_host }}" + username: "{{ oreg_auth_user }}" + password: "{{ oreg_auth_password }}" + when: + - openshift_docker_alternative_creds | bool + - oreg_auth_user is defined + - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml index 386369d26..3fe10454d 100644 --- a/roles/docker/tasks/systemcontainer_crio.yml +++ b/roles/docker/tasks/systemcontainer_crio.yml @@ -3,16 +3,32 @@ # TODO: Much of this file is shared with container engine tasks - set_fact: l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}" - when: l2_docker_insecure_registries + when: l2_docker_insecure_registries | bool - set_fact: l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}" - when: l2_docker_additional_registries + when: l2_docker_additional_registries | bool - set_fact: l_crio_registries: "{{ ['docker.io'] }}" - when: not l2_docker_additional_registries + when: not (l2_docker_additional_registries | bool) - set_fact: l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}" - when: l2_docker_additional_registries + when: l2_docker_additional_registries | bool + +- set_fact: + l_openshift_image_tag: "{{ openshift_image_tag | string }}" + when: openshift_image_tag is defined + +- set_fact: + l_openshift_image_tag: "latest" + when: + - openshift_image_tag is not defined + - openshift_release == "latest" + +- set_fact: + l_openshift_image_tag: "{{ openshift_release | string }}" + when: + - openshift_image_tag is not defined + - openshift_release != "latest" - name: Ensure container-selinux is installed package: @@ -20,6 +36,12 @@ state: present when: not openshift.common.is_atomic | bool +- name: Check we are not using node as a Docker container with CRI-O + fail: msg='Cannot use CRI-O with node configured as a Docker container' + when: + - openshift.common.is_containerized | bool + - not openshift.common.is_node_system_container | bool + # Used to pull and install the system container - name: Ensure atomic is installed package: @@ -40,7 +62,7 @@ shell: lsmod | grep overlay register: l_has_overlay_in_kernel ignore_errors: yes - + failed_when: false - when: l_has_overlay_in_kernel.rc != 0 block: @@ -60,36 +82,10 @@ enabled: yes state: restarted - -- block: - - - name: Add http_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?http_proxy[:=]{1}" - line: "http_proxy: {{ openshift.common.http_proxy | default('') }}" - when: - - openshift.common.http_proxy is defined - - openshift.common.http_proxy != '' - - - name: Add https_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?https_proxy[:=]{1}" - line: "https_proxy: {{ openshift.common.https_proxy | default('') }}" - when: - - openshift.common.https_proxy is defined - - openshift.common.https_proxy != '' - - - name: Add no_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?no_proxy[:=]{1}" - line: "no_proxy: {{ openshift.common.no_proxy | default('') }}" - when: - - openshift.common.no_proxy is defined - - openshift.common.no_proxy != '' - +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy - block: @@ -106,10 +102,9 @@ - name: Set CRI-O image tag set_fact: - l_crio_image_tag: "{{ openshift_image_tag }}" + l_crio_image_tag: "{{ l_openshift_image_tag }}" when: - openshift_deployment_type == 'openshift-enterprise' - - openshift_image_tag is defined - name: Use RHEL based image when distribution is Red Hat set_fact: @@ -147,7 +142,7 @@ image: "{{ l_crio_image }}" state: latest -- name: Remove CRI-o default configuration files +- name: Remove CRI-O default configuration files file: path: "{{ item }}" state: absent @@ -166,6 +161,10 @@ path: /etc/cni/net.d/ state: directory +- name: setup firewall for CRI-O + include: crio_firewall.yml + static: yes + - name: Configure the CNI network template: dest: /etc/cni/net.d/openshift-sdn.conf @@ -180,3 +179,9 @@ register: start_result - meta: flush_handlers + +# If we are using crio only, docker.service might not be available for +# 'docker login' +- include: registry_auth.yml + vars: + openshift_docker_alternative_creds: "{{ l_use_crio_only }}" diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml index 5b1605b58..84220fa66 100644 --- a/roles/docker/tasks/systemcontainer_docker.yml +++ b/roles/docker/tasks/systemcontainer_docker.yml @@ -1,5 +1,21 @@ --- +- set_fact: + l_openshift_image_tag: "{{ openshift_image_tag | string }}" + when: openshift_image_tag is defined + +- set_fact: + l_openshift_image_tag: "latest" + when: + - openshift_image_tag is not defined + - openshift_release == "latest" + +- set_fact: + l_openshift_image_tag: "{{ openshift_release | string }}" + when: + - openshift_image_tag is not defined + - openshift_release != "latest" + # If docker_options are provided we should fail. We should not install docker and ignore # the users configuration. NOTE: docker_options == inventory:openshift_docker_options - name: Fail quickly if openshift_docker_options are set @@ -52,38 +68,10 @@ retries: 3 delay: 30 - -# Set http_proxy, https_proxy, and no_proxy in /etc/atomic.conf -# regexp: the line starts with or without #, followed by the string -# http_proxy, then either : or = -- block: - - - name: Add http_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?http_proxy[:=]{1}" - line: "http_proxy: {{ openshift.common.http_proxy | default('') }}" - when: - - openshift.common.http_proxy is defined - - openshift.common.http_proxy != '' - - - name: Add https_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?https_proxy[:=]{1}" - line: "https_proxy: {{ openshift.common.https_proxy | default('') }}" - when: - - openshift.common.https_proxy is defined - - openshift.common.https_proxy != '' - - - name: Add no_proxy to /etc/atomic.conf - lineinfile: - dest: /etc/atomic.conf - regexp: "^#?no_proxy[:=]{1}" - line: "no_proxy: {{ openshift.common.no_proxy | default('') }}" - when: - - openshift.common.no_proxy is defined - - openshift.common.no_proxy != '' +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy - block: @@ -94,10 +82,9 @@ - name: Set container engine image tag set_fact: - l_docker_image_tag: "{{ openshift_image_tag }}" + l_docker_image_tag: "{{ l_openshift_image_tag }}" when: - openshift_deployment_type == 'openshift-enterprise' - - openshift_image_tag is defined - name: Use Red Hat Registry for image when distribution is Red Hat set_fact: @@ -187,3 +174,9 @@ docker_service_status_changed: "{{ r_docker_systemcontainer_docker_start_result | changed }}" - meta: flush_handlers + +# Since docker is running as a system container, docker login will fail to create +# credentials. Use alternate method if requiring authenticated registries. +- include: registry_auth.yml + vars: + openshift_docker_alternative_creds: True diff --git a/roles/docker/templates/crio.conf.j2 b/roles/docker/templates/crio.conf.j2 index b4ee84fd0..3f066a17f 100644 --- a/roles/docker/templates/crio.conf.j2 +++ b/roles/docker/templates/crio.conf.j2 @@ -13,12 +13,12 @@ runroot = "/var/run/containers/storage" # storage_driver select which storage driver is used to manage storage # of images and containers. -storage_driver = "overlay2" +storage_driver = "overlay" # storage_option is used to pass an option to the storage driver. storage_option = [ {% if ansible_distribution in ['RedHat', 'CentOS'] %} - "overlay2.override_kernel_check=1" + "overlay.override_kernel_check=1" {% endif %} ] @@ -35,6 +35,10 @@ stream_address = "" # stream_port is the port on which the stream server will listen stream_port = "10010" +# file_locking is whether file-based locking will be used instead of +# in-memory locking +file_locking = true + # The "crio.runtime" table contains settings pertaining to the OCI # runtime used and options for how to set up and manage the OCI runtime. [crio.runtime] @@ -67,6 +71,9 @@ runtime_untrusted_workload = "" # container runtime for all containers. default_workload_trust = "trusted" +# no_pivot instructs the runtime to not use pivot_root, but instead use MS_MOVE +no_pivot = false + # conmon is the path to conmon binary, used for managing the runtime. conmon = "/usr/libexec/crio/conmon" @@ -93,6 +100,21 @@ apparmor_profile = "crio-default" # for the runtime. cgroup_manager = "systemd" +# hooks_dir_path is the oci hooks directory for automatically executed hooks +hooks_dir_path = "/usr/share/containers/oci/hooks.d" + +# default_mounts is the mounts list to be mounted for the container when created +default_mounts = [ + "/usr/share/rhel/secrets:/run/secrets", +] + +# pids_limit is the number of processes allowed in a container +pids_limit = 1024 + +# log_size_max is the max limit for the container log size in bytes. +# Negative values indicate that no limit is imposed. +log_size_max = 52428800 + # The "crio.image" table contains settings pertaining to the # management of OCI images. [crio.image] @@ -115,6 +137,10 @@ pause_command = "/pause" # unspecified so that the default system-wide policy will be used. signature_policy = "" +# image_volumes controls how image volumes are handled. +# The valid values are mkdir and ignore. +image_volumes = "mkdir" + # insecure_registries is used to skip TLS verification when pulling images. insecure_registries = [ {{ l_insecure_crio_registries|default("") }} @@ -125,6 +151,7 @@ insecure_registries = [ registries = [ {{ l_additional_crio_registries|default("") }} ] + # The "crio.network" table contains settings pertaining to the # management of CNI plugins. [crio.network] diff --git a/roles/docker/templates/custom.conf.j2 b/roles/docker/templates/custom.conf.j2 index 9b47cb6ab..713412473 100644 --- a/roles/docker/templates/custom.conf.j2 +++ b/roles/docker/templates/custom.conf.j2 @@ -3,3 +3,9 @@ [Unit] Wants=iptables.service After=iptables.service + +# The following line is a work-around to ensure docker is restarted whenever +# iptables is restarted. This ensures the proper iptables rules will be in +# place for docker. +# Note: This will also cause docker to be stopped if iptables is stopped. +PartOf=iptables.service diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml index 18164050a..4b734d4ed 100644 --- a/roles/etcd/defaults/main.yaml +++ b/roles/etcd/defaults/main.yaml @@ -13,8 +13,6 @@ r_etcd_common_etcdctl_command: "{{ 'etcdctl' if r_etcd_common_etcd_runtime == 'h # etcd server vars etcd_conf_dir: '/etc/etcd' -r_etcd_common_system_container_host_dir: /var/lib/etcd/etcd.etcd -etcd_system_container_conf_dir: /var/lib/etcd/etc etcd_conf_file: "{{ etcd_conf_dir }}/etcd.conf" etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt" etcd_cert_file: "{{ etcd_conf_dir }}/server.crt" @@ -54,7 +52,7 @@ etcd_is_containerized: False etcd_is_thirdparty: False # etcd dir vars -etcd_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' if r_etcd_common_etcd_runtime != 'runc' else '/var/lib/etcd/etcd.etcd/' }}" +etcd_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' }}" # etcd ports and protocols etcd_client_port: 2379 @@ -70,7 +68,8 @@ etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_ etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}" etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ etcd_ip }}:{{ etcd_client_port }}" -etcd_peer: 127.0.0.1 +# required role variable +#etcd_peer: 127.0.0.1 etcdctlv2: "etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} -C https://{{ etcd_peer }}:{{ etcd_client_port }}" etcd_service: "{{ 'etcd_container' if r_etcd_common_etcd_runtime == 'docker' else 'etcd' }}" @@ -78,7 +77,7 @@ etcd_service: "{{ 'etcd_container' if r_etcd_common_etcd_runtime == 'docker' els etcd_service_file: "/etc/systemd/system/{{ etcd_service }}.service" r_etcd_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" -r_etcd_use_firewalld: "{{ os_firewall_use_firewalld | default(Falsel) }}" +r_etcd_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" etcd_systemd_dir: "/etc/systemd/system/{{ etcd_service }}.service.d" r_etcd_os_firewall_deny: [] diff --git a/roles/etcd/tasks/auxiliary/clean_data.yml b/roles/etcd/tasks/auxiliary/clean_data.yml index 95a0e7c0a..1ed2db5bc 100644 --- a/roles/etcd/tasks/auxiliary/clean_data.yml +++ b/roles/etcd/tasks/auxiliary/clean_data.yml @@ -1,5 +1,5 @@ --- - name: Remove member data file: - path: /var/lib/etcd/member + path: "{{ etcd_data_dir }}/member" state: absent diff --git a/roles/etcd/tasks/auxiliary/disable_etcd.yml b/roles/etcd/tasks/auxiliary/disable_etcd.yml new file mode 100644 index 000000000..7c6d0409d --- /dev/null +++ b/roles/etcd/tasks/auxiliary/disable_etcd.yml @@ -0,0 +1,5 @@ +--- +- name: Disable etcd members + service: + name: "{{ etcd_service }}" + state: stopped diff --git a/roles/etcd/tasks/auxiliary/force_new_cluster.yml b/roles/etcd/tasks/auxiliary/force_new_cluster.yml new file mode 100644 index 000000000..ae8a36130 --- /dev/null +++ b/roles/etcd/tasks/auxiliary/force_new_cluster.yml @@ -0,0 +1,31 @@ +--- +- name: Set ETCD_FORCE_NEW_CLUSTER=true on first etcd host + lineinfile: + line: "ETCD_FORCE_NEW_CLUSTER=true" + dest: /etc/etcd/etcd.conf + backup: true + +- name: Start etcd + systemd: + name: "{{ etcd_service }}" + state: started + +- name: Wait for cluster to become healthy after bringing up first member + command: > + etcdctl --cert-file {{ etcd_peer_cert_file }} --key-file {{ etcd_peer_key_file }} --ca-file {{ etcd_peer_ca_file }} --endpoint https://{{ etcd_peer }}:{{ etcd_client_port }} cluster-health + register: l_etcd_migrate_health + until: l_etcd_migrate_health.rc == 0 + retries: 3 + delay: 30 + +- name: Unset ETCD_FORCE_NEW_CLUSTER=true on first etcd host + lineinfile: + line: "ETCD_FORCE_NEW_CLUSTER=true" + dest: /etc/etcd/etcd.conf + state: absent + backup: true + +- name: Restart first etcd host + systemd: + name: "{{ etcd_service }}" + state: restarted diff --git a/roles/etcd/tasks/backup.archive.yml b/roles/etcd/tasks/backup.archive.yml new file mode 100644 index 000000000..6daa6dc51 --- /dev/null +++ b/roles/etcd/tasks/backup.archive.yml @@ -0,0 +1,3 @@ +--- +- include: backup/vars.yml +- include: backup/archive.yml diff --git a/roles/etcd/tasks/backup.copy.yml b/roles/etcd/tasks/backup.copy.yml new file mode 100644 index 000000000..cc540cbca --- /dev/null +++ b/roles/etcd/tasks/backup.copy.yml @@ -0,0 +1,3 @@ +--- +- include: backup/vars.yml +- include: backup/copy.yml diff --git a/roles/etcd/tasks/backup.fetch.yml b/roles/etcd/tasks/backup.fetch.yml new file mode 100644 index 000000000..26ec15043 --- /dev/null +++ b/roles/etcd/tasks/backup.fetch.yml @@ -0,0 +1,3 @@ +--- +- include: backup/vars.yml +- include: backup/fetch.yml diff --git a/roles/etcd/tasks/backup.force_new_cluster.yml b/roles/etcd/tasks/backup.force_new_cluster.yml new file mode 100644 index 000000000..d2e866416 --- /dev/null +++ b/roles/etcd/tasks/backup.force_new_cluster.yml @@ -0,0 +1,12 @@ +--- +- include: backup/vars.yml + +- name: Move content of etcd backup under the etcd data directory + command: > + mv "{{ l_etcd_backup_dir }}/member" "{{ etcd_data_dir }}" + +- name: Set etcd group for the etcd data directory + command: > + chown -R etcd:etcd "{{ etcd_data_dir }}" + +- include: auxiliary/force_new_cluster.yml diff --git a/roles/etcd/tasks/backup.unarchive.yml b/roles/etcd/tasks/backup.unarchive.yml new file mode 100644 index 000000000..77a637360 --- /dev/null +++ b/roles/etcd/tasks/backup.unarchive.yml @@ -0,0 +1,3 @@ +--- +- include: backup/vars.yml +- include: backup/unarchive.yml diff --git a/roles/etcd/tasks/backup/archive.yml b/roles/etcd/tasks/backup/archive.yml new file mode 100644 index 000000000..f6aa68a6e --- /dev/null +++ b/roles/etcd/tasks/backup/archive.yml @@ -0,0 +1,5 @@ +--- +- name: Archive backup + archive: + path: "{{ l_etcd_backup_dir }}" + dest: "{{ l_etcd_backup_dir }}.tgz" diff --git a/roles/etcd/tasks/backup/backup.yml b/roles/etcd/tasks/backup/backup.yml index 42d27c081..ca0d29155 100644 --- a/roles/etcd/tasks/backup/backup.yml +++ b/roles/etcd/tasks/backup/backup.yml @@ -1,25 +1,9 @@ --- -# set the etcd backup directory name here in case the tag or sufix consists of dynamic value that changes over time -# e.g. openshift-backup-{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }} value will change every second so if the date changes -# right after setting l_etcd_incontainer_backup_dir and before l_etcd_backup_dir facts, the backup directory name is different -- set_fact: - l_backup_dir_name: "openshift-backup-{{ r_etcd_common_backup_tag }}{{ r_etcd_common_backup_sufix_name }}" - -- set_fact: - l_etcd_data_dir: "{{ etcd_data_dir }}{{ '/etcd.etcd' if r_etcd_common_etcd_runtime == 'runc' else '' }}" - -- set_fact: - l_etcd_incontainer_data_dir: "{{ etcd_data_dir }}" - -- set_fact: - l_etcd_incontainer_backup_dir: "{{ l_etcd_incontainer_data_dir }}/{{ l_backup_dir_name }}" - -- set_fact: - l_etcd_backup_dir: "{{ l_etcd_data_dir }}/{{ l_backup_dir_name }}" +- include: vars.yml # TODO: replace shell module with command and update later checks - name: Check available disk space for etcd backup - shell: df --output=avail -k {{ l_etcd_data_dir }} | tail -n 1 + shell: df --output=avail -k {{ etcd_data_dir }} | tail -n 1 register: l_avail_disk # AUDIT:changed_when: `false` because we are only inspecting # state, not manipulating anything @@ -27,7 +11,7 @@ # TODO: replace shell module with command and update later checks - name: Check current etcd disk usage - shell: du --exclude='*openshift-backup*' -k {{ l_etcd_data_dir }} | tail -n 1 | cut -f1 + shell: du --exclude='*openshift-backup*' -k {{ etcd_data_dir }} | tail -n 1 | cut -f1 register: l_etcd_disk_usage # AUDIT:changed_when: `false` because we are only inspecting # state, not manipulating anything @@ -60,17 +44,17 @@ - r_etcd_common_embedded_etcd | bool - not l_ostree_booted.stat.exists | bool -- name: Check selinux label of '{{ l_etcd_data_dir }}' +- name: Check selinux label of '{{ etcd_data_dir }}' command: > - stat -c '%C' {{ l_etcd_data_dir }} + stat -c '%C' {{ etcd_data_dir }} register: l_etcd_selinux_labels - debug: msg: "{{ l_etcd_selinux_labels }}" -- name: Make sure the '{{ l_etcd_data_dir }}' has the proper label +- name: Make sure the '{{ etcd_data_dir }}' has the proper label command: > - chcon -t svirt_sandbox_file_t "{{ l_etcd_data_dir }}" + chcon -t svirt_sandbox_file_t "{{ etcd_data_dir }}" when: - l_etcd_selinux_labels.rc == 0 - "'svirt_sandbox_file_t' not in l_etcd_selinux_labels.stdout" @@ -84,12 +68,12 @@ # https://github.com/openshift/openshift-docs/commit/b38042de02d9780842dce95cfa0ef45d53b58bc6 - name: Check for v3 data store stat: - path: "{{ l_etcd_data_dir }}/member/snap/db" + path: "{{ etcd_data_dir }}/member/snap/db" register: l_v3_db - name: Copy etcd v3 data store command: > - cp -a {{ l_etcd_data_dir }}/member/snap/db + cp -a {{ etcd_data_dir }}/member/snap/db {{ l_etcd_backup_dir }}/member/snap/ when: l_v3_db.stat.exists diff --git a/roles/etcd/tasks/backup/copy.yml b/roles/etcd/tasks/backup/copy.yml new file mode 100644 index 000000000..967e5ee66 --- /dev/null +++ b/roles/etcd/tasks/backup/copy.yml @@ -0,0 +1,5 @@ +--- +- name: Copy etcd backup + copy: + src: "{{ etcd_backup_sync_directory }}/{{ l_backup_dir_name }}.tgz" + dest: "{{ etcd_data_dir }}" diff --git a/roles/etcd/tasks/backup/fetch.yml b/roles/etcd/tasks/backup/fetch.yml new file mode 100644 index 000000000..610ce1960 --- /dev/null +++ b/roles/etcd/tasks/backup/fetch.yml @@ -0,0 +1,8 @@ +--- +- name: Fetch etcd backup + fetch: + src: "{{ l_etcd_backup_dir }}.tgz" + dest: "{{ etcd_backup_sync_directory }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes diff --git a/roles/etcd/tasks/backup/unarchive.yml b/roles/etcd/tasks/backup/unarchive.yml new file mode 100644 index 000000000..a85f533c2 --- /dev/null +++ b/roles/etcd/tasks/backup/unarchive.yml @@ -0,0 +1,14 @@ +--- +- shell: ls /var/lib/etcd + register: output + +- debug: + msg: "output: {{ output }}" + +- name: Unarchive backup + # can't use unarchive https://github.com/ansible/ansible/issues/30821 + # unarchive: + # src: "{{ l_etcd_backup_dir }}.tgz" + # dest: "{{ l_etcd_backup_dir }}" + command: > + tar -xf "{{ l_etcd_backup_dir }}.tgz" -C "{{ etcd_data_dir }}" diff --git a/roles/etcd/tasks/backup/vars.yml b/roles/etcd/tasks/backup/vars.yml new file mode 100644 index 000000000..3ffa641b3 --- /dev/null +++ b/roles/etcd/tasks/backup/vars.yml @@ -0,0 +1,15 @@ +--- +# set the etcd backup directory name here in case the tag or sufix consists of dynamic value that changes over time +# e.g. openshift-backup-{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }} value will change every second so if the date changes +# right after setting l_etcd_incontainer_backup_dir and before l_etcd_backup_dir facts, the backup directory name is different +- set_fact: + l_backup_dir_name: "openshift-backup-{{ r_etcd_common_backup_tag }}{{ r_etcd_common_backup_sufix_name }}" + +- set_fact: + l_etcd_incontainer_data_dir: "{{ etcd_data_dir }}" + +- set_fact: + l_etcd_incontainer_backup_dir: "{{ l_etcd_incontainer_data_dir }}/{{ l_backup_dir_name }}" + +- set_fact: + l_etcd_backup_dir: "{{ etcd_data_dir }}/{{ l_backup_dir_name }}" diff --git a/roles/etcd/tasks/backup_master_etcd_certificates.yml b/roles/etcd/tasks/backup_master_etcd_certificates.yml new file mode 100644 index 000000000..129e1831c --- /dev/null +++ b/roles/etcd/tasks/backup_master_etcd_certificates.yml @@ -0,0 +1,2 @@ +--- +- include: certificates/backup_master_etcd_certificates.yml diff --git a/roles/etcd/tasks/certificates/backup_master_etcd_certificates.yml b/roles/etcd/tasks/certificates/backup_master_etcd_certificates.yml new file mode 100644 index 000000000..e65b3e5a2 --- /dev/null +++ b/roles/etcd/tasks/certificates/backup_master_etcd_certificates.yml @@ -0,0 +1,7 @@ +--- +- name: Backup master etcd certificates + shell: > + tar -czvf /etc/origin/master/master-etcd-certificate-backup-{{ ansible_date_time.epoch }}.tgz + /etc/origin/master/master.etcd-* + args: + warn: no diff --git a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml index 26492fb3c..00b8f4a0b 100644 --- a/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml +++ b/roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml @@ -12,9 +12,6 @@ - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}server.crt" - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}peer.crt" - "{{ etcd_cert_config_dir }}/{{ etcd_cert_prefix }}ca.crt" - - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}server.crt" - - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}peer.crt" - - "{{ etcd_system_container_cert_config_dir }}/{{ etcd_cert_prefix }}ca.crt" register: g_etcd_server_cert_stat_result when: not etcd_certificates_redeploy | default(false) | bool @@ -141,7 +138,6 @@ state: directory with_items: - "{{ etcd_cert_config_dir }}" - - "{{ etcd_system_container_cert_config_dir }}" when: etcd_server_certs_missing | bool - name: Unarchive cert tarball @@ -176,25 +172,8 @@ state: directory with_items: - "{{ etcd_ca_dir }}" - - "{{ etcd_system_container_cert_config_dir }}/ca" when: etcd_server_certs_missing | bool -- name: Unarchive cert tarball for the system container - unarchive: - src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz" - dest: "{{ etcd_system_container_cert_config_dir }}" - when: - - etcd_server_certs_missing | bool - - r_etcd_common_etcd_runtime == 'runc' - -- name: Unarchive etcd ca cert tarballs for the system container - unarchive: - src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_ca_name }}.tgz" - dest: "{{ etcd_system_container_cert_config_dir }}/ca" - when: - - etcd_server_certs_missing | bool - - r_etcd_common_etcd_runtime == 'runc' - - name: Delete temporary directory local_action: file path="{{ g_etcd_server_mktemp.stdout }}" state=absent become: no diff --git a/roles/etcd/tasks/check_cluster_health.yml b/roles/etcd/tasks/check_cluster_health.yml new file mode 100644 index 000000000..75c110972 --- /dev/null +++ b/roles/etcd/tasks/check_cluster_health.yml @@ -0,0 +1,2 @@ +--- +- include: migration/check_cluster_health.yml diff --git a/roles/etcd/tasks/disable_etcd.yml b/roles/etcd/tasks/disable_etcd.yml new file mode 100644 index 000000000..9202e6e48 --- /dev/null +++ b/roles/etcd/tasks/disable_etcd.yml @@ -0,0 +1,2 @@ +--- +- include: auxiliary/disable_etcd.yml diff --git a/roles/etcd/tasks/fetch_backup.yml b/roles/etcd/tasks/fetch_backup.yml new file mode 100644 index 000000000..513eed17a --- /dev/null +++ b/roles/etcd/tasks/fetch_backup.yml @@ -0,0 +1,8 @@ +--- +- include: backup/vars.yml + +- include: backup/archive.yml + +- include: backup/sync_backup.yml + +- include: backup/ diff --git a/roles/etcd/tasks/migration/check.yml b/roles/etcd/tasks/migration/check.yml index 0804d9e1c..5c45e5ae1 100644 --- a/roles/etcd/tasks/migration/check.yml +++ b/roles/etcd/tasks/migration/check.yml @@ -3,6 +3,17 @@ # Check the cluster is healthy - include: check_cluster_health.yml +# Check if there is at least one v2 snapshot +- name: Check if there is at least one v2 snapshot + find: + paths: "{{ etcd_data_dir }}/member/snap" + patterns: '*.snap' + register: snapshots_result + +- fail: + msg: "Before the migration can proceed the etcd member must write down at least one snapshot under {{ etcd_data_dir }}/member/snap directory." + when: snapshots_result.matched | int == 0 + # Check if the member has v3 data already # Run the migration only if the data are v2 - name: Check if there are any v3 data diff --git a/roles/etcd/tasks/system_container.yml b/roles/etcd/tasks/system_container.yml index e735bf50a..f71d9b551 100644 --- a/roles/etcd/tasks/system_container.yml +++ b/roles/etcd/tasks/system_container.yml @@ -1,6 +1,8 @@ --- -- set_fact: - l_etcd_src_data_dir: "{{ '/var/lib/origin/openshift.local.etcd' if r_etcd_common_embedded_etcd | bool else '/var/lib/etcd/' }}" +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy - name: Pull etcd system container command: atomic pull --storage=ostree {{ openshift.etcd.etcd_image }} @@ -17,6 +19,7 @@ {{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }}, {%- endif -%} {% endfor -%} + when: etcd_initial_cluster is undefined - name: Check etcd system container package command: > @@ -51,36 +54,13 @@ - name: Systemd reload configuration systemd: name=etcd_container daemon_reload=yes -- name: Check for previous etcd data store - stat: - path: "{{ l_etcd_src_data_dir }}/member/" - register: src_datastore - -- name: Check for etcd system container data store - stat: - path: "{{ r_etcd_common_system_container_host_dir }}/etcd.etcd/member" - register: dest_datastore - -- name: Ensure that etcd system container data dirs exist - file: path="{{ item }}" state=directory - with_items: - - "{{ r_etcd_common_system_container_host_dir }}/etc" - - "{{ r_etcd_common_system_container_host_dir }}/etcd.etcd" - -- name: Copy etcd data store - command: > - cp -a {{ l_etcd_src_data_dir }}/member - {{ r_etcd_common_system_container_host_dir }}/etcd.etcd/member - when: - - src_datastore.stat.exists - - not dest_datastore.stat.exists - - name: Install or Update Etcd system container package oc_atomic_container: name: etcd image: "{{ openshift.etcd.etcd_image }}" state: latest values: + - ETCD_DATA_DIR=/var/lib/etcd - ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }} - ETCD_NAME={{ etcd_hostname }} - ETCD_INITIAL_CLUSTER={{ etcd_initial_cluster }} @@ -89,11 +69,21 @@ - ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }} - ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }} - ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }} - - ETCD_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt - - ETCD_CERT_FILE={{ etcd_system_container_conf_dir }}/server.crt - - ETCD_KEY_FILE={{ etcd_system_container_conf_dir }}/server.key - - ETCD_PEER_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt - - ETCD_PEER_CERT_FILE={{ etcd_system_container_conf_dir }}/peer.crt - - ETCD_PEER_KEY_FILE={{ etcd_system_container_conf_dir }}/peer.key - - ETCD_TRUSTED_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt - - ETCD_PEER_TRUSTED_CA_FILE={{ etcd_system_container_conf_dir }}/ca.crt + - ETCD_CA_FILE={{ etcd_ca_file }} + - ETCD_CERT_FILE={{ etcd_cert_file }} + - ETCD_KEY_FILE={{ etcd_key_file }} + - ETCD_PEER_CA_FILE={{ etcd_peer_ca_file }} + - ETCD_PEER_CERT_FILE={{ etcd_peer_cert_file }} + - ETCD_PEER_KEY_FILE={{ etcd_peer_key_file }} + - ETCD_TRUSTED_CA_FILE={{ etcd_ca_file }} + - ETCD_PEER_TRUSTED_CA_FILE={{ etcd_peer_ca_file }} + - 'ADDTL_MOUNTS=,{"type":"bind","source":"/etc/","destination":"/etc/","options":["rbind","rw","rslave"]},{"type":"bind","source":"/var/lib/etcd","destination":"/var/lib/etcd/","options":["rbind","rw","rslave"]}' + +- name: Ensure etcd datadir ownership for the system container + file: + path: "{{ etcd_data_dir }}" + state: directory + mode: 0700 + owner: root + group: root + recurse: True diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2 index 8462bb4c8..3027a9447 100644 --- a/roles/etcd/templates/etcd.conf.j2 +++ b/roles/etcd/templates/etcd.conf.j2 @@ -29,8 +29,8 @@ ETCD_INITIAL_CLUSTER={{ etcd_hostname}}={{ etcd_initial_advertise_peer_urls }} ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }} ETCD_INITIAL_CLUSTER_TOKEN=thirdparty-etcd-cluster-1 {% else %} -{% if initial_etcd_cluster is defined and initial_etcd_cluster %} -ETCD_INITIAL_CLUSTER={{ initial_etcd_cluster }} +{% if etcd_initial_cluster is defined and etcd_initial_cluster %} +ETCD_INITIAL_CLUSTER={{ etcd_initial_cluster }} {% else %} ETCD_INITIAL_CLUSTER={{ initial_cluster() }} {% endif %} diff --git a/roles/flannel/handlers/main.yml b/roles/flannel/handlers/main.yml index 02f5a5f64..889069485 100644 --- a/roles/flannel/handlers/main.yml +++ b/roles/flannel/handlers/main.yml @@ -12,3 +12,12 @@ until: not l_docker_restart_docker_in_flannel_result | failed retries: 3 delay: 30 + +- name: restart node + systemd: + name: "{{ openshift.common.service_type }}-node" + state: restarted + register: l_restart_node_result + until: not l_restart_node_result | failed + retries: 3 + delay: 30 diff --git a/roles/installer_checkpoint/README.md b/roles/installer_checkpoint/README.md index 321acca21..f8588c4bf 100644 --- a/roles/installer_checkpoint/README.md +++ b/roles/installer_checkpoint/README.md @@ -16,7 +16,7 @@ displaying and logging of the installer status at the end of a playbook run. To ensure the callback plugin is loaded, regardless of ansible.cfg file configuration, the plugin has been placed inside the installer_checkpoint role -which must be called early in playbook execution. The `std_include.yml` playbook +which must be called early in playbook execution. The `init/main.yml` playbook is run first for all entry point playbooks, therefore, the initialization of the checkpoint plugin has been placed at the beginning of that file. @@ -89,40 +89,42 @@ phase/component and then a final play for setting `installer_hase_initialize` to "Complete". ```yaml -# common/openshift-cluster/std_include.yml +# init/main.yml --- - name: Initialization Checkpoint Start - hosts: localhost - connection: local + hosts: all gather_facts: false roles: - installer_checkpoint tasks: - name: Set install initialization 'In Progress' + run_once: true set_stats: data: - installer_phase_initialize: "In Progress" - aggregate: false + installer_phase_initialize: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" #... # Various plays here #... - name: Initialization Checkpoint End - hosts: localhost - connection: local + hosts: all gather_facts: false tasks: - name: Set install initialization 'Complete' + run_once: true set_stats: data: - installer_phase_initialize: "Complete" - aggregate: false + installer_phase_initialize: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" ``` Each phase or component of the installer will follow a similar pattern, with the exception that the `installer_checkpoint` role does not need to be called since -it was already loaded by the play in `std_include.yml`. It is important to +it was already loaded by the play in `init/main.yml`. It is important to place the 'In Progress' and 'Complete' plays as the first and last plays of the phase or component. @@ -140,37 +142,25 @@ localhost : ok=24 changed=0 unreachable=0 failed=0 INSTALLER STATUS *************************************************************** -Initialization : Complete -etcd Install : Complete -NFS Install : Not Started -Load balancer Install : Not Started -Master Install : Complete -Master Additional Install : Complete -Node Install : Complete -GlusterFS Install : Not Started -Hosted Install : Complete -Metrics Install : Not Started -Logging Install : Not Started -Service Catalog Install : Not Started +Initialization : Complete (0:02:14) +Health Check : Complete (0:01:10) +etcd Install : Complete (0:02:01) +Master Install : Complete (0:11:43) +Master Additional Install : Complete (0:00:54) +Node Install : Complete (0:14:11) +Hosted Install : Complete (0:03:28) ``` Example display if a failure occurs during execution: ``` INSTALLER STATUS *************************************************************** -Initialization : Complete -etcd Install : Complete -NFS Install : Not Started -Load balancer Install : Not Started -Master Install : In Progress - This phase can be restarted by running: playbooks/byo/openshift-master/config.yml -Master Additional Install : Not Started -Node Install : Not Started -GlusterFS Install : Not Started -Hosted Install : Not Started -Metrics Install : Not Started -Logging Install : Not Started -Service Catalog Install : Not Started +Initialization : Complete (0:02:14) +Health Check : Complete (0:01:10) +etcd Install : Complete (0:02:58) +Master Install : Complete (0:09:20) +Master Additional Install : In Progress (0:20:04) + This phase can be restarted by running: playbooks/byo/openshift-master/additional_config.yml ``` [set_stats]: http://docs.ansible.com/ansible/latest/set_stats_module.html diff --git a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py index 033240e62..d8bdea343 100644 --- a/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py +++ b/roles/installer_checkpoint/callback_plugins/installer_checkpoint.py @@ -1,58 +1,10 @@ """Ansible callback plugin to print a summary completion status of installation phases. """ +from datetime import datetime from ansible.plugins.callback import CallbackBase from ansible import constants as C -DOCUMENTATION = ''' - -''' - -EXAMPLES = ''' ---------------------------------------------- -Example display of a successful playbook run: - -PLAY RECAP ********************************************************************* -master01.example.com : ok=158 changed=16 unreachable=0 failed=0 -node01.example.com : ok=469 changed=74 unreachable=0 failed=0 -node02.example.com : ok=157 changed=17 unreachable=0 failed=0 -localhost : ok=24 changed=0 unreachable=0 failed=0 - - -INSTALLER STATUS *************************************************************** -Initialization : Complete -etcd Install : Complete -NFS Install : Not Started -Load balancer Install : Not Started -Master Install : Complete -Master Additional Install : Complete -Node Install : Complete -GlusterFS Install : Not Started -Hosted Install : Complete -Metrics Install : Not Started -Logging Install : Not Started -Service Catalog Install : Not Started - ------------------------------------------------------ -Example display if a failure occurs during execution: - -INSTALLER STATUS *************************************************************** -Initialization : Complete -etcd Install : Complete -NFS Install : Not Started -Load balancer Install : Not Started -Master Install : In Progress - This phase can be restarted by running: playbooks/byo/openshift-master/config.yml -Master Additional Install : Not Started -Node Install : Not Started -GlusterFS Install : Not Started -Hosted Install : Not Started -Metrics Install : Not Started -Logging Install : Not Started -Service Catalog Install : Not Started - -''' - class CallbackModule(CallbackBase): """This callback summarizes installation phase status.""" @@ -70,6 +22,7 @@ class CallbackModule(CallbackBase): # Set the order of the installer phases installer_phases = [ 'installer_phase_initialize', + 'installer_phase_health', 'installer_phase_etcd', 'installer_phase_nfs', 'installer_phase_loadbalancer', @@ -80,7 +33,9 @@ class CallbackModule(CallbackBase): 'installer_phase_hosted', 'installer_phase_metrics', 'installer_phase_logging', + 'installer_phase_prometheus', 'installer_phase_servicecatalog', + 'installer_phase_management', ] # Define the attributes of the installer phases @@ -89,6 +44,10 @@ class CallbackModule(CallbackBase): 'title': 'Initialization', 'playbook': '' }, + 'installer_phase_health': { + 'title': 'Health Check', + 'playbook': 'playbooks/openshift-checks/pre-install.yml' + }, 'installer_phase_etcd': { 'title': 'etcd Install', 'playbook': 'playbooks/byo/openshift-etcd/config.yml' @@ -129,10 +88,18 @@ class CallbackModule(CallbackBase): 'title': 'Logging Install', 'playbook': 'playbooks/byo/openshift-cluster/openshift-logging.yml' }, + 'installer_phase_prometheus': { + 'title': 'Prometheus Install', + 'playbook': 'playbooks/byo/openshift-cluster/openshift-prometheus.yml' + }, 'installer_phase_servicecatalog': { 'title': 'Service Catalog Install', 'playbook': 'playbooks/byo/openshift-cluster/service-catalog.yml' }, + 'installer_phase_management': { + 'title': 'Management Install', + 'playbook': 'playbooks/byo/openshift-management/config.yml' + }, } # Find the longest phase title @@ -146,19 +113,15 @@ class CallbackModule(CallbackBase): phase_title = phase_attributes[phase]['title'] padding = max_column - len(phase_title) + 2 if phase in stats.custom['_run']: - phase_status = stats.custom['_run'][phase] + phase_status = stats.custom['_run'][phase]['status'] + phase_time = phase_time_delta(stats.custom['_run'][phase]) self._display.display( - '{}{}: {}'.format(phase_title, ' ' * padding, phase_status), + '{}{}: {} ({})'.format(phase_title, ' ' * padding, phase_status, phase_time), color=self.phase_color(phase_status)) if phase_status == 'In Progress' and phase != 'installer_phase_initialize': self._display.display( '\tThis phase can be restarted by running: {}'.format( phase_attributes[phase]['playbook'])) - else: - # Phase was not found in custom stats - self._display.display( - '{}{}: {}'.format(phase_title, ' ' * padding, 'Not Started'), - color=C.COLOR_SKIP) self._display.display("", screen_only=True) @@ -180,3 +143,17 @@ class CallbackModule(CallbackBase): phase_color = C.COLOR_WARN return phase_color + + +def phase_time_delta(phase): + """ Calculate the difference between phase start and end times """ + time_format = '%Y%m%d%H%M%SZ' + phase_start = datetime.strptime(phase['start'], time_format) + if 'end' not in phase: + # The phase failed so set the end time to now + phase_end = datetime.now() + else: + phase_end = datetime.strptime(phase['end'], time_format) + delta = str(phase_end - phase_start).split(".")[0] # Trim microseconds + + return delta diff --git a/roles/kuryr/README.md b/roles/kuryr/README.md new file mode 100644 index 000000000..269788a11 --- /dev/null +++ b/roles/kuryr/README.md @@ -0,0 +1,43 @@ +## OpenStack Kuryr + +Install Kuryr CNI components (kuryr-controller, kuryr-cni) on Master and worker +nodes. Kuryr uses OpenStack Networking service (Neutron) to provide network for +pods. This allows to have interconnectivity between pods and OpenStack VMs. + +## Requirements + +* Ansible 2.2+ +* Centos/ RHEL 7.3+ + +## Current Kuryr restrictions when used with OpenShift + +* Openshift Origin only +* OpenShift on OpenStack Newton or newer (only with Trunk ports) + +## Key Ansible inventory Kuryr master configuration parameters + +* ``openshift_use_kuryr=True`` +* ``openshift_use_openshift_sdn=False`` +* ``openshift_sdn_network_plugin_name='cni'`` +* ``kuryr_cni_link_interface=eth0`` +* ``kuryr_openstack_auth_url=keystone_url`` +* ``kuryr_openstack_user_domain_name=Default`` +* ``kuryr_openstack_user_project_name=Default`` +* ``kuryr_openstack_project_id=project_uuid`` +* ``kuryr_openstack_username=kuryr`` +* ``kuryr_openstack_password=kuryr_pass`` +* ``kuryr_openstack_pod_sg_id=pod_security_group_uuid`` +* ``kuryr_openstack_pod_subnet_id=pod_subnet_uuid`` +* ``kuryr_openstack_pod_service_id=service_subnet_uuid`` +* ``kuryr_openstack_pod_project_id=pod_project_uuid`` +* ``kuryr_openstack_worker_nodes_subnet_id=worker_nodes_subnet_uuid`` +* ``kuryr_openstack_enable_pools=True`` +* ``kuryr_openstack_pool_max=0`` +* ``kuryr_openstack_pool_min=1`` +* ``kuryr_openstack_pool_batch=5`` +* ``kuryr_openstack_pool_update_frequency=20`` + +## Kuryr resources + +* [Kuryr documentation](https://docs.openstack.org/kuryr-kubernetes/latest/) +* [Installing Kuryr containerized](https://docs.openstack.org/kuryr-kubernetes/latest/installation/containerized.html) diff --git a/roles/kuryr/defaults/main.yaml b/roles/kuryr/defaults/main.yaml new file mode 100644 index 000000000..af05d80df --- /dev/null +++ b/roles/kuryr/defaults/main.yaml @@ -0,0 +1,72 @@ +--- +# Kuryr conf directory +kuryr_config_dir: /etc/kuryr + +# Kuryr username +kuryr_openstack_username: kuryr + +# Kuryr domain name or id containing user +kuryr_openstack_user_domain_name: default + +# Kuryr domain name or id containing project +kuryr_openstack_project_domain_name: default + +# Kuryr OpenShift namespace +kuryr_namespace: kube-system + +# Whether to run the cni plugin in debug mode +kuryr_cni_debug: "false" + +# The version of cni binaries +cni_version: v0.5.2 + +# Path to bin dir (where kuryr execs get installed) +bin_dir: /usr/bin + +# Path to the cni binaries +cni_bin_dir: /opt/cni/bin + +# URL for cni binaries +cni_bin_url_base: "https://github.com/containernetworking/cni/releases/download/" +cni_bin_url: "{{ cni_bin_url_base }}/{{ cni_version }}/cni-{{ cni_version }}.tgz" +cni_bin_checksum: "71f411080245aa14d0cc06f6824e8039607dd9e9" + +# Kuryr ClusterRole definition +kuryr_clusterrole: + name: kuryrctl + state: present + rules: + - apiGroups: + - "" + attributeRestrictions: null + verbs: + - get + - list + - watch + resources: + - daemonsets + - deployments + - deploymentconfigs + - endpoints + - ingress + - nodes + - namespaces + - pods + - projects + - routes + - services + - apiGroups: + - "" + attributeRestrictions: null + verbs: + - update + - patch + resources: + - endpoints + - ingress + - pods + - namespaces + - nodes + - services + - services/status + - routes diff --git a/roles/kuryr/meta/main.yml b/roles/kuryr/meta/main.yml new file mode 100644 index 000000000..7fd5adf41 --- /dev/null +++ b/roles/kuryr/meta/main.yml @@ -0,0 +1,17 @@ +--- +galaxy_info: + author: Red Hat + description: Kuryr networking + company: Red Hat + license: Apache License, Version 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: lib_openshift } +- { role: openshift_facts } diff --git a/roles/kuryr/tasks/master.yaml b/roles/kuryr/tasks/master.yaml new file mode 100644 index 000000000..55ab16f74 --- /dev/null +++ b/roles/kuryr/tasks/master.yaml @@ -0,0 +1,52 @@ +--- +- name: Perform OpenShit ServiceAccount config + include: serviceaccount.yaml + +- name: Create kuryr manifests tempdir + command: mktemp -d + register: manifests_tmpdir + +- name: Create kuryr ConfigMap manifest + become: yes + template: + src: configmap.yaml.j2 + dest: "{{ manifests_tmpdir.stdout }}/configmap.yaml" + +- name: Create kuryr-controller Deployment manifest + become: yes + template: + src: controller-deployment.yaml.j2 + dest: "{{ manifests_tmpdir.stdout }}/controller-deployment.yaml" + +- name: Create kuryr-cni DaemonSet manifest + become: yes + template: + src: cni-daemonset.yaml.j2 + dest: "{{ manifests_tmpdir.stdout }}/cni-daemonset.yaml" + +- name: Apply ConfigMap manifest + oc_obj: + state: present + kind: ConfigMap + name: "kuryr-config" + namespace: "{{ kuryr_namespace }}" + files: + - "{{ manifests_tmpdir.stdout }}/configmap.yaml" + +- name: Apply Controller Deployment manifest + oc_obj: + state: present + kind: Deployment + name: "kuryr-controller" + namespace: "{{ kuryr_namespace }}" + files: + - "{{ manifests_tmpdir.stdout }}/controller-deployment.yaml" + +- name: Apply kuryr-cni DaemonSet manifest + oc_obj: + state: present + kind: DaemonSet + name: "kuryr-cni-ds" + namespace: "{{ kuryr_namespace }}" + files: + - "{{ manifests_tmpdir.stdout }}/cni-daemonset.yaml" diff --git a/roles/kuryr/tasks/node.yaml b/roles/kuryr/tasks/node.yaml new file mode 100644 index 000000000..ffe814713 --- /dev/null +++ b/roles/kuryr/tasks/node.yaml @@ -0,0 +1,48 @@ +--- +- name: Create CNI bin directory + file: + state: directory + path: "{{ cni_bin_dir }}" + mode: 0755 + owner: root + group: root + recurse: yes + +- name: Create CNI extraction tempdir + command: mktemp -d + register: cni_tmpdir + +- name: Download CNI + get_url: + url: "{{ cni_bin_url }}" + checksum: "sha1:{{ cni_bin_checksum }}" + mode: 0644 + dest: "{{ cni_tmpdir.stdout }}" + register: downloaded_tarball + +- name: Extract CNI + become: yes + unarchive: + remote_src: True + src: "{{ downloaded_tarball.dest }}" + dest: "{{ cni_bin_dir }}" + when: downloaded_tarball.changed + +- name: Ensure CNI net.d exists + file: + path: /etc/cni/net.d + recurse: yes + state: directory + +- name: Configure OpenShift node with disabled service proxy + lineinfile: + dest: "/etc/sysconfig/{{ openshift.common.service_type }}-node" + regexp: '^OPTIONS="?(.*?)"?$' + backrefs: yes + backup: yes + line: 'OPTIONS="\1 --disable dns,proxy,plugins"' + +- name: force node restart to disable the proxy + service: + name: "{{ openshift.common.service_type }}-node" + state: restarted diff --git a/roles/kuryr/tasks/serviceaccount.yaml b/roles/kuryr/tasks/serviceaccount.yaml new file mode 100644 index 000000000..088f13091 --- /dev/null +++ b/roles/kuryr/tasks/serviceaccount.yaml @@ -0,0 +1,31 @@ +--- +- name: Create Controller service account + oc_serviceaccount: + name: kuryr-controller + namespace: "{{ kuryr_namespace }}" + register: saout + +- name: Create a role for the Kuryr + oc_clusterrole: "{{ kuryr_clusterrole }}" + +- name: Fetch the created Kuryr controller cluster role + oc_clusterrole: + name: kuryrctl + state: list + register: crout + +- name: Grant Kuryr the privileged security context constraints + oc_adm_policy_user: + user: "system:serviceaccount:{{ kuryr_namespace }}:{{ saout.results.results.0.metadata.name }}" + namespace: "{{ kuryr_namespace }}" + resource_kind: scc + resource_name: privileged + state: present + +- name: Assign role to Kuryr service account + oc_adm_policy_user: + user: "system:serviceaccount:{{ kuryr_namespace }}:{{ saout.results.results.0.metadata.name }}" + namespace: "{{ kuryr_namespace }}" + resource_kind: cluster-role + resource_name: "{{ crout.results.results.metadata.name }}" + state: present diff --git a/roles/kuryr/templates/cni-daemonset.yaml.j2 b/roles/kuryr/templates/cni-daemonset.yaml.j2 new file mode 100644 index 000000000..39348ae90 --- /dev/null +++ b/roles/kuryr/templates/cni-daemonset.yaml.j2 @@ -0,0 +1,53 @@ +# More info about the template: https://docs.openstack.org/kuryr-kubernetes/latest/installation/containerized.html#generating-kuryr-resource-definitions-for-kubernetes + +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: kuryr-cni-ds + namespace: {{ kuryr_namespace }} + labels: + tier: node + app: kuryr +spec: + template: + metadata: + labels: + tier: node + app: kuryr + spec: + hostNetwork: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + serviceAccountName: kuryr-controller + containers: + - name: kuryr-cni + image: kuryr/cni:latest + imagePullPolicy: IfNotPresent + command: [ "cni_ds_init" ] + securityContext: + privileged: true + volumeMounts: + - name: bin + mountPath: /opt/cni/bin + - name: net-conf + mountPath: /etc/cni/net.d + - name: config-volume + mountPath: /tmp/kuryr/kuryr.conf + subPath: kuryr-cni.conf + - name: etc + mountPath: /etc + volumes: + - name: bin + hostPath: + path: {{ cni_bin_dir }} + - name: net-conf + hostPath: + path: /etc/cni/net.d + - name: config-volume + configMap: + name: kuryr-config + - name: etc + hostPath: + path: /etc
\ No newline at end of file diff --git a/roles/kuryr/templates/configmap.yaml.j2 b/roles/kuryr/templates/configmap.yaml.j2 new file mode 100644 index 000000000..6bf6c1db2 --- /dev/null +++ b/roles/kuryr/templates/configmap.yaml.j2 @@ -0,0 +1,351 @@ +# More info about the template: https://docs.openstack.org/kuryr-kubernetes/latest/installation/containerized.html#generating-kuryr-resource-definitions-for-kubernetes + +apiVersion: v1 +kind: ConfigMap +metadata: + name: kuryr-config + namespace: {{ kuryr_namespace }} +data: + kuryr.conf: |+ + [DEFAULT] + + # + # From kuryr_kubernetes + # + + # Directory for Kuryr vif binding executables. (string value) + #bindir = /usr/libexec/kuryr + + # If set to true, the logging level will be set to DEBUG instead of the default + # INFO level. (boolean value) + # Note: This option can be changed without restarting. + #debug = false + + # DEPRECATED: If set to false, the logging level will be set to WARNING instead + # of the default INFO level. (boolean value) + # This option is deprecated for removal. + # Its value may be silently ignored in the future. + #verbose = true + + # The name of a logging configuration file. This file is appended to any + # existing logging configuration files. For details about logging configuration + # files, see the Python logging module documentation. Note that when logging + # configuration files are used then all logging configuration is set in the + # configuration file and other logging configuration options are ignored (for + # example, logging_context_format_string). (string value) + # Note: This option can be changed without restarting. + # Deprecated group/name - [DEFAULT]/log_config + #log_config_append = <None> + + # Defines the format string for %%(asctime)s in log records. Default: + # %(default)s . This option is ignored if log_config_append is set. (string + # value) + #log_date_format = %Y-%m-%d %H:%M:%S + + # (Optional) Name of log file to send logging output to. If no default is set, + # logging will go to stderr as defined by use_stderr. This option is ignored if + # log_config_append is set. (string value) + # Deprecated group/name - [DEFAULT]/logfile + #log_file = /var/log/kuryr/kuryr-controller.log + + # (Optional) The base directory used for relative log_file paths. This option + # is ignored if log_config_append is set. (string value) + # Deprecated group/name - [DEFAULT]/logdir + #log_dir = <None> + + # Uses logging handler designed to watch file system. When log file is moved or + # removed this handler will open a new log file with specified path + # instantaneously. It makes sense only if log_file option is specified and + # Linux platform is used. This option is ignored if log_config_append is set. + # (boolean value) + #watch_log_file = false + + # Use syslog for logging. Existing syslog format is DEPRECATED and will be + # changed later to honor RFC5424. This option is ignored if log_config_append + # is set. (boolean value) + #use_syslog = false + + # Syslog facility to receive log lines. This option is ignored if + # log_config_append is set. (string value) + #syslog_log_facility = LOG_USER + + # Log output to standard error. This option is ignored if log_config_append is + # set. (boolean value) + #use_stderr = true + + # Format string to use for log messages with context. (string value) + #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + + # Format string to use for log messages when context is undefined. (string + # value) + #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + + # Additional data to append to log message when logging level for the message + # is DEBUG. (string value) + #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + + # Prefix each line of exception output with this format. (string value) + #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s + + # Defines the format string for %(user_identity)s that is used in + # logging_context_format_string. (string value) + #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s + + # List of package logging levels in logger=LEVEL pairs. This option is ignored + # if log_config_append is set. (list value) + #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO + + # Enables or disables publication of error events. (boolean value) + #publish_errors = false + + # The format for an instance that is passed with the log message. (string + # value) + #instance_format = "[instance: %(uuid)s] " + + # The format for an instance UUID that is passed with the log message. (string + # value) + #instance_uuid_format = "[instance: %(uuid)s] " + + # Enables or disables fatal status of deprecations. (boolean value) + #fatal_deprecations = false + + + [binding] + + driver = kuryr.lib.binding.drivers.vlan + link_iface = eth0 + + [kubernetes] + + # + # From kuryr_kubernetes + # + + # The root URL of the Kubernetes API (string value) + api_root = {{ openshift.master.api_url }} + + # Absolute path to client cert to connect to HTTPS K8S_API (string value) + # ssl_client_crt_file = /etc/kuryr/controller.crt + + # Absolute path client key file to connect to HTTPS K8S_API (string value) + # ssl_client_key_file = /etc/kuryr/controller.key + + # Absolute path to ca cert file to connect to HTTPS K8S_API (string value) + ssl_ca_crt_file = /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + + # The token to talk to the k8s API + token_file = /var/run/secrets/kubernetes.io/serviceaccount/token + + # HTTPS K8S_API server identity verification (boolean value) + # TODO (apuimedo): Make configurable + ssl_verify_server_crt = True + + # The driver to determine OpenStack project for pod ports (string value) + pod_project_driver = default + + # The driver to determine OpenStack project for services (string value) + service_project_driver = default + + # The driver to determine Neutron subnets for pod ports (string value) + pod_subnets_driver = default + + # The driver to determine Neutron subnets for services (string value) + service_subnets_driver = default + + # The driver to determine Neutron security groups for pods (string value) + pod_security_groups_driver = default + + # The driver to determine Neutron security groups for services (string value) + service_security_groups_driver = default + + # The driver that provides VIFs for Kubernetes Pods. (string value) + pod_vif_driver = nested-vlan + + # The driver that manages VIFs pools for Kubernetes Pods (string value) + vif_pool_driver = {{ kuryr_openstack_enable_pools | default(False) | ternary('nested', 'noop') }} + + [vif_pool] + ports_pool_max = {{ kuryr_openstack_pool_max | default(0) }} + ports_pool_min = {{ kuryr_openstack_pool_min | default(1) }} + ports_pool_batch = {{ kuryr_openstack_pool_batch | default(5) }} + ports_pool_update_frequency = {{ kuryr_openstack_pool_update_frequency | default(20) }} + + [neutron] + # Configuration options for OpenStack Neutron + + # + # From kuryr_kubernetes + # + + # Authentication URL (string value) + auth_url = {{ kuryr_openstack_auth_url }} + + # Authentication type to load (string value) + # Deprecated group/name - [neutron]/auth_plugin + auth_type = password + + # Domain ID to scope to (string value) + user_domain_name = {{ kuryr_openstack_user_domain_name }} + + # User's password (string value) + password = {{ kuryr_openstack_password }} + + # Domain name containing project (string value) + project_domain_name = {{ kuryr_openstack_project_domain_name }} + + # Project ID to scope to (string value) + # Deprecated group/name - [neutron]/tenant-id + project_id = {{ kuryr_openstack_project_id }} + + # Token (string value) + #token = <None> + + # Trust ID (string value) + #trust_id = <None> + + # User's domain id (string value) + #user_domain_id = <None> + + # User id (string value) + #user_id = <None> + + # Username (string value) + # Deprecated group/name - [neutron]/user-name + username = {{kuryr_openstack_username }} + + # Whether a plugging operation is failed if the port to plug does not become + # active (boolean value) + #vif_plugging_is_fatal = false + + # Seconds to wait for port to become active (integer value) + #vif_plugging_timeout = 0 + + [neutron_defaults] + + pod_security_groups = {{ kuryr_openstack_pod_sg_id }} + pod_subnet = {{ kuryr_openstack_pod_subnet_id }} + service_subnet = {{ kuryr_openstack_service_subnet_id }} + project = {{ kuryr_openstack_pod_project_id }} + # TODO (apuimedo): Remove the duplicated line just after this one once the + # RDO packaging contains the upstream patch + worker_nodes_subnet = {{ kuryr_openstack_worker_nodes_subnet_id }} + + [pod_vif_nested] + worker_nodes_subnet = {{ kuryr_openstack_worker_nodes_subnet_id }} + kuryr-cni.conf: |+ + [DEFAULT] + + # + # From kuryr_kubernetes + # + # If set to true, the logging level will be set to DEBUG instead of the default + # INFO level. (boolean value) + # Note: This option can be changed without restarting. + #debug = false + + # The name of a logging configuration file. This file is appended to any + # existing logging configuration files. For details about logging configuration + # files, see the Python logging module documentation. Note that when logging + # configuration files are used then all logging configuration is set in the + # configuration file and other logging configuration options are ignored (for + # example, logging_context_format_string). (string value) + # Note: This option can be changed without restarting. + # Deprecated group/name - [DEFAULT]/log_config + #log_config_append = <None> + + # Defines the format string for %%(asctime)s in log records. Default: + # %(default)s . This option is ignored if log_config_append is set. (string + # value) + #log_date_format = %Y-%m-%d %H:%M:%S + + # (Optional) Name of log file to send logging output to. If no default is set, + # logging will go to stderr as defined by use_stderr. This option is ignored if + # log_config_append is set. (string value) + # Deprecated group/name - [DEFAULT]/logfile + #log_file = /var/log/kuryr/cni.log + + # (Optional) The base directory used for relative log_file paths. This option + # is ignored if log_config_append is set. (string value) + # Deprecated group/name - [DEFAULT]/logdir + #log_dir = <None> + + # Uses logging handler designed to watch file system. When log file is moved or + # removed this handler will open a new log file with specified path + # instantaneously. It makes sense only if log_file option is specified and + # Linux platform is used. This option is ignored if log_config_append is set. + # (boolean value) + #watch_log_file = false + + # Use syslog for logging. Existing syslog format is DEPRECATED and will be + # changed later to honor RFC5424. This option is ignored if log_config_append + # is set. (boolean value) + #use_syslog = false + + # Syslog facility to receive log lines. This option is ignored if + # log_config_append is set. (string value) + #syslog_log_facility = LOG_USER + + # Log output to standard error. This option is ignored if log_config_append is + # set. (boolean value) + use_stderr = true + + # Format string to use for log messages with context. (string value) + #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + + # Format string to use for log messages when context is undefined. (string + # value) + #logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + + # Additional data to append to log message when logging level for the message + # is DEBUG. (string value) + #logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + + # Prefix each line of exception output with this format. (string value) + #logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s + + # Defines the format string for %(user_identity)s that is used in + # logging_context_format_string. (string value) + #logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s + + # List of package logging levels in logger=LEVEL pairs. This option is ignored + # if log_config_append is set. (list value) + #default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO + + # Enables or disables publication of error events. (boolean value) + #publish_errors = false + + # The format for an instance that is passed with the log message. (string + # value) + #instance_format = "[instance: %(uuid)s] " + + # The format for an instance UUID that is passed with the log message. (string + # value) + #instance_uuid_format = "[instance: %(uuid)s] " + + # Enables or disables fatal status of deprecations. (boolean value) + #fatal_deprecations = false + + + [binding] + + driver = kuryr.lib.binding.drivers.vlan + link_iface = {{ kuryr_cni_link_interface }} + + [kubernetes] + + # + # From kuryr_kubernetes + # + + # The root URL of the Kubernetes API (string value) + api_root = {{ openshift.master.api_url }} + + # The token to talk to the k8s API + token_file = /etc/kuryr/token + + # Absolute path to ca cert file to connect to HTTPS K8S_API (string value) + ssl_ca_crt_file = /etc/kuryr/ca.crt + + # HTTPS K8S_API server identity verification (boolean value) + # TODO (apuimedo): Make configurable + ssl_verify_server_crt = True diff --git a/roles/kuryr/templates/controller-deployment.yaml.j2 b/roles/kuryr/templates/controller-deployment.yaml.j2 new file mode 100644 index 000000000..d970270b5 --- /dev/null +++ b/roles/kuryr/templates/controller-deployment.yaml.j2 @@ -0,0 +1,40 @@ +# More info about the template: https://docs.openstack.org/kuryr-kubernetes/latest/installation/containerized.html#generating-kuryr-resource-definitions-for-kubernetes + +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + labels: + name: kuryr-controller + name: kuryr-controller + namespace: {{ kuryr_namespace }} +spec: + replicas: 1 + template: + metadata: + labels: + name: kuryr-controller + name: kuryr-controller + spec: + serviceAccountName: kuryr-controller + automountServiceAccountToken: true + hostNetwork: true + containers: + - image: kuryr/controller:latest + imagePullPolicy: IfNotPresent + name: controller + terminationMessagePath: "/dev/termination-log" + # FIXME(dulek): This shouldn't be required, but without it selinux is + # complaining about access to kuryr.conf. + securityContext: + privileged: true + runAsUser: 0 + volumeMounts: + - name: config-volume + mountPath: "/etc/kuryr/kuryr.conf" + subPath: kuryr.conf + volumes: + - name: config-volume + configMap: + name: kuryr-config + defaultMode: 0666 + restartPolicy: Always diff --git a/roles/lib_openshift/library/oc_adm_csr.py b/roles/lib_openshift/library/oc_adm_csr.py index d1dc4caf8..324f52689 100644 --- a/roles/lib_openshift/library/oc_adm_csr.py +++ b/roles/lib_openshift/library/oc_adm_csr.py @@ -1478,11 +1478,23 @@ class OCcsr(OpenShiftCLI): return False + def get_csr_request(self, request): + '''base64 decode the request object and call openssl to determine the + subject and specifically the CN: from the request + + Output: + (0, '... + Subject: O=system:nodes, CN=system:node:ip-172-31-54-54.ec2.internal + ...') + ''' + import base64 + return self._run(['openssl', 'req', '-noout', '-text'], base64.b64decode(request))[1] + def match_node(self, csr): '''match an inc csr to a node in self.nodes''' for node in self.nodes: - # we have a match - if node['name'] in csr['metadata']['name']: + # we need to match based upon the csr's request certificate's CN + if node['name'] in self.get_csr_request(csr['spec']['request']): node['csrs'][csr['metadata']['name']] = csr # check that the username is the node and type is 'Approved' diff --git a/roles/lib_openshift/library/oc_adm_policy_user.py b/roles/lib_openshift/library/oc_adm_policy_user.py index 1ceaf5d0d..92515889b 100644 --- a/roles/lib_openshift/library/oc_adm_policy_user.py +++ b/roles/lib_openshift/library/oc_adm_policy_user.py @@ -71,6 +71,12 @@ options: required: false default: None aliases: [] + role_namespace: + description: + - The namespace where to find the role + required: false + default: None + aliases: [] debug: description: - Turn on debug output. @@ -122,6 +128,14 @@ EXAMPLES = ''' resource_kind: cluster-role resource_name: system:build-strategy-docker state: present + +- name: oc adm policy add-role-to-user system:build-strategy-docker ausername --role-namespace foo + oc_adm_policy_user: + user: ausername + resource_kind: cluster-role + resource_name: system:build-strategy-docker + state: present + role_namespace: foo ''' # -*- -*- -*- End included fragment: doc/policy_user -*- -*- -*- @@ -2065,6 +2079,9 @@ class PolicyUser(OpenShiftCLI): self.config.config_options['name']['value'], self.config.config_options['user']['value']] + if self.config.config_options['role_namespace']['value'] is not None: + cmd.extend(['--role-namespace', self.config.config_options['role_namespace']['value']]) + return self.openshift_cmd(cmd, oadm=True) @staticmethod @@ -2085,6 +2102,7 @@ class PolicyUser(OpenShiftCLI): 'user': {'value': params['user'], 'include': False}, 'resource_kind': {'value': params['resource_kind'], 'include': False}, 'name': {'value': params['resource_name'], 'include': False}, + 'role_namespace': {'value': params['role_namespace'], 'include': False}, }) policyuser = PolicyUser(nconfig, params['debug']) @@ -2149,6 +2167,7 @@ def main(): debug=dict(default=False, type='bool'), resource_name=dict(required=True, type='str'), namespace=dict(default='default', type='str'), + role_namespace=dict(default=None, type='str'), kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), user=dict(required=True, type='str'), diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index 5d6fa1f80..0771aa5a5 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -1886,13 +1886,15 @@ class SecretConfig(object): namespace, kubeconfig, secrets=None, - stype=None): + stype=None, + annotations=None): ''' constructor for handling secret options ''' self.kubeconfig = kubeconfig self.name = sname self.type = stype self.namespace = namespace self.secrets = secrets + self.annotations = annotations self.data = {} self.create_dict() @@ -1909,6 +1911,8 @@ class SecretConfig(object): if self.secrets: for key, value in self.secrets.items(): self.data['data'][key] = value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations # pylint: disable=too-many-instance-attributes class Secret(Yedit): diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index ffea14766..146f71f68 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -2230,13 +2230,15 @@ class SecretConfig(object): namespace, kubeconfig, secrets=None, - stype=None): + stype=None, + annotations=None): ''' constructor for handling secret options ''' self.kubeconfig = kubeconfig self.name = sname self.type = stype self.namespace = namespace self.secrets = secrets + self.annotations = annotations self.data = {} self.create_dict() @@ -2253,6 +2255,8 @@ class SecretConfig(object): if self.secrets: for key, value in self.secrets.items(): self.data['data'][key] = value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations # pylint: disable=too-many-instance-attributes class Secret(Yedit): diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py index 0b6a8436b..0cea07256 100644 --- a/roles/lib_openshift/library/oc_edit.py +++ b/roles/lib_openshift/library/oc_edit.py @@ -1556,20 +1556,7 @@ def main(): debug=dict(default=False, type='bool'), namespace=dict(default='default', type='str'), name=dict(default=None, required=True, type='str'), - kind=dict(required=True, - type='str', - choices=['dc', 'deploymentconfig', - 'rc', 'replicationcontroller', - 'svc', 'service', - 'scc', 'securitycontextconstraints', - 'ns', 'namespace', 'project', 'projects', - 'is', 'imagestream', - 'istag', 'imagestreamtag', - 'bc', 'buildconfig', - 'routes', - 'node', - 'secret', - 'pv', 'persistentvolume']), + kind=dict(required=True, type='str'), file_name=dict(default=None, type='str'), file_format=dict(default='yaml', type='str'), content=dict(default=None, required=True, type='dict'), diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index b46fd5495..e003770d8 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -90,6 +90,12 @@ options: required: false default: str aliases: [] + labels: + description: + - The labels to apply on the route + required: false + default: None + aliases: [] tls_termination: description: - The options for termination. e.g. reencrypt @@ -1469,6 +1475,7 @@ class RouteConfig(object): sname, namespace, kubeconfig, + labels=None, destcacert=None, cacert=None, cert=None, @@ -1483,6 +1490,7 @@ class RouteConfig(object): self.kubeconfig = kubeconfig self.name = sname self.namespace = namespace + self.labels = labels self.host = host self.tls_termination = tls_termination self.destcacert = destcacert @@ -1508,6 +1516,8 @@ class RouteConfig(object): self.data['metadata'] = {} self.data['metadata']['name'] = self.name self.data['metadata']['namespace'] = self.namespace + if self.labels: + self.data['metadata']['labels'] = self.labels self.data['spec'] = {} self.data['spec']['host'] = self.host @@ -1715,6 +1725,7 @@ class OCRoute(OpenShiftCLI): rconfig = RouteConfig(params['name'], params['namespace'], params['kubeconfig'], + params['labels'], files['destcacert']['value'], files['cacert']['value'], files['cert']['value'], @@ -1819,6 +1830,7 @@ def main(): state=dict(default='present', type='str', choices=['present', 'absent', 'list']), debug=dict(default=False, type='bool'), + labels=dict(default=None, type='dict'), name=dict(default=None, required=True, type='str'), namespace=dict(default=None, required=True, type='str'), tls_termination=dict(default=None, type='str'), diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py index 19c7fde78..62bda33ad 100644 --- a/roles/lib_openshift/library/oc_secret.py +++ b/roles/lib_openshift/library/oc_secret.py @@ -90,6 +90,12 @@ options: required: false default: default aliases: [] + annotations: + description: + - Annotations to apply to the object + required: false + default: None + aliases: [] files: description: - A list of files provided for secrets @@ -1464,13 +1470,15 @@ class SecretConfig(object): namespace, kubeconfig, secrets=None, - stype=None): + stype=None, + annotations=None): ''' constructor for handling secret options ''' self.kubeconfig = kubeconfig self.name = sname self.type = stype self.namespace = namespace self.secrets = secrets + self.annotations = annotations self.data = {} self.create_dict() @@ -1487,6 +1495,8 @@ class SecretConfig(object): if self.secrets: for key, value in self.secrets.items(): self.data['data'][key] = value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations # pylint: disable=too-many-instance-attributes class Secret(Yedit): @@ -1623,7 +1633,7 @@ class OCSecret(OpenShiftCLI): This receives a list of file names and converts it into a secret. The secret is then written to disk and passed into the `oc replace` command. ''' - secret = self.prep_secret(files, force) + secret = self.prep_secret(files, force=force) if secret['returncode'] != 0: return secret @@ -1698,8 +1708,7 @@ class OCSecret(OpenShiftCLI): elif params['contents']: files = Utils.create_tmp_files_from_contents(params['contents']) else: - return {'failed': True, - 'msg': 'Either specify files or contents.'} + files = [{'name': 'null', 'path': os.devnull}] ######## # Create @@ -1783,6 +1792,7 @@ def main(): debug=dict(default=False, type='bool'), namespace=dict(default='default', type='str'), name=dict(default=None, type='str'), + annotations=dict(default=None, type='dict'), type=dict(default=None, type='str'), files=dict(default=None, type='list'), delete_after=dict(default=False, type='bool'), diff --git a/roles/lib_openshift/library/oc_storageclass.py b/roles/lib_openshift/library/oc_storageclass.py index e88f3ae8d..7e7d0fa60 100644 --- a/roles/lib_openshift/library/oc_storageclass.py +++ b/roles/lib_openshift/library/oc_storageclass.py @@ -1664,7 +1664,7 @@ def main(): name=dict(default=None, type='str'), annotations=dict(default=None, type='dict'), parameters=dict(default=None, type='dict'), - provisioner=dict(required=True, type='str', choices=['aws-ebs', 'gce-pd', 'glusterfs', 'cinder']), + provisioner=dict(required=True, type='str'), api_version=dict(default='v1', type='str'), default_storage_class=dict(default="false", type='str'), ), diff --git a/roles/lib_openshift/src/ansible/oc_adm_policy_user.py b/roles/lib_openshift/src/ansible/oc_adm_policy_user.py index a22496866..642001021 100644 --- a/roles/lib_openshift/src/ansible/oc_adm_policy_user.py +++ b/roles/lib_openshift/src/ansible/oc_adm_policy_user.py @@ -14,6 +14,7 @@ def main(): debug=dict(default=False, type='bool'), resource_name=dict(required=True, type='str'), namespace=dict(default='default', type='str'), + role_namespace=dict(default=None, type='str'), kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), user=dict(required=True, type='str'), diff --git a/roles/lib_openshift/src/ansible/oc_edit.py b/roles/lib_openshift/src/ansible/oc_edit.py index 5c5954747..221047393 100644 --- a/roles/lib_openshift/src/ansible/oc_edit.py +++ b/roles/lib_openshift/src/ansible/oc_edit.py @@ -15,20 +15,7 @@ def main(): debug=dict(default=False, type='bool'), namespace=dict(default='default', type='str'), name=dict(default=None, required=True, type='str'), - kind=dict(required=True, - type='str', - choices=['dc', 'deploymentconfig', - 'rc', 'replicationcontroller', - 'svc', 'service', - 'scc', 'securitycontextconstraints', - 'ns', 'namespace', 'project', 'projects', - 'is', 'imagestream', - 'istag', 'imagestreamtag', - 'bc', 'buildconfig', - 'routes', - 'node', - 'secret', - 'pv', 'persistentvolume']), + kind=dict(required=True, type='str'), file_name=dict(default=None, type='str'), file_format=dict(default='yaml', type='str'), content=dict(default=None, required=True, type='dict'), diff --git a/roles/lib_openshift/src/ansible/oc_route.py b/roles/lib_openshift/src/ansible/oc_route.py index f2f5c5095..969cf8bcd 100644 --- a/roles/lib_openshift/src/ansible/oc_route.py +++ b/roles/lib_openshift/src/ansible/oc_route.py @@ -13,6 +13,7 @@ def main(): state=dict(default='present', type='str', choices=['present', 'absent', 'list']), debug=dict(default=False, type='bool'), + labels=dict(default=None, type='dict'), name=dict(default=None, required=True, type='str'), namespace=dict(default=None, required=True, type='str'), tls_termination=dict(default=None, type='str'), diff --git a/roles/lib_openshift/src/ansible/oc_secret.py b/roles/lib_openshift/src/ansible/oc_secret.py index faa7c1772..ee2827e69 100644 --- a/roles/lib_openshift/src/ansible/oc_secret.py +++ b/roles/lib_openshift/src/ansible/oc_secret.py @@ -15,6 +15,7 @@ def main(): debug=dict(default=False, type='bool'), namespace=dict(default='default', type='str'), name=dict(default=None, type='str'), + annotations=dict(default=None, type='dict'), type=dict(default=None, type='str'), files=dict(default=None, type='list'), delete_after=dict(default=False, type='bool'), diff --git a/roles/lib_openshift/src/ansible/oc_storageclass.py b/roles/lib_openshift/src/ansible/oc_storageclass.py index e9f3ebbd3..a8f371661 100644 --- a/roles/lib_openshift/src/ansible/oc_storageclass.py +++ b/roles/lib_openshift/src/ansible/oc_storageclass.py @@ -14,7 +14,7 @@ def main(): name=dict(default=None, type='str'), annotations=dict(default=None, type='dict'), parameters=dict(default=None, type='dict'), - provisioner=dict(required=True, type='str', choices=['aws-ebs', 'gce-pd', 'glusterfs', 'cinder']), + provisioner=dict(required=True, type='str'), api_version=dict(default='v1', type='str'), default_storage_class=dict(default="false", type='str'), ), diff --git a/roles/lib_openshift/src/class/oc_adm_csr.py b/roles/lib_openshift/src/class/oc_adm_csr.py index ea11c6ca9..22b8f9165 100644 --- a/roles/lib_openshift/src/class/oc_adm_csr.py +++ b/roles/lib_openshift/src/class/oc_adm_csr.py @@ -66,11 +66,23 @@ class OCcsr(OpenShiftCLI): return False + def get_csr_request(self, request): + '''base64 decode the request object and call openssl to determine the + subject and specifically the CN: from the request + + Output: + (0, '... + Subject: O=system:nodes, CN=system:node:ip-172-31-54-54.ec2.internal + ...') + ''' + import base64 + return self._run(['openssl', 'req', '-noout', '-text'], base64.b64decode(request))[1] + def match_node(self, csr): '''match an inc csr to a node in self.nodes''' for node in self.nodes: - # we have a match - if node['name'] in csr['metadata']['name']: + # we need to match based upon the csr's request certificate's CN + if node['name'] in self.get_csr_request(csr['spec']['request']): node['csrs'][csr['metadata']['name']] = csr # check that the username is the node and type is 'Approved' diff --git a/roles/lib_openshift/src/class/oc_adm_policy_user.py b/roles/lib_openshift/src/class/oc_adm_policy_user.py index 6fc8145c8..481564c2d 100644 --- a/roles/lib_openshift/src/class/oc_adm_policy_user.py +++ b/roles/lib_openshift/src/class/oc_adm_policy_user.py @@ -148,6 +148,9 @@ class PolicyUser(OpenShiftCLI): self.config.config_options['name']['value'], self.config.config_options['user']['value']] + if self.config.config_options['role_namespace']['value'] is not None: + cmd.extend(['--role-namespace', self.config.config_options['role_namespace']['value']]) + return self.openshift_cmd(cmd, oadm=True) @staticmethod @@ -168,6 +171,7 @@ class PolicyUser(OpenShiftCLI): 'user': {'value': params['user'], 'include': False}, 'resource_kind': {'value': params['resource_kind'], 'include': False}, 'name': {'value': params['resource_name'], 'include': False}, + 'role_namespace': {'value': params['role_namespace'], 'include': False}, }) policyuser = PolicyUser(nconfig, params['debug']) diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py index 3a1bd732f..dc2f7977b 100644 --- a/roles/lib_openshift/src/class/oc_route.py +++ b/roles/lib_openshift/src/class/oc_route.py @@ -118,6 +118,7 @@ class OCRoute(OpenShiftCLI): rconfig = RouteConfig(params['name'], params['namespace'], params['kubeconfig'], + params['labels'], files['destcacert']['value'], files['cacert']['value'], files['cert']['value'], diff --git a/roles/lib_openshift/src/class/oc_secret.py b/roles/lib_openshift/src/class/oc_secret.py index 4ee6443e9..89e70b6b2 100644 --- a/roles/lib_openshift/src/class/oc_secret.py +++ b/roles/lib_openshift/src/class/oc_secret.py @@ -67,7 +67,7 @@ class OCSecret(OpenShiftCLI): This receives a list of file names and converts it into a secret. The secret is then written to disk and passed into the `oc replace` command. ''' - secret = self.prep_secret(files, force) + secret = self.prep_secret(files, force=force) if secret['returncode'] != 0: return secret @@ -142,8 +142,7 @@ class OCSecret(OpenShiftCLI): elif params['contents']: files = Utils.create_tmp_files_from_contents(params['contents']) else: - return {'failed': True, - 'msg': 'Either specify files or contents.'} + files = [{'name': 'null', 'path': os.devnull}] ######## # Create diff --git a/roles/lib_openshift/src/doc/policy_user b/roles/lib_openshift/src/doc/policy_user index 351c9af65..a98652571 100644 --- a/roles/lib_openshift/src/doc/policy_user +++ b/roles/lib_openshift/src/doc/policy_user @@ -20,6 +20,12 @@ options: required: false default: None aliases: [] + role_namespace: + description: + - The namespace where to find the role + required: false + default: None + aliases: [] debug: description: - Turn on debug output. @@ -71,4 +77,12 @@ EXAMPLES = ''' resource_kind: cluster-role resource_name: system:build-strategy-docker state: present + +- name: oc adm policy add-role-to-user system:build-strategy-docker ausername --role-namespace foo + oc_adm_policy_user: + user: ausername + resource_kind: cluster-role + resource_name: system:build-strategy-docker + state: present + role_namespace: foo ''' diff --git a/roles/lib_openshift/src/doc/route b/roles/lib_openshift/src/doc/route index a12999c9e..f0d38ab5f 100644 --- a/roles/lib_openshift/src/doc/route +++ b/roles/lib_openshift/src/doc/route @@ -39,6 +39,12 @@ options: required: false default: str aliases: [] + labels: + description: + - The labels to apply on the route + required: false + default: None + aliases: [] tls_termination: description: - The options for termination. e.g. reencrypt diff --git a/roles/lib_openshift/src/doc/secret b/roles/lib_openshift/src/doc/secret index 76b147f6f..a27f90f38 100644 --- a/roles/lib_openshift/src/doc/secret +++ b/roles/lib_openshift/src/doc/secret @@ -39,6 +39,12 @@ options: required: false default: default aliases: [] + annotations: + description: + - Annotations to apply to the object + required: false + default: None + aliases: [] files: description: - A list of files provided for secrets diff --git a/roles/lib_openshift/src/lib/route.py b/roles/lib_openshift/src/lib/route.py index 3b54a24fb..b106866cb 100644 --- a/roles/lib_openshift/src/lib/route.py +++ b/roles/lib_openshift/src/lib/route.py @@ -11,6 +11,7 @@ class RouteConfig(object): sname, namespace, kubeconfig, + labels=None, destcacert=None, cacert=None, cert=None, @@ -25,6 +26,7 @@ class RouteConfig(object): self.kubeconfig = kubeconfig self.name = sname self.namespace = namespace + self.labels = labels self.host = host self.tls_termination = tls_termination self.destcacert = destcacert @@ -50,6 +52,8 @@ class RouteConfig(object): self.data['metadata'] = {} self.data['metadata']['name'] = self.name self.data['metadata']['namespace'] = self.namespace + if self.labels: + self.data['metadata']['labels'] = self.labels self.data['spec'] = {} self.data['spec']['host'] = self.host diff --git a/roles/lib_openshift/src/lib/secret.py b/roles/lib_openshift/src/lib/secret.py index a1c202442..ad4b6aa36 100644 --- a/roles/lib_openshift/src/lib/secret.py +++ b/roles/lib_openshift/src/lib/secret.py @@ -10,13 +10,15 @@ class SecretConfig(object): namespace, kubeconfig, secrets=None, - stype=None): + stype=None, + annotations=None): ''' constructor for handling secret options ''' self.kubeconfig = kubeconfig self.name = sname self.type = stype self.namespace = namespace self.secrets = secrets + self.annotations = annotations self.data = {} self.create_dict() @@ -33,6 +35,8 @@ class SecretConfig(object): if self.secrets: for key, value in self.secrets.items(): self.data['data'][key] = value + if self.annotations: + self.data['metadata']['annotations'] = self.annotations # pylint: disable=too-many-instance-attributes class Secret(Yedit): diff --git a/roles/lib_openshift/src/test/unit/test_oc_route.py b/roles/lib_openshift/src/test/unit/test_oc_route.py index afdb5e4dc..5699f123b 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_route.py +++ b/roles/lib_openshift/src/test/unit/test_oc_route.py @@ -39,6 +39,7 @@ class OCRouteTest(unittest.TestCase): 'debug': False, 'name': 'test', 'namespace': 'default', + 'labels': {'route': 'route'}, 'tls_termination': 'passthrough', 'dest_cacert_path': None, 'cacert_path': None, @@ -64,7 +65,10 @@ class OCRouteTest(unittest.TestCase): "selfLink": "/oapi/v1/namespaces/default/routes/test", "uid": "1b127c67-ecd9-11e6-96eb-0e0d9bdacd26", "resourceVersion": "439182", - "creationTimestamp": "2017-02-07T01:59:48Z" + "creationTimestamp": "2017-02-07T01:59:48Z", + "labels": { + "route": "route" + } }, "spec": { "host": "test.example", @@ -141,6 +145,7 @@ class OCRouteTest(unittest.TestCase): 'debug': False, 'name': 'test', 'namespace': 'default', + 'labels': {'route': 'route'}, 'tls_termination': 'edge', 'dest_cacert_path': None, 'cacert_path': None, @@ -166,7 +171,8 @@ class OCRouteTest(unittest.TestCase): "namespace": "default", "resourceVersion": "517745", "selfLink": "/oapi/v1/namespaces/default/routes/test", - "uid": "b6f25898-ed77-11e6-9755-0e737db1e63a" + "uid": "b6f25898-ed77-11e6-9755-0e737db1e63a", + "labels": {"route": "route"} }, "spec": { "host": "test.openshift.com", @@ -250,6 +256,7 @@ metadata: self.assertTrue(results['changed']) self.assertEqual(results['state'], 'present') self.assertEqual(results['results']['results'][0]['metadata']['name'], 'test') + self.assertEqual(results['results']['results'][0]['metadata']['labels']['route'], 'route') # Making sure our mock was called as we expected mock_cmd.assert_has_calls([ diff --git a/roles/lib_utils/library/docker_creds.py b/roles/lib_utils/library/docker_creds.py new file mode 100644 index 000000000..d4674845e --- /dev/null +++ b/roles/lib_utils/library/docker_creds.py @@ -0,0 +1,207 @@ +#!/usr/bin/env python +# pylint: disable=missing-docstring +# +# Copyright 2017 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import base64 +import json +import os + +from ansible.module_utils.basic import AnsibleModule + + +DOCUMENTATION = ''' +--- +module: docker_creds + +short_description: Creates/updates a 'docker login' file in place of using 'docker login' + +version_added: "2.4" + +description: + - This module creates a docker config.json file in the directory provided by 'path' + on hosts that do not support 'docker login' but need the file present for + registry authentication purposes of various other services. + +options: + path: + description: + - This is the message to send to the sample module + required: true + registry: + description: + - This is the registry the credentials are for. + required: true + username: + description: + - This is the username to authenticate to the registry with. + required: true + password: + description: + - This is the password to authenticate to the registry with. + required: true + +author: + - "Michael Gugino <mgugino@redhat.com>" +''' + +EXAMPLES = ''' +# Pass in a message +- name: Place credentials in file + docker_creds: + path: /root/.docker + registry: registry.example.com:443 + username: myuser + password: mypassword +''' + + +def check_dest_dir_exists(module, dest): + '''Check if dest dir is present and is a directory''' + dir_exists = os.path.exists(dest) + if dir_exists: + if not os.path.isdir(dest): + msg = "{} exists but is not a directory".format(dest) + result = {'failed': True, + 'changed': False, + 'msg': msg, + 'state': 'unknown'} + module.fail_json(**result) + else: + return 1 + else: + return 0 + + +def create_dest_dir(module, dest): + try: + os.makedirs(dest, mode=0o700) + except OSError as oserror: + result = {'failed': True, + 'changed': False, + 'msg': str(oserror), + 'state': 'unknown'} + module.fail_json(**result) + + +def load_config_file(module, dest): + '''load the config.json in directory dest''' + conf_file_path = os.path.join(dest, 'config.json') + if os.path.exists(conf_file_path): + # Try to open the file and load json data + try: + with open(conf_file_path) as conf_file: + data = conf_file.read() + jdata = json.loads(data) + + except IOError as ioerror: + result = {'failed': True, + 'changed': False, + 'msg': str(ioerror), + 'state': 'unknown'} + module.fail_json(**result) + except ValueError as jsonerror: + result = {'failed': True, + 'changed': False, + 'msg': str(jsonerror), + 'state': 'unknown'} + module.fail_json(**result) + return jdata + else: + # File doesn't exist, we just return an empty dictionary. + return {} + + +def update_config(docker_config, registry, username, password): + '''Add our registry auth credentials into docker_config dict''' + + # Add anything that might be missing in our dictionary + if 'auths' not in docker_config: + docker_config['auths'] = {} + if registry not in docker_config['auths']: + docker_config['auths'][registry] = {} + + # base64 encode our username:password string + encoded_data = base64.b64encode('{}:{}'.format(username, password)) + + # check if the same value is already present for idempotency. + if 'auth' in docker_config['auths'][registry]: + if docker_config['auths'][registry]['auth'] == encoded_data: + # No need to go further, everything is already set in file. + return False + docker_config['auths'][registry]['auth'] = encoded_data + return True + + +def write_config(module, docker_config, dest): + '''Write updated credentials into dest/config.json''' + conf_file_path = os.path.join(dest, 'config.json') + try: + with open(conf_file_path, 'w') as conf_file: + json.dump(docker_config, conf_file, indent=8) + except IOError as ioerror: + result = {'failed': True, + 'changed': False, + 'msg': str(ioerror), + 'state': 'unknown'} + module.fail_json(**result) + + +def run_module(): + '''Run this module''' + module_args = dict( + path=dict(aliases=['dest', 'name'], required=True, type='path'), + registry=dict(type='str', required=True), + username=dict(type='str', required=True), + password=dict(type='str', required=True, no_log=True) + ) + + module = AnsibleModule( + argument_spec=module_args, + supports_check_mode=False + ) + + # First, create our dest dir if necessary + dest = module.params['path'] + registry = module.params['registry'] + username = module.params['username'] + password = module.params['password'] + + if not check_dest_dir_exists(module, dest): + create_dest_dir(module, dest) + docker_config = {} + else: + # We want to scrape the contents of dest/config.json + # in case there are other registries/settings already present. + docker_config = load_config_file(module, dest) + + # Put the registry auth info into the config dict. + changed = update_config(docker_config, registry, username, password) + + if changed: + write_config(module, docker_config, dest) + + result = {'changed': changed} + + module.exit_json(**result) + + +def main(): + run_module() + + +if __name__ == '__main__': + main() diff --git a/roles/nuage_master/handlers/main.yaml b/roles/nuage_master/handlers/main.yaml index 21da6b953..410b739e9 100644 --- a/roles/nuage_master/handlers/main.yaml +++ b/roles/nuage_master/handlers/main.yaml @@ -7,8 +7,13 @@ openshift.master.cluster_method == 'native' # TODO: need to fix up ignore_errors here +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: > (openshift_master_ha | bool) and (not master_controllers_service_status_changed | default(false)) and diff --git a/roles/openshift_atomic/README.md b/roles/openshift_atomic/README.md new file mode 100644 index 000000000..8c10c9991 --- /dev/null +++ b/roles/openshift_atomic/README.md @@ -0,0 +1,28 @@ +OpenShift Atomic +================ + +This role houses atomic specific tasks. + +Requirements +------------ + +Role Variables +-------------- + +Dependencies +------------ + +Example Playbook +---------------- + +``` +- name: Ensure atomic proxies are defined + hosts: localhost + roles: + - role: openshift_atomic +``` + +License +------- + +Apache License Version 2.0 diff --git a/roles/openshift_atomic/meta/main.yml b/roles/openshift_atomic/meta/main.yml new file mode 100644 index 000000000..ea129f514 --- /dev/null +++ b/roles/openshift_atomic/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: OpenShift + description: Atomic related tasks + company: Red Hat, Inc + license: ASL 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 +dependencies: +- role: lib_openshift diff --git a/roles/openshift_atomic/tasks/proxy.yml b/roles/openshift_atomic/tasks/proxy.yml new file mode 100644 index 000000000..dde099984 --- /dev/null +++ b/roles/openshift_atomic/tasks/proxy.yml @@ -0,0 +1,32 @@ +--- +# Set http_proxy, https_proxy, and no_proxy in /etc/atomic.conf +# regexp: the line starts with or without #, followed by the string +# http_proxy, then either : or = +- block: + + - name: Add http_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?http_proxy[:=]{1}" + line: "http_proxy: {{ openshift.common.http_proxy | default('') }}" + when: + - openshift.common.http_proxy is defined + - openshift.common.http_proxy != '' + + - name: Add https_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?https_proxy[:=]{1}" + line: "https_proxy: {{ openshift.common.https_proxy | default('') }}" + when: + - openshift.common.https_proxy is defined + - openshift.common.https_proxy != '' + + - name: Add no_proxy to /etc/atomic.conf + lineinfile: + dest: /etc/atomic.conf + regexp: "^#?no_proxy[:=]{1}" + line: "no_proxy: {{ openshift.common.no_proxy | default('') }}" + when: + - openshift.common.no_proxy is defined + - openshift.common.no_proxy != '' diff --git a/roles/openshift_aws/README.md b/roles/openshift_aws/README.md index 696efbea5..4aca5c7a8 100644 --- a/roles/openshift_aws/README.md +++ b/roles/openshift_aws/README.md @@ -1,7 +1,29 @@ openshift_aws ================================== -Provision AWS infrastructure helpers. +Provision AWS infrastructure and instances. + +This role contains many task-areas to provision resources and perform actions +against an AWS account for the purposes of dynamically building an openshift +cluster. + +This role is primarily intended to be used with "include_role" and "tasks_from". + +include_role can be called from the tasks section in a play. See example +playbook below for reference. + +These task-areas are: + +* provision a vpc: vpc.yml +* provision elastic load balancers: elb.yml +* upload IAM ssl certificates to use with load balancers: iam_cert.yml +* provision an S3 bucket: s3.yml +* provision an instance to build an AMI: provision_instance.yml +* provision a security group in AWS: security_group.yml +* provision ssh keys and users in AWS: ssh_keys.yml +* provision an AMI in AWS: seal_ami.yml +* provision scale groups: scale_group.yml +* provision launch configs: launch_config.yml Requirements ------------ @@ -9,57 +31,9 @@ Requirements * Ansible 2.3 * Boto -Role Variables --------------- - -From this role: - -| Name | Default value -|---------------------------------------------------|----------------------- -| openshift_aws_clusterid | default -| openshift_aws_elb_scheme | internet-facing -| openshift_aws_launch_config_bootstrap_token | '' -| openshift_aws_node_group_config | {'master': {'ami': '{{ openshift_aws_ami }}', 'health_check': {'type': 'EC2', 'period': 60}, 'volumes': '{{ openshift_aws_node_group_config_master_volumes }}', 'tags': {'host-type': 'master', 'sub-host-type': 'default'}, 'min_size': 3, 'instance_type': 'm4.xlarge', 'desired_size': 3, 'wait_for_instances': True, 'max_size': 3}, 'tags': '{{ openshift_aws_node_group_config_tags }}', 'compute': {'ami': '{{ openshift_aws_ami }}', 'health_check': {'type': 'EC2', 'period': 60}, 'volumes': '{{ openshift_aws_node_group_config_node_volumes }}', 'tags': {'host-type': 'node', 'sub-host-type': 'compute'}, 'min_size': 3, 'instance_type': 'm4.xlarge', 'desired_size': 3, 'max_size': 100}, 'infra': {'ami': '{{ openshift_aws_ami }}', 'health_check': {'type': 'EC2', 'period': 60}, 'volumes': '{{ openshift_aws_node_group_config_node_volumes }}', 'tags': {'host-type': 'node', 'sub-host-type': 'infra'}, 'min_size': 2, 'instance_type': 'm4.xlarge', 'desired_size': 2, 'max_size': 20}} -| openshift_aws_ami_copy_wait | False -| openshift_aws_users | [] -| openshift_aws_launch_config_name | {{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }} -| openshift_aws_create_vpc | False -| openshift_aws_node_group_type | master -| openshift_aws_elb_cert_arn | '' -| openshift_aws_kubernetes_cluster_status | owned -| openshift_aws_s3_mode | create -| openshift_aws_vpc | {'subnets': {'us-east-1': [{'cidr': '172.31.48.0/20', 'az': 'us-east-1c'}, {'cidr': '172.31.32.0/20', 'az': 'us-east-1e'}, {'cidr': '172.31.16.0/20', 'az': 'us-east-1a'}]}, 'cidr': '172.31.0.0/16', 'name': '{{ openshift_aws_vpc_name }}'} -| openshift_aws_create_ssh_keys | False -| openshift_aws_iam_kms_alias | alias/{{ openshift_aws_clusterid }}_kms -| openshift_aws_use_custom_ami | False -| openshift_aws_ami_copy_src_region | {{ openshift_aws_region }} -| openshift_aws_s3_bucket_name | {{ openshift_aws_clusterid }} -| openshift_aws_elb_health_check | {'response_timeout': 5, 'ping_port': 443, 'ping_protocol': 'tcp', 'interval': 30, 'healthy_threshold': 2, 'unhealthy_threshold': 2} -| openshift_aws_node_security_groups | {'default': {'rules': [{'to_port': 22, 'from_port': 22, 'cidr_ip': '0.0.0.0/0', 'proto': 'tcp'}, {'to_port': 'all', 'from_port': 'all', 'proto': 'all', 'group_name': '{{ openshift_aws_clusterid }}'}], 'name': '{{ openshift_aws_clusterid }}', 'desc': '{{ openshift_aws_clusterid }} default'}, 'master': {'rules': [{'to_port': 80, 'from_port': 80, 'cidr_ip': '0.0.0.0/0', 'proto': 'tcp'}, {'to_port': 443, 'from_port': 443, 'cidr_ip': '0.0.0.0/0', 'proto': 'tcp'}], 'name': '{{ openshift_aws_clusterid }}_master', 'desc': '{{ openshift_aws_clusterid }} master instances'}, 'compute': {'name': '{{ openshift_aws_clusterid }}_compute', 'desc': '{{ openshift_aws_clusterid }} compute node instances'}, 'etcd': {'name': '{{ openshift_aws_clusterid }}_etcd', 'desc': '{{ openshift_aws_clusterid }} etcd instances'}, 'infra': {'rules': [{'to_port': 80, 'from_port': 80, 'cidr_ip': '0.0.0.0/0', 'proto': 'tcp'}, {'to_port': 443, 'from_port': 443, 'cidr_ip': '0.0.0.0/0', 'proto': 'tcp'}, {'to_port': 32000, 'from_port': 30000, 'cidr_ip': '0.0.0.0/0', 'proto': 'tcp'}], 'name': '{{ openshift_aws_clusterid }}_infra', 'desc': '{{ openshift_aws_clusterid }} infra node instances'}} -| openshift_aws_elb_security_groups | ['{{ openshift_aws_clusterid }}', '{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}'] -| openshift_aws_vpc_tags | {'Name': '{{ openshift_aws_vpc_name }}'} -| openshift_aws_create_security_groups | False -| openshift_aws_create_iam_cert | False -| openshift_aws_create_scale_group | True -| openshift_aws_ami_encrypt | False -| openshift_aws_node_group_config_node_volumes | [{'volume_size': 100, 'delete_on_termination': True, 'device_type': 'gp2', 'device_name': '/dev/sdb'}] -| openshift_aws_elb_instance_filter | {'tag:host-type': '{{ openshift_aws_node_group_type }}', 'tag:clusterid': '{{ openshift_aws_clusterid }}', 'instance-state-name': 'running'} -| openshift_aws_region | us-east-1 -| openshift_aws_elb_name | {{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }} -| openshift_aws_elb_idle_timout | 400 -| openshift_aws_subnet_name | us-east-1c -| openshift_aws_node_group_config_tags | {{ openshift_aws_clusterid | openshift_aws_build_instance_tags(openshift_aws_kubernetes_cluster_status) }} -| openshift_aws_create_launch_config | True -| openshift_aws_ami_tags | {'bootstrap': 'true', 'clusterid': '{{ openshift_aws_clusterid }}', 'openshift-created': 'true'} -| openshift_aws_ami_name | openshift-gi -| openshift_aws_node_group_config_master_volumes | [{'volume_size': 100, 'delete_on_termination': False, 'device_type': 'gp2', 'device_name': '/dev/sdb'}] -| openshift_aws_vpc_name | {{ openshift_aws_clusterid }} -| openshift_aws_elb_listeners | {'master': {'internal': [{'instance_port': 80, 'instance_protocol': 'tcp', 'load_balancer_port': 80, 'protocol': 'tcp'}, {'instance_port': 443, 'instance_protocol': 'tcp', 'load_balancer_port': 443, 'protocol': 'tcp'}], 'external': [{'instance_port': 443, 'instance_protocol': 'ssl', 'load_balancer_port': 80, 'protocol': 'tcp'}, {'instance_port': 443, 'instance_protocol': 'ssl', 'load_balancer_port': 443, 'ssl_certificate_id': '{{ openshift_aws_elb_cert_arn }}', 'protocol': 'ssl'}]}} -| - - -Dependencies ------------- +Appropriate AWS credentials and permissions are required. + + Example Playbook @@ -72,7 +46,6 @@ Example Playbook vars: openshift_aws_clusterid: test openshift_aws_region: us-east-1 - openshift_aws_create_vpc: true ``` License diff --git a/roles/openshift_aws/defaults/main.yml b/roles/openshift_aws/defaults/main.yml index 94c0f4472..c9a429675 100644 --- a/roles/openshift_aws/defaults/main.yml +++ b/roles/openshift_aws/defaults/main.yml @@ -1,12 +1,10 @@ --- -openshift_aws_create_vpc: True openshift_aws_create_s3: True openshift_aws_create_iam_cert: True +openshift_aws_create_iam_role: False openshift_aws_create_security_groups: True openshift_aws_create_launch_config: True openshift_aws_create_scale_group: True -openshift_aws_kubernetes_cluster_status: owned # or shared -openshift_aws_node_group_type: master openshift_aws_wait_for_ssh: True @@ -18,7 +16,11 @@ openshift_aws_build_ami_group: "{{ openshift_aws_clusterid }}" openshift_aws_iam_cert_name: "{{ openshift_aws_clusterid }}-master-external" openshift_aws_iam_cert_path: '' openshift_aws_iam_cert_key_path: '' -openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift {{ openshift_aws_node_group_type }}" +openshift_aws_scale_group_basename: "{{ openshift_aws_clusterid }} openshift" + +openshift_aws_iam_role_name: openshift_node_describe_instances +openshift_aws_iam_role_policy_json: "{{ lookup('file', 'describeinstances.json') }}" +openshift_aws_iam_role_policy_name: "describe_instances" openshift_aws_iam_kms_alias: "alias/{{ openshift_aws_clusterid }}_kms" openshift_aws_ami: '' @@ -29,7 +31,7 @@ openshift_aws_ami_name: openshift-gi openshift_aws_base_ami_name: ami_base openshift_aws_launch_config_bootstrap_token: '' -openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}-{{ ansible_date_time.epoch }}" +openshift_aws_launch_config_basename: "{{ openshift_aws_clusterid }}" openshift_aws_users: [] @@ -49,12 +51,19 @@ openshift_aws_elb_health_check: unhealthy_threshold: 2 healthy_threshold: 2 -openshift_aws_elb_name: "{{ openshift_aws_clusterid }}-{{ openshift_aws_node_group_type }}" +openshift_aws_elb_basename: "{{ openshift_aws_clusterid }}" +openshift_aws_elb_name_dict: + master: + external: "{{ openshift_aws_elb_basename }}-master-external" + internal: "{{ openshift_aws_elb_basename }}-master-internal" + infra: + external: "{{ openshift_aws_elb_basename }}-infra" + openshift_aws_elb_idle_timout: 400 openshift_aws_elb_scheme: internet-facing openshift_aws_elb_cert_arn: '' -openshift_aws_elb_listeners: +openshift_aws_elb_dict: master: external: - protocol: tcp @@ -76,6 +85,18 @@ openshift_aws_elb_listeners: load_balancer_port: 443 instance_protocol: tcp instance_port: 443 + infra: + external: + - protocol: tcp + load_balancer_port: 80 + instance_protocol: tcp + instance_port: 443 + proxy_protocol: True + - protocol: tcp + load_balancer_port: 443 + instance_protocol: tcp + instance_port: 443 + proxy_protocol: True openshift_aws_node_group_config_master_volumes: - device_name: /dev/sdb @@ -89,13 +110,21 @@ openshift_aws_node_group_config_node_volumes: device_type: gp2 delete_on_termination: True -openshift_aws_node_group_config_tags: "{{ openshift_aws_clusterid | build_instance_tags(openshift_aws_kubernetes_cluster_status) }}" +openshift_aws_node_group_config_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" +openshift_aws_node_group_termination_policy: Default +openshift_aws_node_group_replace_instances: [] +openshift_aws_node_group_replace_all_instances: False +openshift_aws_node_group_config_extra_labels: {} -openshift_aws_node_group_config: - tags: "{{ openshift_aws_node_group_config_tags }}" +openshift_aws_ami_map: + master: "{{ openshift_aws_ami }}" + infra: "{{ openshift_aws_ami }}" + compute: "{{ openshift_aws_ami }}" + +openshift_aws_master_group_config: + # The 'master' key is always required here. master: instance_type: m4.xlarge - ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_master_volumes }}" health_check: period: 60 @@ -106,10 +135,20 @@ openshift_aws_node_group_config: tags: host-type: master sub-host-type: default + labels: + type: master wait_for_instances: True + termination_policy: "{{ openshift_aws_node_group_termination_policy }}" + replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" + iam_role: "{{ openshift_aws_iam_role_name }}" + policy_name: "{{ openshift_aws_iam_role_policy_name }}" + policy_json: "{{ openshift_aws_iam_role_policy_json }}" + elbs: "{{ openshift_aws_elb_name_dict['master'].keys()| map('extract', openshift_aws_elb_name_dict['master']) | list }}" + +openshift_aws_node_group_config: + # The 'compute' key is always required here. compute: instance_type: m4.xlarge - ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_node_volumes }}" health_check: period: 60 @@ -120,9 +159,16 @@ openshift_aws_node_group_config: tags: host-type: node sub-host-type: compute + labels: + type: compute + termination_policy: "{{ openshift_aws_node_group_termination_policy }}" + replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" + iam_role: "{{ openshift_aws_iam_role_name }}" + policy_name: "{{ openshift_aws_iam_role_policy_name }}" + policy_json: "{{ openshift_aws_iam_role_policy_json }}" + # The 'infra' key is always required here. infra: instance_type: m4.xlarge - ami: "{{ openshift_aws_ami }}" volumes: "{{ openshift_aws_node_group_config_node_volumes }}" health_check: period: 60 @@ -133,20 +179,37 @@ openshift_aws_node_group_config: tags: host-type: node sub-host-type: infra + labels: + type: infra + termination_policy: "{{ openshift_aws_node_group_termination_policy }}" + replace_all_instances: "{{ openshift_aws_node_group_replace_all_instances }}" + iam_role: "{{ openshift_aws_iam_role_name }}" + policy_name: "{{ openshift_aws_iam_role_policy_name }}" + policy_json: "{{ openshift_aws_iam_role_policy_json }}" + elbs: "{{ openshift_aws_elb_name_dict['infra'].keys()| map('extract', openshift_aws_elb_name_dict['infra']) | list }}" + +openshift_aws_elb_tags: "{{ openshift_aws_kube_tags }}" +openshift_aws_elb_az_load_balancing: False -openshift_aws_elb_security_groups: -- "{{ openshift_aws_clusterid }}" -- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}" +openshift_aws_kube_tags: "{{ openshift_aws_clusterid | build_instance_tags }}" -openshift_aws_elb_instance_filter: - "tag:clusterid": "{{ openshift_aws_clusterid }}" - "tag:host-type": "{{ openshift_aws_node_group_type }}" - instance-state-name: running +openshift_aws_elb_security_groups: "{{ openshift_aws_launch_config_security_groups }}" openshift_aws_launch_config_security_groups: -- "{{ openshift_aws_clusterid }}" # default sg -- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}" # node type sg -- "{{ openshift_aws_clusterid }}_{{ openshift_aws_node_group_type }}_k8s" # node type sg k8s + compute: + - "{{ openshift_aws_clusterid }}" # default sg + - "{{ openshift_aws_clusterid }}_compute" # node type sg + - "{{ openshift_aws_clusterid }}_compute_k8s" # node type sg k8s + infra: + - "{{ openshift_aws_clusterid }}" # default sg + - "{{ openshift_aws_clusterid }}_infra" # node type sg + - "{{ openshift_aws_clusterid }}_infra_k8s" # node type sg k8s + master: + - "{{ openshift_aws_clusterid }}" # default sg + - "{{ openshift_aws_clusterid }}_master" # node type sg + - "{{ openshift_aws_clusterid }}_master_k8s" # node type sg k8s + +openshift_aws_security_groups_tags: "{{ openshift_aws_kube_tags }}" openshift_aws_node_security_groups: default: @@ -212,3 +275,22 @@ openshift_aws_vpc: az: "us-east-1e" - cidr: 172.31.16.0/20 az: "us-east-1a" + +openshift_aws_node_run_bootstrap_startup: True +openshift_aws_node_user_data: '' +openshift_aws_node_config_namespace: openshift-node + +# If creating extra node groups, you'll need to define all of the following + +# The format is the same as openshift_aws_node_group_config, but the top-level +# key names should be different (ie, not == master or infra). +# openshift_aws_node_group_config_extra: {} + +# This variable should look like openshift_aws_launch_config_security_groups +# and contain a one-to-one mapping of top level keys that are defined in +# openshift_aws_node_group_config_extra. +# openshift_aws_launch_config_security_groups_extra: {} + +# openshift_aws_node_security_groups_extra: {} + +# openshift_aws_ami_map_extra: {} diff --git a/roles/openshift_aws/files/describeinstances.json b/roles/openshift_aws/files/describeinstances.json new file mode 100644 index 000000000..40de49721 --- /dev/null +++ b/roles/openshift_aws/files/describeinstances.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "ec2:DescribeInstances" + ], + "Resource": [ + "*" + ], + "Effect": "Allow", + "Sid": "Stmt1438195894000" + } + ] +} diff --git a/roles/openshift_aws/files/trustpolicy.json b/roles/openshift_aws/files/trustpolicy.json new file mode 100644 index 000000000..87c7d7c42 --- /dev/null +++ b/roles/openshift_aws/files/trustpolicy.json @@ -0,0 +1,12 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} diff --git a/roles/openshift_aws/filter_plugins/openshift_aws_filters.py b/roles/openshift_aws/filter_plugins/openshift_aws_filters.py index 06e1f9602..a9893c0a7 100644 --- a/roles/openshift_aws/filter_plugins/openshift_aws_filters.py +++ b/roles/openshift_aws/filter_plugins/openshift_aws_filters.py @@ -9,17 +9,17 @@ class FilterModule(object): ''' Custom ansible filters for use by openshift_aws role''' @staticmethod - def build_instance_tags(clusterid, status='owned'): + def build_instance_tags(clusterid): ''' This function will return a dictionary of the instance tags. The main desire to have this inside of a filter_plugin is that we need to build the following key. - {"kubernetes.io/cluster/{{ openshift_aws_clusterid }}": 'owned'} + {"kubernetes.io/cluster/{{ openshift_aws_clusterid }}": "{{ openshift_aws_clusterid}}"} ''' tags = {'clusterid': clusterid, - 'kubernetes.io/cluster/{}'.format(clusterid): status} + 'kubernetes.io/cluster/{}'.format(clusterid): clusterid} return tags diff --git a/roles/openshift_aws/tasks/build_ami.yml b/roles/openshift_aws/tasks/build_ami.yml deleted file mode 100644 index 48555e5da..000000000 --- a/roles/openshift_aws/tasks/build_ami.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- when: openshift_aws_create_vpc | bool - name: create a vpc - include: vpc.yml - -- when: openshift_aws_users | length > 0 - name: create aws ssh keypair - include: ssh_keys.yml - -- when: openshift_aws_create_security_groups | bool - name: Create compute security_groups - include: security_group.yml - -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - -- name: fetch the default subnet id - ec2_vpc_subnet_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - register: subnetout - -- name: create instance for ami creation - ec2: - assign_public_ip: yes - region: "{{ openshift_aws_region }}" - key_name: "{{ openshift_aws_ssh_key_name }}" - group: "{{ openshift_aws_build_ami_group }}" - instance_type: m4.xlarge - vpc_subnet_id: "{{ subnetout.subnets[0].id }}" - image: "{{ openshift_aws_base_ami }}" - volumes: - - device_name: /dev/sdb - volume_type: gp2 - volume_size: 100 - delete_on_termination: true - wait: yes - exact_count: 1 - count_tag: - Name: "{{ openshift_aws_base_ami_name }}" - instance_tags: - Name: "{{ openshift_aws_base_ami_name }}" diff --git a/roles/openshift_aws/tasks/build_node_group.yml b/roles/openshift_aws/tasks/build_node_group.yml index 0dac1c23d..7e8e9b679 100644 --- a/roles/openshift_aws/tasks/build_node_group.yml +++ b/roles/openshift_aws/tasks/build_node_group.yml @@ -1,4 +1,6 @@ --- +# This task file expects l_nodes_to_build to be passed in. + # When openshift_aws_use_custom_ami is '' then # we retrieve the latest build AMI. # Then set openshift_aws_ami to the ami. @@ -21,14 +23,15 @@ - "'results' in amiout" - amiout.results|length > 0 -- when: openshift_aws_create_security_groups - name: "Create {{ openshift_aws_node_group_type }} security groups" - include: security_group.yml +# Need to set epoch time in one place to use for launch_config and scale_group +- set_fact: + l_epoch_time: "{{ ansible_date_time.epoch }}" + +- when: openshift_aws_create_iam_role + include: iam_role.yml - when: openshift_aws_create_launch_config - name: "Create {{ openshift_aws_node_group_type }} launch config" include: launch_config.yml - when: openshift_aws_create_scale_group - name: "Create {{ openshift_aws_node_group_type }} node group" include: scale_group.yml diff --git a/roles/openshift_aws/tasks/elb.yml b/roles/openshift_aws/tasks/elb.yml index 7bc3184df..a543222d5 100644 --- a/roles/openshift_aws/tasks/elb.yml +++ b/roles/openshift_aws/tasks/elb.yml @@ -1,66 +1,24 @@ --- -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - -- name: debug - debug: var=vpcout - -- name: fetch the remote instances - ec2_remote_facts: - region: "{{ openshift_aws_region }}" - filters: "{{ openshift_aws_elb_instance_filter }}" - register: instancesout - -- name: fetch the default subnet id - ec2_vpc_subnet_facts: - region: "{{ openshift_aws_region }}" - filters: - "tag:Name": "{{ openshift_aws_subnet_name }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - register: subnetout - -- name: +- name: "dump the elb listeners for {{ l_elb_dict_item.key }}" debug: - msg: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction] - if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type - else openshift_aws_elb_listeners }}" + msg: "{{ l_elb_dict_item.value }}" -- name: "Create ELB {{ l_openshift_aws_elb_name }}" +- name: "Create ELB {{ l_elb_dict_item.key }}" ec2_elb_lb: - name: "{{ l_openshift_aws_elb_name }}" + name: "{{ l_openshift_aws_elb_name_dict[l_elb_dict_item.key][item.key] }}" state: present - security_group_names: "{{ openshift_aws_elb_security_groups }}" + cross_az_load_balancing: "{{ openshift_aws_elb_az_load_balancing }}" + security_group_names: "{{ l_elb_security_groups[l_elb_dict_item.key] }}" idle_timeout: "{{ openshift_aws_elb_idle_timout }}" region: "{{ openshift_aws_region }}" subnets: - "{{ subnetout.subnets[0].id }}" health_check: "{{ openshift_aws_elb_health_check }}" - listeners: "{{ openshift_aws_elb_listeners[openshift_aws_node_group_type][openshift_aws_elb_direction] - if 'master' in openshift_aws_node_group_type or 'infra' in openshift_aws_node_group_type - else openshift_aws_elb_listeners }}" + listeners: "{{ item.value }}" scheme: "{{ openshift_aws_elb_scheme }}" - tags: - KubernetesCluster: "{{ openshift_aws_clusterid }}" + tags: "{{ openshift_aws_elb_tags }}" register: new_elb - -# It is necessary to ignore_errors here because the instances are not in 'ready' -# state when first added to ELB -- name: "Add instances to ELB {{ l_openshift_aws_elb_name }}" - ec2_elb: - instance_id: "{{ item.id }}" - ec2_elbs: "{{ l_openshift_aws_elb_name }}" - state: present - region: "{{ openshift_aws_region }}" - wait: False - with_items: "{{ instancesout.instances }}" - ignore_errors: True - retries: 10 - register: elb_call - until: elb_call|succeeded + with_dict: "{{ l_elb_dict_item.value }}" - debug: msg: "{{ item }}" diff --git a/roles/openshift_aws/tasks/iam_role.yml b/roles/openshift_aws/tasks/iam_role.yml new file mode 100644 index 000000000..d9910d938 --- /dev/null +++ b/roles/openshift_aws/tasks/iam_role.yml @@ -0,0 +1,36 @@ +--- +##### +# Instance profiles consist of two parts. The first part is creating a role +# in which the instance has access and will use this role's permissions +# to make API calls on his behalf. This role requires a trust policy +# which links a service (ec2) to the role. This states that this role +# has access to make call ec2 API calls. +# See ../files/trustpolicy.json +# +# Currently openshift-node requires +# access to the AWS API to call describeinstances. +# https://bugzilla.redhat.com/show_bug.cgi?id=1510519 +##### +- name: Create an iam role + iam_role: + name: "{{ item.value.iam_role }}" + assume_role_policy_document: "{{ lookup('file','trustpolicy.json') }}" + state: "{{ openshift_aws_iam_role_state | default('present') }}" + when: item.value.iam_role is defined + with_dict: "{{ l_nodes_to_build }}" + +##### +# The second part of this task file is linking the role to a policy +# that specifies which calls the role can make to the ec2 API. +# Currently all that is required is DescribeInstances. +# See ../files/describeinstances.json +##### +- name: create an iam policy + iam_policy: + iam_type: role + iam_name: "{{ item.value.iam_role }}" + policy_json: "{{ item.value.policy_json }}" + policy_name: "{{ item.value.policy_name }}" + state: "{{ openshift_aws_iam_role_state | default('present') }}" + when: item.value.iam_role is defined + with_dict: "{{ l_nodes_to_build }}" diff --git a/roles/openshift_aws/tasks/launch_config.yml b/roles/openshift_aws/tasks/launch_config.yml index e6be9969c..0dbeba5a0 100644 --- a/roles/openshift_aws/tasks/launch_config.yml +++ b/roles/openshift_aws/tasks/launch_config.yml @@ -4,47 +4,12 @@ when: - openshift_aws_ami is undefined -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - -- name: fetch the security groups for launch config - ec2_group_facts: - filters: - group-name: "{{ openshift_aws_launch_config_security_groups }}" - vpc-id: "{{ vpcout.vpcs[0].id }}" - region: "{{ openshift_aws_region }}" - register: ec2sgs +- fail: + msg: "Ensure that openshift_deployment_type is defined." + when: + - openshift_deployment_type is undefined -# Create the scale group config -- name: Create the node scale group launch config - ec2_lc: - name: "{{ openshift_aws_launch_config_name }}" - region: "{{ openshift_aws_region }}" - image_id: "{{ openshift_aws_ami }}" - instance_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].instance_type }}" - security_groups: "{{ openshift_aws_launch_config_security_group_id | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}" - user_data: |- - #cloud-config - {% if openshift_aws_node_group_type != 'master' %} - write_files: - - path: /root/csr_kubeconfig - owner: root:root - permissions: '0640' - content: {{ openshift_aws_launch_config_bootstrap_token | default('') | to_yaml }} - - path: /root/openshift_settings - owner: root:root - permissions: '0640' - content: - openshift_type: "{{ openshift_aws_node_group_type }}" - runcmd: - - [ systemctl, enable, atomic-openshift-node] - - [ systemctl, start, atomic-openshift-node] - {% endif %} - key_name: "{{ openshift_aws_ssh_key_name }}" - ebs_optimized: False - volumes: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].volumes }}" - assign_public_ip: True +- include: launch_config_create.yml + with_dict: "{{ l_nodes_to_build }}" + loop_control: + loop_var: launch_config_item diff --git a/roles/openshift_aws/tasks/launch_config_create.yml b/roles/openshift_aws/tasks/launch_config_create.yml new file mode 100644 index 000000000..a688496d2 --- /dev/null +++ b/roles/openshift_aws/tasks/launch_config_create.yml @@ -0,0 +1,26 @@ +--- +- name: fetch the security groups for launch config + ec2_group_facts: + filters: + group-name: "{{ l_launch_config_security_groups[launch_config_item.key] }}" + vpc-id: "{{ vpcout.vpcs[0].id }}" + region: "{{ openshift_aws_region }}" + register: ec2sgs + +# Create the scale group config +- name: Create the node scale group launch config + ec2_lc: + name: "{{ openshift_aws_launch_config_basename }}-{{ launch_config_item.key }}-{{ l_epoch_time }}" + region: "{{ openshift_aws_region }}" + image_id: "{{ l_aws_ami_map[launch_config_item.key] | default(openshift_aws_ami) }}" + instance_type: "{{ launch_config_item.value.instance_type }}" + security_groups: "{{ openshift_aws_launch_config_security_group_id | default(ec2sgs.security_groups | map(attribute='group_id')| list) }}" + instance_profile_name: "{{ launch_config_item.value.iam_role if launch_config_item.value.iam_role is defined and + launch_config_item.value.iam_role != '' and + openshift_aws_create_iam_role + else omit }}" + user_data: "{{ lookup('template', 'user_data.j2') }}" + key_name: "{{ openshift_aws_ssh_key_name }}" + ebs_optimized: False + volumes: "{{ launch_config_item.value.volumes }}" + assign_public_ip: True diff --git a/roles/openshift_aws/tasks/master_facts.yml b/roles/openshift_aws/tasks/master_facts.yml new file mode 100644 index 000000000..530b0134d --- /dev/null +++ b/roles/openshift_aws/tasks/master_facts.yml @@ -0,0 +1,20 @@ +--- +- name: fetch elbs + ec2_elb_facts: + region: "{{ openshift_aws_region }}" + names: + - "{{ openshift_aws_elb_name_dict['master']['internal'] }}" + delegate_to: localhost + register: elbs + +- debug: var=elbs + run_once: true + +- name: set fact + set_fact: + openshift_master_cluster_hostname: "{{ elbs.elbs[0].dns_name }}" + osm_custom_cors_origins: + - "{{ elbs.elbs[0].dns_name }}" + - "console.{{ openshift_aws_clusterid | default('default') }}.openshift.com" + - "api.{{ openshift_aws_clusterid | default('default') }}.openshift.com" + with_items: "{{ groups['masters'] }}" diff --git a/roles/openshift_aws/tasks/provision.yml b/roles/openshift_aws/tasks/provision.yml index a2920b744..91538ed5c 100644 --- a/roles/openshift_aws/tasks/provision.yml +++ b/roles/openshift_aws/tasks/provision.yml @@ -1,49 +1,42 @@ --- -- when: openshift_aws_create_vpc | bool - name: create default vpc - include: vpc.yml - - when: openshift_aws_create_iam_cert | bool name: create the iam_cert for elb certificate include: iam_cert.yml -- when: openshift_aws_users | length > 0 - name: create aws ssh keypair - include: ssh_keys.yml - - when: openshift_aws_create_s3 | bool name: create s3 bucket for registry include: s3.yml +- include: vpc_and_subnet_id.yml + +- name: create elbs + include: elb.yml + with_dict: "{{ openshift_aws_elb_dict }}" + vars: + l_elb_security_groups: "{{ openshift_aws_elb_security_groups }}" + l_openshift_aws_elb_name_dict: "{{ openshift_aws_elb_name_dict }}" + loop_control: + loop_var: l_elb_dict_item + - name: include scale group creation for master include: build_node_group.yml + vars: + l_nodes_to_build: "{{ openshift_aws_master_group_config }}" + l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" + l_aws_ami_map: "{{ openshift_aws_ami_map }}" - name: fetch newly created instances ec2_remote_facts: region: "{{ openshift_aws_region }}" filters: "tag:clusterid": "{{ openshift_aws_clusterid }}" - "tag:host-type": "{{ openshift_aws_node_group_type }}" + "tag:host-type": "master" instance-state-name: running register: instancesout retries: 20 delay: 3 until: instancesout.instances|length > 0 -- name: create our master internal load balancers - include: elb.yml - vars: - openshift_aws_elb_direction: internal - l_openshift_aws_elb_name: "{{ openshift_aws_elb_name }}-internal" - openshift_aws_elb_scheme: internal - -- name: create our master external load balancers - include: elb.yml - vars: - openshift_aws_elb_direction: external - l_openshift_aws_elb_name: "{{ openshift_aws_elb_name }}-external" - openshift_aws_elb_scheme: internet-facing - - name: wait for ssh to become available wait_for: port: 22 diff --git a/roles/openshift_aws/tasks/provision_instance.yml b/roles/openshift_aws/tasks/provision_instance.yml new file mode 100644 index 000000000..3349acb7a --- /dev/null +++ b/roles/openshift_aws/tasks/provision_instance.yml @@ -0,0 +1,50 @@ +--- +- name: set openshift_node_bootstrap to True when building AMI + set_fact: + openshift_node_bootstrap: True + +- include: vpc_and_subnet_id.yml + +- name: create instance for ami creation + ec2: + assign_public_ip: yes + region: "{{ openshift_aws_region }}" + key_name: "{{ openshift_aws_ssh_key_name }}" + group: "{{ openshift_aws_build_ami_group }}" + instance_type: m4.xlarge + vpc_subnet_id: "{{ openshift_aws_subnet_id | default(subnetout.subnets[0].id) }}" + image: "{{ openshift_aws_base_ami }}" + volumes: + - device_name: /dev/sdb + volume_type: gp2 + volume_size: 100 + delete_on_termination: true + wait: yes + exact_count: 1 + count_tag: + Name: "{{ openshift_aws_base_ami_name }}" + instance_tags: + Name: "{{ openshift_aws_base_ami_name }}" + +- name: fetch newly created instances + ec2_remote_facts: + region: "{{ openshift_aws_region }}" + filters: + "tag:Name": "{{ openshift_aws_base_ami_name }}" + instance-state-name: running + register: instancesout + retries: 20 + delay: 3 + until: instancesout.instances|length > 0 + +- name: wait for ssh to become available + wait_for: + port: 22 + host: "{{ instancesout.instances[0].public_ip_address }}" + timeout: 300 + search_regex: OpenSSH + +- name: add host to nodes + add_host: + groups: nodes + name: "{{ instancesout.instances[0].public_dns_name }}" diff --git a/roles/openshift_aws/tasks/provision_nodes.yml b/roles/openshift_aws/tasks/provision_nodes.yml index fc4996c68..1b40f24d3 100644 --- a/roles/openshift_aws/tasks/provision_nodes.yml +++ b/roles/openshift_aws/tasks/provision_nodes.yml @@ -25,19 +25,23 @@ set_fact: openshift_aws_launch_config_bootstrap_token: "{{ bootstrap['content'] | b64decode }}" -- name: include build node group for infra +- include: vpc_and_subnet_id.yml + +- name: include build compute and infra node groups include: build_node_group.yml vars: - openshift_aws_node_group_type: infra - openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift infra" - openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-infra-{{ ansible_date_time.epoch }}" + l_nodes_to_build: "{{ openshift_aws_node_group_config }}" + l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups }}" + l_aws_ami_map: "{{ openshift_aws_ami_map }}" -- name: include build node group for compute +- name: include build node group for extra nodes include: build_node_group.yml + when: openshift_aws_node_group_config_extra is defined vars: - openshift_aws_node_group_type: compute - openshift_aws_scale_group_name: "{{ openshift_aws_clusterid }} openshift compute" - openshift_aws_launch_config_name: "{{ openshift_aws_clusterid }}-compute-{{ ansible_date_time.epoch }}" + l_nodes_to_build: "{{ openshift_aws_node_group_config_extra | default({}) }}" + l_launch_config_security_groups: "{{ openshift_aws_launch_config_security_groups_extra }}" + l_aws_ami_map: "{{ openshift_aws_ami_map_extra }}" + - when: openshift_aws_wait_for_ssh | bool block: diff --git a/roles/openshift_aws/tasks/scale_group.yml b/roles/openshift_aws/tasks/scale_group.yml index 3e969fc43..097859af2 100644 --- a/roles/openshift_aws/tasks/scale_group.yml +++ b/roles/openshift_aws/tasks/scale_group.yml @@ -1,11 +1,4 @@ --- -- name: query vpc - ec2_vpc_net_facts: - region: "{{ openshift_aws_region }}" - filters: - 'tag:Name': "{{ openshift_aws_vpc_name }}" - register: vpcout - - name: fetch the subnet to use in scale group ec2_vpc_subnet_facts: region: "{{ openshift_aws_region }}" @@ -16,17 +9,20 @@ - name: Create the scale group ec2_asg: - name: "{{ openshift_aws_scale_group_name }}" - launch_config_name: "{{ openshift_aws_launch_config_name }}" - health_check_period: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.period }}" - health_check_type: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].health_check.type }}" - min_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].min_size }}" - max_size: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].max_size }}" - desired_capacity: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].desired_size }}" + name: "{{ openshift_aws_scale_group_basename }} {{ item.key }}" + launch_config_name: "{{ openshift_aws_launch_config_basename }}-{{ item.key }}-{{ l_epoch_time }}" + health_check_period: "{{ item.value.health_check.period }}" + health_check_type: "{{ item.value.health_check.type }}" + min_size: "{{ item.value.min_size }}" + max_size: "{{ item.value.max_size }}" + desired_capacity: "{{ item.value.desired_size }}" region: "{{ openshift_aws_region }}" - termination_policies: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].termination_policy if 'termination_policy' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}" - load_balancers: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].elbs if 'elbs' in openshift_aws_node_group_config[openshift_aws_node_group_type] else omit }}" - wait_for_instances: "{{ openshift_aws_node_group_config[openshift_aws_node_group_type].wait_for_instances | default(False)}}" + termination_policies: "{{ item.value.termination_policy if 'termination_policy' in item.value else omit }}" + load_balancers: "{{ item.value.elbs if 'elbs' in item.value else omit }}" + wait_for_instances: "{{ item.value.wait_for_instances | default(False)}}" vpc_zone_identifier: "{{ subnetout.subnets[0].id }}" + replace_instances: "{{ openshift_aws_node_group_replace_instances if openshift_aws_node_group_replace_instances != [] else omit }}" + replace_all_instances: "{{ omit if openshift_aws_node_group_replace_instances != [] else (item.value.replace_all_instances | default(omit)) }}" tags: - - "{{ openshift_aws_node_group_config.tags | combine(openshift_aws_node_group_config[openshift_aws_node_group_type].tags) }}" + - "{{ openshift_aws_node_group_config_tags | combine(item.value.tags) }}" + with_dict: "{{ l_nodes_to_build }}" diff --git a/roles/openshift_aws/tasks/security_group.yml b/roles/openshift_aws/tasks/security_group.yml index 161e72fb4..5cc7ae537 100644 --- a/roles/openshift_aws/tasks/security_group.yml +++ b/roles/openshift_aws/tasks/security_group.yml @@ -6,40 +6,11 @@ "tag:Name": "{{ openshift_aws_clusterid }}" register: vpcout -- name: Create default security group for cluster - ec2_group: - name: "{{ openshift_aws_node_security_groups.default.name }}" - description: "{{ openshift_aws_node_security_groups.default.desc }}" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - rules: "{{ openshift_aws_node_security_groups.default.rules | default(omit, True)}}" - register: sg_default_created - -- name: create the node group sgs - ec2_group: - name: "{{ item.name}}" - description: "{{ item.desc }}" - rules: "{{ item.rules if 'rules' in item else [] }}" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - register: sg_create - with_items: - - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}" +- include: security_group_create.yml + vars: + l_security_groups: "{{ openshift_aws_node_security_groups }}" -- name: create the k8s sgs for the node group - ec2_group: - name: "{{ item.name }}_k8s" - description: "{{ item.desc }} for k8s" - region: "{{ openshift_aws_region }}" - vpc_id: "{{ vpcout.vpcs[0].id }}" - register: k8s_sg_create - with_items: - - "{{ openshift_aws_node_security_groups[openshift_aws_node_group_type]}}" - -- name: tag sg groups with proper tags - ec2_tag: - tags: - KubernetesCluster: "{{ openshift_aws_clusterid }}" - resource: "{{ item.group_id }}" - region: "{{ openshift_aws_region }}" - with_items: "{{ k8s_sg_create.results }}" +- include: security_group_create.yml + when: openshift_aws_node_security_groups_extra is defined + vars: + l_security_groups: "{{ openshift_aws_node_security_groups_extra | default({}) }}" diff --git a/roles/openshift_aws/tasks/security_group_create.yml b/roles/openshift_aws/tasks/security_group_create.yml new file mode 100644 index 000000000..ef6060555 --- /dev/null +++ b/roles/openshift_aws/tasks/security_group_create.yml @@ -0,0 +1,25 @@ +--- +- name: create the node group sgs + ec2_group: + name: "{{ item.value.name}}" + description: "{{ item.value.desc }}" + rules: "{{ item.value.rules if 'rules' in item.value else [] }}" + region: "{{ openshift_aws_region }}" + vpc_id: "{{ vpcout.vpcs[0].id }}" + with_dict: "{{ l_security_groups }}" + +- name: create the k8s sgs for the node group + ec2_group: + name: "{{ item.value.name }}_k8s" + description: "{{ item.value.desc }} for k8s" + region: "{{ openshift_aws_region }}" + vpc_id: "{{ vpcout.vpcs[0].id }}" + with_dict: "{{ l_security_groups }}" + register: k8s_sg_create + +- name: tag sg groups with proper tags + ec2_tag: + tags: "{{ openshift_aws_security_groups_tags }}" + resource: "{{ item.group_id }}" + region: "{{ openshift_aws_region }}" + with_items: "{{ k8s_sg_create.results }}" diff --git a/roles/openshift_aws/tasks/setup_master_group.yml b/roles/openshift_aws/tasks/setup_master_group.yml new file mode 100644 index 000000000..166f3b938 --- /dev/null +++ b/roles/openshift_aws/tasks/setup_master_group.yml @@ -0,0 +1,35 @@ +--- +- name: Alert user to variables needed - clusterid + debug: + msg: "openshift_aws_clusterid={{ openshift_aws_clusterid }}" + +- name: Alert user to variables needed - region + debug: + msg: "openshift_aws_region={{ openshift_aws_region }}" + +- name: fetch newly created instances + ec2_remote_facts: + region: "{{ openshift_aws_region }}" + filters: + "tag:clusterid": "{{ openshift_aws_clusterid }}" + "tag:host-type": master + instance-state-name: running + register: instancesout + retries: 20 + delay: 3 + until: instancesout.instances|length > 0 + +- name: add new master to masters group + add_host: + groups: "masters,etcd,nodes" + name: "{{ item.public_dns_name }}" + hostname: "{{ openshift_aws_clusterid }}-master-{{ item.id[:-5] }}" + with_items: "{{ instancesout.instances }}" + +- name: wait for ssh to become available + wait_for: + port: 22 + host: "{{ item.public_dns_name }}" + timeout: 300 + search_regex: OpenSSH + with_items: "{{ instancesout.instances }}" diff --git a/roles/openshift_aws/tasks/vpc_and_subnet_id.yml b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml new file mode 100644 index 000000000..aaf9b300f --- /dev/null +++ b/roles/openshift_aws/tasks/vpc_and_subnet_id.yml @@ -0,0 +1,18 @@ +--- +- name: query vpc + ec2_vpc_net_facts: + region: "{{ openshift_aws_region }}" + filters: + 'tag:Name': "{{ openshift_aws_vpc_name }}" + register: vpcout + +- name: debug + debug: var=vpcout + +- name: fetch the default subnet id + ec2_vpc_subnet_facts: + region: "{{ openshift_aws_region }}" + filters: + "tag:Name": "{{ openshift_aws_subnet_name }}" + vpc-id: "{{ vpcout.vpcs[0].id }}" + register: subnetout diff --git a/roles/openshift_aws/templates/user_data.j2 b/roles/openshift_aws/templates/user_data.j2 new file mode 100644 index 000000000..fe0fe83d4 --- /dev/null +++ b/roles/openshift_aws/templates/user_data.j2 @@ -0,0 +1,27 @@ +{% if openshift_aws_node_user_data is defined and openshift_aws_node_user_data != '' %} +{{ openshift_aws_node_user_data }} +{% else %} +#cloud-config +write_files: +- path: /root/openshift_bootstrap/openshift_settings.yaml + owner: 'root:root' + permissions: '0640' + content: | + openshift_group_type: {{ launch_config_item.key }} +{% if launch_config_item.key != 'master' %} +- path: /etc/origin/node/bootstrap.kubeconfig + owner: 'root:root' + permissions: '0640' + encoding: b64 + content: {{ openshift_aws_launch_config_bootstrap_token | b64encode }} +{% endif %} +runcmd: +{% if openshift_aws_node_run_bootstrap_startup %} +- [ ansible-playbook, /root/openshift_bootstrap/bootstrap.yml] +{% endif %} +{% if launch_config_item.key != 'master' %} +- [ systemctl, restart, NetworkManager] +- [ systemctl, enable, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node] +- [ systemctl, start, {% if openshift_deployment_type == 'openshift-enterprise' %}atomic-openshift{% else %}origin{% endif %}-node] +{% endif %} +{% endif %} diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 419679bc2..31f0f8e7a 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -18,9 +18,7 @@ - name: Reload generated facts openshift_facts: - when: install_result | changed - delegate_to: "{{ openshift_ca_host }}" - run_once: true + when: hostvars[openshift_ca_host].install_result | changed - name: Create openshift_ca_config_dir if it does not exist file: @@ -99,15 +97,43 @@ --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_ca_config_dir }} - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_master_cert_expire_days }} --signer-expire-days={{ openshift_ca_cert_expire_days }} - {% endif %} --overwrite=false when: master_ca_missing | bool or openshift_certificates_redeploy | default(false) | bool delegate_to: "{{ openshift_ca_host }}" run_once: true +# Create client-ca-bundle.crt containing old and new OpenShift CA +# certificates. This bundle will be used when rolling the OpenShift CA +# certificate. +- name: Create client-ca-bundle.crt + block: + - command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: openshift_ca_clientconfig_tmpdir + delegate_to: "{{ openshift_ca_host }}" + - copy: + src: "{{ item }}" + dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" + remote_src: true + with_items: "{{ g_master_legacy_ca_result.files | default([]) | oo_collect('path') }}" + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - copy: + src: "{{ openshift_ca_config_dir }}/ca.crt" + dest: "{{ openshift_ca_clientconfig_tmpdir.stdout }}/" + remote_src: true + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - assemble: + src: "{{ openshift_ca_clientconfig_tmpdir.stdout }}" + dest: "{{ openshift_ca_config_dir }}/client-ca-bundle.crt" + mode: 0644 + owner: root + group: root + delegate_to: "{{ openshift_ca_host }}" + run_once: true + - name: Test local loopback context command: > {{ hostvars[openshift_ca_host].openshift.common.client_binary }} config view @@ -141,9 +167,7 @@ --signer-serial={{ openshift_ca_serial }} --user=system:openshift-master --basename=openshift-master - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_master_cert_expire_days }} - {% endif %} - name: Copy generated loopback master client config to master config dir copy: src: "{{ openshift_ca_loopback_tmpdir.stdout }}/{{ item }}" diff --git a/roles/openshift_certificate_expiry/README.md b/roles/openshift_certificate_expiry/README.md index f19a421cb..48338ca1b 100644 --- a/roles/openshift_certificate_expiry/README.md +++ b/roles/openshift_certificate_expiry/README.md @@ -54,7 +54,7 @@ included in this role, or you can [read on below for more examples](#more-exampl to help you craft you own. ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/easy-mode.yaml ``` Using the `easy-mode.yaml` playbook will produce: @@ -65,7 +65,7 @@ Using the `easy-mode.yaml` playbook will produce: > **Note:** If you are running from an RPM install use -> `/usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml` +> `/usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml` > instead ## Run from a container @@ -80,7 +80,7 @@ There are several [examples](../../examples/README.md) in the `examples` directo ## More Example Playbooks > **Note:** These Playbooks are available to run directly out of the -> [/playbooks/byo/openshift-checks/certificate_expiry/](../../playbooks/byo/openshift-checks/certificate_expiry/) directory. +> [/playbooks/openshift-checks/certificate_expiry/](../../playbooks/openshift-checks/certificate_expiry/) directory. ### Default behavior @@ -99,14 +99,14 @@ This playbook just invokes the certificate expiration check role with default op **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/default.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/default.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/default.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/default.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/default.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/default.yaml) ### Easy mode @@ -130,14 +130,14 @@ certificates (healthy or not) are included in the results: **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/easy-mode.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/easy-mode.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/easy-mode.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/easy-mode.yaml) ### Easy mode and upload reports to masters @@ -193,14 +193,14 @@ options via environment variables: **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/easy-mode-upload.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/easy-mode-upload.yaml) ### Generate HTML and JSON artifacts in their default paths @@ -219,14 +219,14 @@ $ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/by **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/html_and_json_default_paths.yaml) ### Generate HTML and JSON reports in a custom path @@ -250,14 +250,14 @@ This example customizes the report generation path to point to a specific path ( **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/html_and_json_timestamp.yaml) ### Long warning window @@ -278,14 +278,14 @@ the module out): **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/longer_warning_period.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/longer_warning_period.yaml) ### Long warning window and JSON report @@ -307,14 +307,14 @@ the module out) and save the results as a JSON file: **From git:** ``` -$ ansible-playbook -v -i HOSTS playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml +$ ansible-playbook -v -i HOSTS playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml ``` **From openshift-ansible-playbooks rpm:** ``` -$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml +$ ansible-playbook -v -i HOSTS /usr/share/ansible/openshift-ansible/playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml ``` -> [View This Playbook](../../playbooks/byo/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml) +> [View This Playbook](../../playbooks/openshift-checks/certificate_expiry/longer-warning-period-json-results.yaml) diff --git a/roles/openshift_cfme/README.md b/roles/openshift_cfme/README.md deleted file mode 100644 index 8283afed6..000000000 --- a/roles/openshift_cfme/README.md +++ /dev/null @@ -1,404 +0,0 @@ -# OpenShift-Ansible - CFME Role - -# PROOF OF CONCEPT - Alpha Version - -This role is based on the work in the upstream -[manageiq/manageiq-pods](https://github.com/ManageIQ/manageiq-pods) -project. For additional literature on configuration specific to -ManageIQ (optional post-installation tasks), visit the project's -[upstream documentation page](http://manageiq.org/docs/get-started/basic-configuration). - -Please submit a -[new issue](https://github.com/openshift/openshift-ansible/issues/new) -if you run into bugs with this role or wish to request enhancements. - -# Important Notes - -This is an early *proof of concept* role to install the Cloud Forms -Management Engine (ManageIQ) on OpenShift Container Platform (OCP). - -* This role is still in **ALPHA STATUS** -* Many options are hard-coded still (ex: NFS setup) -* Not many configurable options yet -* **Should** be ran on a dedicated cluster -* **Will not run** on undersized infra -* The terms *CFME* and *MIQ* / *ManageIQ* are interchangeable - -## Requirements - -**NOTE:** These requirements are copied from the upstream -[manageiq/manageiq-pods](https://github.com/ManageIQ/manageiq-pods) -project. - -### Prerequisites: - -* - [OpenShift Origin 1.5](https://docs.openshift.com/container-platform/3.5/welcome/index.html) - or - [higher](https://docs.openshift.com/container-platform/latest/welcome/index.html) - provisioned -* NFS or other compatible volume provider -* A cluster-admin user (created by role if required) - -### Cluster Sizing - -In order to avoid random deployment failures due to resource -starvation, we recommend a minimum cluster size for a **test** -environment. - -| Type | Size | CPUs | Memory | -|----------------|---------|----------|----------| -| Masters | `1+` | `8` | `12GB` | -| Nodes | `2+` | `4` | `8GB` | -| PV Storage | `25GB` | `N/A` | `N/A` | - - - - -**CFME has hard-requirements for memory. CFME will NOT install if your - infrastructure does not meet or exceed the requirements given - above. Do not run this playbook if you do not have the required - memory, you will just waste your time.** - - -### Other sizing considerations - -* Recommendations assume MIQ will be the **only application running** - on this cluster. -* Alternatively, you can provision an infrastructure node to run - registry/metrics/router/logging pods. -* Each MIQ application pod will consume at least `3GB` of RAM on initial - deployment (blank deployment without providers). -* RAM consumption will ramp up higher depending on appliance use, once - providers are added expect higher resource consumption. - - -### Assumptions - -1) You meet/exceed the [cluster sizing](#cluster-sizing) requirements -1) Your NFS server is on your master host -1) Your PV backing NFS storage volume is mounted on `/exports/` - -Required directories that NFS will export to back the PVs: - -* `/exports/miq-pv0[123]` - -If the required directories are not present at install-time, they will -be created using the recommended permissions per the -[upstream documentation](https://github.com/ManageIQ/manageiq-pods#make-persistent-volumes-to-host-the-miq-database-and-application-data): - -* UID/GID: `root`/`root` -* Mode: `0775` - -**IMPORTANT:** If you are using a separate volume (`/dev/vdX`) for NFS - storage, **ensure** it is mounted on `/exports/` **before** running - this role. - - - -## Role Variables - -Core variables in this role: - -| Name | Default value | Description | -|-------------------------------|---------------|---------------| -| `openshift_cfme_install_app` | `False` | `True`: Install everything and create a new CFME app, `False`: Just install all of the templates and scaffolding | - - -Variables you may override have defaults defined in -[defaults/main.yml](defaults/main.yml). - - -# Important Notes - -This is a **tech preview** status role presently. Use it with the same -caution you would give any other pre-release software. - -**Most importantly** follow this one rule: don't re-run the entrypoint -playbook multiple times in a row without cleaning up after previous -runs if some of the CFME steps have ran. This is a known -flake. Cleanup instructions are provided at the bottom of this README. - - -# Usage - -This section describes the basic usage of this role. All parameters -will use their [default values](defaults/main.yml). - -## Pre-flight Checks - -**IMPORTANT:** As documented above in [the prerequisites](#prerequisites), - you **must already** have your OCP cluster up and running. - -**Optional:** The ManageIQ pod is fairly large (about 1.7 GB) so to -save some spin-up time post-deployment, you can begin pre-pulling the -docker image to each of your nodes now: - -``` -root@node0x # docker pull docker.io/manageiq/manageiq-pods:app-latest-fine -``` - -## Getting Started - -1) The *entry point playbook* to install CFME is located in -[the BYO playbooks](../../playbooks/byo/openshift-cfme/config.yml) -directory - -2) Update your existing `hosts` inventory file and ensure the -parameter `openshift_cfme_install_app` is set to `True` under the -`[OSEv3:vars]` block. - -2) Using your existing `hosts` inventory file, run `ansible-playbook` -with the entry point playbook: - -``` -$ ansible-playbook -v -i <INVENTORY_FILE> playbooks/byo/openshift-cfme/config.yml -``` - -## Next Steps - -Once complete, the playbook will let you know: - - -``` -TASK [openshift_cfme : Status update] ********************************************************* -ok: [ho.st.na.me] => { - "msg": "CFME has been deployed. Note that there will be a delay before it is fully initialized.\n" -} -``` - -This will take several minutes (*possibly 10 or more*, depending on -your network connection). However, you can get some insight into the -deployment process during initialization. - -### oc describe pod manageiq-0 - -*Some useful information about the output you will see if you run the -`oc describe pod manageiq-0` command* - -**Readiness probe**s - These will take a while to become -`Healthy`. The initial health probes won't even happen for at least 8 -minutes depending on how long it takes you to pull down the large -images. ManageIQ is a large application so it may take a considerable -amount of time for it to deploy and be marked as `Healthy`. - -If you go to the node you know the application is running on (check -for `Successfully assigned manageiq-0 to <HOST|IP>` in the `describe` -output) you can run a `docker pull` command to monitor the progress of -the image pull: - -``` -[root@cfme-node ~]# docker pull docker.io/manageiq/manageiq-pods:app-latest-fine -Trying to pull repository docker.io/manageiq/manageiq-pods ... -sha256:6c055ca9d3c65cd694d6c0e28986b5239ba56bbdf0488cccdaa283d545258f8a: Pulling from docker.io/manageiq/manageiq-pods -Digest: sha256:6c055ca9d3c65cd694d6c0e28986b5239ba56bbdf0488cccdaa283d545258f8a -Status: Image is up to date for docker.io/manageiq/manageiq-pods:app-latest-fine -``` - -The example above demonstrates the case where the image has been -successfully pulled already. - -If the image isn't completely pulled already then you will see -multiple progress bars detailing each image layer download status. - - -### rsh - -*Useful inspection/progress monitoring techniques with the `oc rsh` -command.* - - -On your master node, switch to the `cfme` project (or whatever you -named it if you overrode the `openshift_cfme_project` variable) and -check on the pod states: - -``` -[root@cfme-master01 ~]# oc project cfme -Now using project "cfme" on server "https://10.10.0.100:8443". - -[root@cfme-master01 ~]# oc get pod -NAME READY STATUS RESTARTS AGE -manageiq-0 0/1 Running 0 14m -memcached-1-3lk7g 1/1 Running 0 14m -postgresql-1-12slb 1/1 Running 0 14m -``` - -Note how the `manageiq-0` pod says `0/1` under the **READY** -column. After some time (depending on your network connection) you'll -be able to `rsh` into the pod to find out more of what's happening in -real time. First, the easy-mode command, run this once `rsh` is -available and then watch until it says `Started Initialize Appliance -Database`: - -``` -[root@cfme-master01 ~]# oc rsh manageiq-0 journalctl -f -u appliance-initialize.service -``` - -For the full explanation of what this means, and more interactive -inspection techniques, keep reading on. - -To obtain a shell on our `manageiq` pod we use this command: - -``` -[root@cfme-master01 ~]# oc rsh manageiq-0 bash -l -``` - -The `rsh` command opens a shell in your pod for you. In this case it's -the pod called `manageiq-0`. `systemd` is managing the services in -this pod so we can use the `list-units` command to see what is running -currently: `# systemctl list-units | grep appliance`. - -If you see the `appliance-initialize` service running, this indicates -that basic setup is still in progress. We can monitor the process with -the `journalctl` command like so: - - -``` -[root@manageiq-0 vmdb]# journalctl -f -u appliance-initialize.service -Jun 14 14:55:52 manageiq-0 appliance-initialize.sh[58]: == Checking deployment status == -Jun 14 14:55:52 manageiq-0 appliance-initialize.sh[58]: No pre-existing EVM configuration found on region PV -Jun 14 14:55:52 manageiq-0 appliance-initialize.sh[58]: == Checking for existing data on server PV == -Jun 14 14:55:52 manageiq-0 appliance-initialize.sh[58]: == Starting New Deployment == -Jun 14 14:55:52 manageiq-0 appliance-initialize.sh[58]: == Applying memcached config == -Jun 14 14:55:53 manageiq-0 appliance-initialize.sh[58]: == Initializing Appliance == -Jun 14 14:55:57 manageiq-0 appliance-initialize.sh[58]: create encryption key -Jun 14 14:55:57 manageiq-0 appliance-initialize.sh[58]: configuring external database -Jun 14 14:55:57 manageiq-0 appliance-initialize.sh[58]: Checking for connections to the database... -Jun 14 14:56:09 manageiq-0 appliance-initialize.sh[58]: Create region starting -Jun 14 14:58:15 manageiq-0 appliance-initialize.sh[58]: Create region complete -Jun 14 14:58:15 manageiq-0 appliance-initialize.sh[58]: == Initializing PV data == -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: == Initializing PV data backup == -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: sending incremental file list -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: created directory /persistent/server-deploy/backup/backup_2017_06_14_145816 -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: region-data/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: region-data/var/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: region-data/var/www/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: region-data/var/www/miq/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: region-data/var/www/miq/vmdb/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: region-data/var/www/miq/vmdb/REGION -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: region-data/var/www/miq/vmdb/certs/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: region-data/var/www/miq/vmdb/certs/v2_key -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: region-data/var/www/miq/vmdb/config/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: region-data/var/www/miq/vmdb/config/database.yml -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: server-data/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: server-data/var/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: server-data/var/www/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: server-data/var/www/miq/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: server-data/var/www/miq/vmdb/ -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: server-data/var/www/miq/vmdb/GUID -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: sent 1330 bytes received 136 bytes 2932.00 bytes/sec -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: total size is 770 speedup is 0.53 -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: == Restoring PV data symlinks == -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: /var/www/miq/vmdb/REGION symlink is already in place, skipping -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: /var/www/miq/vmdb/config/database.yml symlink is already in place, skipping -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: /var/www/miq/vmdb/certs/v2_key symlink is already in place, skipping -Jun 14 14:58:16 manageiq-0 appliance-initialize.sh[58]: /var/www/miq/vmdb/log symlink is already in place, skipping -Jun 14 14:58:28 manageiq-0 systemctl[304]: Removed symlink /etc/systemd/system/multi-user.target.wants/appliance-initialize.service. -Jun 14 14:58:29 manageiq-0 systemd[1]: Started Initialize Appliance Database. -``` - -Most of what we see here (above) is the initial database seeding -process. This process isn't very quick, so be patient. - -At the bottom of the log there is a special line from the `systemctl` -service, `Removed symlink -/etc/systemd/system/multi-user.target.wants/appliance-initialize.service`. The -`appliance-initialize` service is no longer marked as enabled. This -indicates that the base application initialization is complete now. - -We're not done yet though, there are other ancillary services which -run in this pod to support the application. *Still in the rsh shell*, -Use the `ps` command to monitor for the `httpd` processes -starting. You will see output similar to the following when that stage -has completed: - -``` -[root@manageiq-0 vmdb]# ps aux | grep http -root 1941 0.0 0.1 249820 7640 ? Ss 15:02 0:00 /usr/sbin/httpd -DFOREGROUND -apache 1942 0.0 0.0 250752 6012 ? S 15:02 0:00 /usr/sbin/httpd -DFOREGROUND -apache 1943 0.0 0.0 250472 5952 ? S 15:02 0:00 /usr/sbin/httpd -DFOREGROUND -apache 1944 0.0 0.0 250472 5916 ? S 15:02 0:00 /usr/sbin/httpd -DFOREGROUND -apache 1945 0.0 0.0 250360 5764 ? S 15:02 0:00 /usr/sbin/httpd -DFOREGROUND -``` - -Furthermore, you can find other related processes by just looking for -ones with `MIQ` in their name: - -``` -[root@manageiq-0 vmdb]# ps aux | grep miq -root 333 27.7 4.2 555884 315916 ? Sl 14:58 3:59 MIQ Server -root 1976 0.6 4.0 507224 303740 ? SNl 15:02 0:03 MIQ: MiqGenericWorker id: 1, queue: generic -root 1984 0.6 4.0 507224 304312 ? SNl 15:02 0:03 MIQ: MiqGenericWorker id: 2, queue: generic -root 1992 0.9 4.0 508252 304888 ? SNl 15:02 0:05 MIQ: MiqPriorityWorker id: 3, queue: generic -root 2000 0.7 4.0 510308 304696 ? SNl 15:02 0:04 MIQ: MiqPriorityWorker id: 4, queue: generic -root 2008 1.2 4.0 514000 303612 ? SNl 15:02 0:07 MIQ: MiqScheduleWorker id: 5 -root 2026 0.2 4.0 517504 303644 ? SNl 15:02 0:01 MIQ: MiqEventHandler id: 6, queue: ems -root 2036 0.2 4.0 518532 303768 ? SNl 15:02 0:01 MIQ: MiqReportingWorker id: 7, queue: reporting -root 2044 0.2 4.0 519560 303812 ? SNl 15:02 0:01 MIQ: MiqReportingWorker id: 8, queue: reporting -root 2059 0.2 4.0 528372 303956 ? SNl 15:02 0:01 puma 3.3.0 (tcp://127.0.0.1:5000) [MIQ: Web Server Worker] -root 2067 0.9 4.0 529664 305716 ? SNl 15:02 0:05 puma 3.3.0 (tcp://127.0.0.1:3000) [MIQ: Web Server Worker] -root 2075 0.2 4.0 529408 304056 ? SNl 15:02 0:01 puma 3.3.0 (tcp://127.0.0.1:4000) [MIQ: Web Server Worker] -root 2329 0.0 0.0 10640 972 ? S+ 15:13 0:00 grep --color=auto -i miq -``` - -Finally, *still in the rsh shell*, to test if the application is -running correctly, we can request the application homepage. If the -page is available the page title will be `ManageIQ: Login`: - -``` -[root@manageiq-0 vmdb]# curl -s -k https://localhost | grep -A2 '<title>' -<title> -ManageIQ: Login -</title> -``` - -**Note:** The `-s` flag makes `curl` operations silent and the `-k` -flag to ignore errors about untrusted certificates. - - - -# Additional Upstream Resources - -Below are some useful resources from the upstream project -documentation. You may find these of value. - -* [Verify Setup Was Successful](https://github.com/ManageIQ/manageiq-pods#verifying-the-setup-was-successful) -* [POD Access And Routes](https://github.com/ManageIQ/manageiq-pods#pod-access-and-routes) -* [Troubleshooting](https://github.com/ManageIQ/manageiq-pods#troubleshooting) - - -# Manual Cleanup - -At this time uninstallation/cleanup is still a manual process. You -will have to follow a few steps to fully remove CFME from your -cluster. - -Delete the project: - -* `oc delete project cfme` - -Delete the PVs: - -* `oc delete pv miq-pv01` -* `oc delete pv miq-pv02` -* `oc delete pv miq-pv03` - -Clean out the old PV data: - -* `cd /exports/` -* `find miq* -type f -delete` -* `find miq* -type d -delete` - -Remove the NFS exports: - -* `rm /etc/exports.d/openshift_cfme.exports` -* `exportfs -ar` - -Delete the user: - -* `oc delete user cfme` - -**NOTE:** The `oc delete project cfme` command will return quickly -however it will continue to operate in the background. Continue -running `oc get project` after you've completed the other steps to -monitor the pods and final project termination progress. diff --git a/roles/openshift_cfme/defaults/main.yml b/roles/openshift_cfme/defaults/main.yml deleted file mode 100644 index b82c2e602..000000000 --- a/roles/openshift_cfme/defaults/main.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Namespace for the CFME project (Note: changed post-3.6 to use -# reserved 'openshift-' namespace prefix) -openshift_cfme_project: openshift-cfme -# Namespace/project description -openshift_cfme_project_description: ManageIQ - CloudForms Management Engine -# Basic user assigned the `admin` role for the project -openshift_cfme_user: cfme -# Project system account for enabling privileged pods -openshift_cfme_service_account: "system:serviceaccount:{{ openshift_cfme_project }}:default" -# All the required exports -openshift_cfme_pv_exports: - - miq-pv01 - - miq-pv02 - - miq-pv03 -# PV template files and their created object names -openshift_cfme_pv_data: - - pv_name: miq-pv01 - pv_template: miq-pv-db.yaml - pv_label: CFME DB PV - - pv_name: miq-pv02 - pv_template: miq-pv-region.yaml - pv_label: CFME Region PV - - pv_name: miq-pv03 - pv_template: miq-pv-server.yaml - pv_label: CFME Server PV - -# Tuning parameter to use more than 5 images at once from an ImageStream -openshift_cfme_maxImagesBulkImportedPerRepository: 100 -# TODO: Refactor '_install_app' variable. This is just for testing but -# maybe in the future it should control the entire yes/no for CFME. -# -# Whether or not the manageiq app should be initialized ('oc new-app -# --template=manageiq). If False everything UP TO 'new-app' is ran. -openshift_cfme_install_app: False -# Docker image to pull -openshift_cfme_application_img_name: "{{ 'registry.access.redhat.com/cloudforms45/cfme-openshift-app' if openshift_deployment_type == 'openshift-enterprise' else 'docker.io/manageiq/manageiq-pods' }}" -openshift_cfme_postgresql_img_name: "{{ 'registry.access.redhat.com/cloudforms45/cfme-openshift-postgresql' if openshift_deployment_type == 'openshift-enterprise' else 'docker.io/manageiq/manageiq-pods' }}" -openshift_cfme_memcached_img_name: "{{ 'registry.access.redhat.com/cloudforms45/cfme-openshift-memcached' if openshift_deployment_type == 'openshift-enterprise' else 'docker.io/manageiq/manageiq-pods' }}" -openshift_cfme_application_img_tag: "{{ 'latest' if openshift_deployment_type == 'openshift-enterprise' else 'app-latest-fine' }}" -openshift_cfme_memcached_img_tag: "{{ 'latest' if openshift_deployment_type == 'openshift-enterprise' else 'memcached-latest-fine' }}" -openshift_cfme_postgresql_img_tag: "{{ 'latest' if openshift_deployment_type == 'openshift-enterprise' else 'postgresql-latest-fine' }}" diff --git a/roles/openshift_cfme/files/miq-template.yaml b/roles/openshift_cfme/files/miq-template.yaml deleted file mode 100644 index 8f0d2af38..000000000 --- a/roles/openshift_cfme/files/miq-template.yaml +++ /dev/null @@ -1,566 +0,0 @@ ---- -path: /tmp/miq-template-out -data: - apiVersion: v1 - kind: Template - labels: - template: manageiq - metadata: - name: manageiq - annotations: - description: "ManageIQ appliance with persistent storage" - tags: "instant-app,manageiq,miq" - iconClass: "icon-rails" - objects: - - apiVersion: v1 - kind: Secret - metadata: - name: "${NAME}-secrets" - stringData: - pg-password: "${DATABASE_PASSWORD}" - - apiVersion: v1 - kind: Service - metadata: - annotations: - description: "Exposes and load balances ManageIQ pods" - service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"},{"name":"${MEMCACHED_SERVICE_NAME}","namespace":"","kind":"Service"}]' - name: ${NAME} - spec: - clusterIP: None - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - selector: - name: ${NAME} - - apiVersion: v1 - kind: Route - metadata: - name: ${NAME} - spec: - host: ${APPLICATION_DOMAIN} - port: - targetPort: https - tls: - termination: passthrough - to: - kind: Service - name: ${NAME} - - apiVersion: v1 - kind: ImageStream - metadata: - name: miq-app - annotations: - description: "Keeps track of the ManageIQ image changes" - spec: - dockerImageRepository: "${APPLICATION_IMG_NAME}" - - apiVersion: v1 - kind: ImageStream - metadata: - name: miq-postgresql - annotations: - description: "Keeps track of the PostgreSQL image changes" - spec: - dockerImageRepository: "${POSTGRESQL_IMG_NAME}" - - apiVersion: v1 - kind: ImageStream - metadata: - name: miq-memcached - annotations: - description: "Keeps track of the Memcached image changes" - spec: - dockerImageRepository: "${MEMCACHED_IMG_NAME}" - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: "${NAME}-${DATABASE_SERVICE_NAME}" - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: ${DATABASE_VOLUME_CAPACITY} - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: "${NAME}-region" - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: ${APPLICATION_REGION_VOLUME_CAPACITY} - - apiVersion: apps/v1beta1 - kind: "StatefulSet" - metadata: - name: ${NAME} - annotations: - description: "Defines how to deploy the ManageIQ appliance" - spec: - serviceName: "${NAME}" - replicas: "${APPLICATION_REPLICA_COUNT}" - template: - metadata: - labels: - name: ${NAME} - name: ${NAME} - spec: - containers: - - name: manageiq - image: "${APPLICATION_IMG_NAME}:${APPLICATION_IMG_TAG}" - livenessProbe: - tcpSocket: - port: 443 - initialDelaySeconds: 480 - timeoutSeconds: 3 - readinessProbe: - httpGet: - path: / - port: 443 - scheme: HTTPS - initialDelaySeconds: 200 - timeoutSeconds: 3 - ports: - - containerPort: 80 - protocol: TCP - - containerPort: 443 - protocol: TCP - securityContext: - privileged: true - volumeMounts: - - - name: "${NAME}-server" - mountPath: "/persistent" - - - name: "${NAME}-region" - mountPath: "/persistent-region" - env: - - - name: "APPLICATION_INIT_DELAY" - value: "${APPLICATION_INIT_DELAY}" - - - name: "DATABASE_SERVICE_NAME" - value: "${DATABASE_SERVICE_NAME}" - - - name: "DATABASE_REGION" - value: "${DATABASE_REGION}" - - - name: "MEMCACHED_SERVICE_NAME" - value: "${MEMCACHED_SERVICE_NAME}" - - - name: "POSTGRESQL_USER" - value: "${DATABASE_USER}" - - - name: "POSTGRESQL_PASSWORD" - valueFrom: - secretKeyRef: - name: "${NAME}-secrets" - key: "pg-password" - - - name: "POSTGRESQL_DATABASE" - value: "${DATABASE_NAME}" - - - name: "POSTGRESQL_MAX_CONNECTIONS" - value: "${POSTGRESQL_MAX_CONNECTIONS}" - - - name: "POSTGRESQL_SHARED_BUFFERS" - value: "${POSTGRESQL_SHARED_BUFFERS}" - resources: - requests: - memory: "${APPLICATION_MEM_REQ}" - cpu: "${APPLICATION_CPU_REQ}" - limits: - memory: "${APPLICATION_MEM_LIMIT}" - lifecycle: - preStop: - exec: - command: - - /opt/manageiq/container-scripts/sync-pv-data - volumes: - - - name: "${NAME}-region" - persistentVolumeClaim: - claimName: ${NAME}-region - volumeClaimTemplates: - - metadata: - name: "${NAME}-server" - annotations: - # Uncomment this if using dynamic volume provisioning. - # https://docs.openshift.org/latest/install_config/persistent_storage/dynamically_provisioning_pvs.html - # volume.alpha.kubernetes.io/storage-class: anything - spec: - accessModes: [ ReadWriteOnce ] - resources: - requests: - storage: "${APPLICATION_VOLUME_CAPACITY}" - - apiVersion: v1 - kind: "Service" - metadata: - name: "${MEMCACHED_SERVICE_NAME}" - annotations: - description: "Exposes the memcached server" - spec: - ports: - - - name: "memcached" - port: 11211 - targetPort: 11211 - selector: - name: "${MEMCACHED_SERVICE_NAME}" - - apiVersion: v1 - kind: "DeploymentConfig" - metadata: - name: "${MEMCACHED_SERVICE_NAME}" - annotations: - description: "Defines how to deploy memcached" - spec: - strategy: - type: "Recreate" - triggers: - - - type: "ImageChange" - imageChangeParams: - automatic: true - containerNames: - - "memcached" - from: - kind: "ImageStreamTag" - name: "miq-memcached:${MEMCACHED_IMG_TAG}" - - - type: "ConfigChange" - replicas: 1 - selector: - name: "${MEMCACHED_SERVICE_NAME}" - template: - metadata: - name: "${MEMCACHED_SERVICE_NAME}" - labels: - name: "${MEMCACHED_SERVICE_NAME}" - spec: - volumes: [] - containers: - - - name: "memcached" - image: "${MEMCACHED_IMG_NAME}:${MEMCACHED_IMG_TAG}" - ports: - - - containerPort: 11211 - readinessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 5 - tcpSocket: - port: 11211 - livenessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 30 - tcpSocket: - port: 11211 - volumeMounts: [] - env: - - - name: "MEMCACHED_MAX_MEMORY" - value: "${MEMCACHED_MAX_MEMORY}" - - - name: "MEMCACHED_MAX_CONNECTIONS" - value: "${MEMCACHED_MAX_CONNECTIONS}" - - - name: "MEMCACHED_SLAB_PAGE_SIZE" - value: "${MEMCACHED_SLAB_PAGE_SIZE}" - resources: - requests: - memory: "${MEMCACHED_MEM_REQ}" - cpu: "${MEMCACHED_CPU_REQ}" - limits: - memory: "${MEMCACHED_MEM_LIMIT}" - - apiVersion: v1 - kind: "Service" - metadata: - name: "${DATABASE_SERVICE_NAME}" - annotations: - description: "Exposes the database server" - spec: - ports: - - - name: "postgresql" - port: 5432 - targetPort: 5432 - selector: - name: "${DATABASE_SERVICE_NAME}" - - apiVersion: v1 - kind: "DeploymentConfig" - metadata: - name: "${DATABASE_SERVICE_NAME}" - annotations: - description: "Defines how to deploy the database" - spec: - strategy: - type: "Recreate" - triggers: - - - type: "ImageChange" - imageChangeParams: - automatic: true - containerNames: - - "postgresql" - from: - kind: "ImageStreamTag" - name: "miq-postgresql:${POSTGRESQL_IMG_TAG}" - - - type: "ConfigChange" - replicas: 1 - selector: - name: "${DATABASE_SERVICE_NAME}" - template: - metadata: - name: "${DATABASE_SERVICE_NAME}" - labels: - name: "${DATABASE_SERVICE_NAME}" - spec: - volumes: - - - name: "miq-pgdb-volume" - persistentVolumeClaim: - claimName: "${NAME}-${DATABASE_SERVICE_NAME}" - containers: - - - name: "postgresql" - image: "${POSTGRESQL_IMG_NAME}:${POSTGRESQL_IMG_TAG}" - ports: - - - containerPort: 5432 - readinessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 15 - exec: - command: - - "/bin/sh" - - "-i" - - "-c" - - "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'" - livenessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 60 - tcpSocket: - port: 5432 - volumeMounts: - - - name: "miq-pgdb-volume" - mountPath: "/var/lib/pgsql/data" - env: - - - name: "POSTGRESQL_USER" - value: "${DATABASE_USER}" - - - name: "POSTGRESQL_PASSWORD" - valueFrom: - secretKeyRef: - name: "${NAME}-secrets" - key: "pg-password" - - - name: "POSTGRESQL_DATABASE" - value: "${DATABASE_NAME}" - - - name: "POSTGRESQL_MAX_CONNECTIONS" - value: "${POSTGRESQL_MAX_CONNECTIONS}" - - - name: "POSTGRESQL_SHARED_BUFFERS" - value: "${POSTGRESQL_SHARED_BUFFERS}" - resources: - requests: - memory: "${POSTGRESQL_MEM_REQ}" - cpu: "${POSTGRESQL_CPU_REQ}" - limits: - memory: "${POSTGRESQL_MEM_LIMIT}" - - parameters: - - - name: "NAME" - displayName: Name - required: true - description: "The name assigned to all of the frontend objects defined in this template." - value: manageiq - - - name: "DATABASE_SERVICE_NAME" - displayName: "PostgreSQL Service Name" - required: true - description: "The name of the OpenShift Service exposed for the PostgreSQL container." - value: "postgresql" - - - name: "DATABASE_USER" - displayName: "PostgreSQL User" - required: true - description: "PostgreSQL user that will access the database." - value: "root" - - - name: "DATABASE_PASSWORD" - displayName: "PostgreSQL Password" - required: true - description: "Password for the PostgreSQL user." - from: "[a-zA-Z0-9]{8}" - generate: expression - - - name: "DATABASE_NAME" - required: true - displayName: "PostgreSQL Database Name" - description: "Name of the PostgreSQL database accessed." - value: "vmdb_production" - - - name: "DATABASE_REGION" - required: true - displayName: "Application Database Region" - description: "Database region that will be used for application." - value: "0" - - - name: "MEMCACHED_SERVICE_NAME" - required: true - displayName: "Memcached Service Name" - description: "The name of the OpenShift Service exposed for the Memcached container." - value: "memcached" - - - name: "MEMCACHED_MAX_MEMORY" - displayName: "Memcached Max Memory" - description: "Memcached maximum memory for memcached object storage in MB." - value: "64" - - - name: "MEMCACHED_MAX_CONNECTIONS" - displayName: "Memcached Max Connections" - description: "Memcached maximum number of connections allowed." - value: "1024" - - - name: "MEMCACHED_SLAB_PAGE_SIZE" - displayName: "Memcached Slab Page Size" - description: "Memcached size of each slab page." - value: "1m" - - - name: "POSTGRESQL_MAX_CONNECTIONS" - displayName: "PostgreSQL Max Connections" - description: "PostgreSQL maximum number of database connections allowed." - value: "100" - - - name: "POSTGRESQL_SHARED_BUFFERS" - displayName: "PostgreSQL Shared Buffer Amount" - description: "Amount of memory dedicated for PostgreSQL shared memory buffers." - value: "256MB" - - - name: "APPLICATION_CPU_REQ" - displayName: "Application Min CPU Requested" - required: true - description: "Minimum amount of CPU time the Application container will need (expressed in millicores)." - value: "1000m" - - - name: "POSTGRESQL_CPU_REQ" - displayName: "PostgreSQL Min CPU Requested" - required: true - description: "Minimum amount of CPU time the PostgreSQL container will need (expressed in millicores)." - value: "500m" - - - name: "MEMCACHED_CPU_REQ" - displayName: "Memcached Min CPU Requested" - required: true - description: "Minimum amount of CPU time the Memcached container will need (expressed in millicores)." - value: "200m" - - - name: "APPLICATION_MEM_REQ" - displayName: "Application Min RAM Requested" - required: true - description: "Minimum amount of memory the Application container will need." - value: "6144Mi" - - - name: "POSTGRESQL_MEM_REQ" - displayName: "PostgreSQL Min RAM Requested" - required: true - description: "Minimum amount of memory the PostgreSQL container will need." - value: "1024Mi" - - - name: "MEMCACHED_MEM_REQ" - displayName: "Memcached Min RAM Requested" - required: true - description: "Minimum amount of memory the Memcached container will need." - value: "64Mi" - - - name: "APPLICATION_MEM_LIMIT" - displayName: "Application Max RAM Limit" - required: true - description: "Maximum amount of memory the Application container can consume." - value: "16384Mi" - - - name: "POSTGRESQL_MEM_LIMIT" - displayName: "PostgreSQL Max RAM Limit" - required: true - description: "Maximum amount of memory the PostgreSQL container can consume." - value: "8192Mi" - - - name: "MEMCACHED_MEM_LIMIT" - displayName: "Memcached Max RAM Limit" - required: true - description: "Maximum amount of memory the Memcached container can consume." - value: "256Mi" - - - name: "POSTGRESQL_IMG_NAME" - displayName: "PostgreSQL Image Name" - description: "This is the PostgreSQL image name requested to deploy." - value: "docker.io/manageiq/manageiq-pods" - - - name: "POSTGRESQL_IMG_TAG" - displayName: "PostgreSQL Image Tag" - description: "This is the PostgreSQL image tag/version requested to deploy." - value: "postgresql-latest-fine" - - - name: "MEMCACHED_IMG_NAME" - displayName: "Memcached Image Name" - description: "This is the Memcached image name requested to deploy." - value: "docker.io/manageiq/manageiq-pods" - - - name: "MEMCACHED_IMG_TAG" - displayName: "Memcached Image Tag" - description: "This is the Memcached image tag/version requested to deploy." - value: "memcached-latest-fine" - - - name: "APPLICATION_IMG_NAME" - displayName: "Application Image Name" - description: "This is the Application image name requested to deploy." - value: "docker.io/manageiq/manageiq-pods" - - - name: "APPLICATION_IMG_TAG" - displayName: "Application Image Tag" - description: "This is the Application image tag/version requested to deploy." - value: "app-latest-fine" - - - name: "APPLICATION_DOMAIN" - displayName: "Application Hostname" - description: "The exposed hostname that will route to the application service, if left blank a value will be defaulted." - value: "" - - - name: "APPLICATION_REPLICA_COUNT" - displayName: "Application Replica Count" - description: "This is the number of Application replicas requested to deploy." - value: "1" - - - name: "APPLICATION_INIT_DELAY" - displayName: "Application Init Delay" - required: true - description: "Delay in seconds before we attempt to initialize the application." - value: "15" - - - name: "APPLICATION_VOLUME_CAPACITY" - displayName: "Application Volume Capacity" - required: true - description: "Volume space available for application data." - value: "5Gi" - - - name: "APPLICATION_REGION_VOLUME_CAPACITY" - displayName: "Application Region Volume Capacity" - required: true - description: "Volume space available for region application data." - value: "5Gi" - - - name: "DATABASE_VOLUME_CAPACITY" - displayName: "Database Volume Capacity" - required: true - description: "Volume space available for database." - value: "15Gi" diff --git a/roles/openshift_cfme/files/openshift_cfme.exports b/roles/openshift_cfme/files/openshift_cfme.exports deleted file mode 100644 index 5457d41fc..000000000 --- a/roles/openshift_cfme/files/openshift_cfme.exports +++ /dev/null @@ -1,3 +0,0 @@ -/exports/miq-pv01 *(rw,no_root_squash,no_wdelay) -/exports/miq-pv02 *(rw,no_root_squash,no_wdelay) -/exports/miq-pv03 *(rw,no_root_squash,no_wdelay) diff --git a/roles/openshift_cfme/handlers/main.yml b/roles/openshift_cfme/handlers/main.yml deleted file mode 100644 index 7e90b09a4..000000000 --- a/roles/openshift_cfme/handlers/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -###################################################################### -# NOTE: These are duplicated from roles/openshift_master/handlers/main.yml -# -# TODO: Use the consolidated 'openshift_handlers' role once it's ready -# See: https://github.com/openshift/openshift-ansible/pull/4041#discussion_r118770782 -###################################################################### - -- name: restart master api - systemd: name={{ openshift.common.service_type }}-master-api state=restarted - when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - notify: Verify API Server - -- name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted - when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - -- name: Verify API Server - # Using curl here since the uri module requires python-httplib2 and - # wait_for port doesn't provide health information. - command: > - curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} - --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} - {{ openshift.master.api_url }}/healthz/ready - args: - # Disables the following warning: - # Consider using get_url or uri module rather than running curl - warn: no - register: api_available_output - until: api_available_output.stdout == 'ok' - retries: 120 - delay: 1 - changed_when: false diff --git a/roles/openshift_cfme/img/CFMEBasicDeployment.png b/roles/openshift_cfme/img/CFMEBasicDeployment.png Binary files differdeleted file mode 100644 index a89c1e325..000000000 --- a/roles/openshift_cfme/img/CFMEBasicDeployment.png +++ /dev/null diff --git a/roles/openshift_cfme/tasks/create_pvs.yml b/roles/openshift_cfme/tasks/create_pvs.yml deleted file mode 100644 index 7fa7d3997..000000000 --- a/roles/openshift_cfme/tasks/create_pvs.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Check for existance and then conditionally: -# - evaluate templates -# - PVs -# -# These tasks idempotently create required CFME PV objects. Do not -# call this file directly. This file is intended to be ran as an -# include that has a 'with_items' attached to it. Hence the use below -# of variables like "{{ item.pv_label }}" - -- name: "Check if the {{ item.pv_label }} template has been created already" - oc_obj: - namespace: "{{ openshift_cfme_project }}" - state: list - kind: pv - name: "{{ item.pv_name }}" - register: miq_pv_check - -# Skip all of this if the PV already exists -- block: - - name: "Ensure the {{ item.pv_label }} template is evaluated" - template: - src: "{{ item.pv_template }}.j2" - dest: "{{ template_dir }}/{{ item.pv_template }}" - - - name: "Ensure {{ item.pv_label }} is created" - oc_obj: - namespace: "{{ openshift_cfme_project }}" - kind: pv - name: "{{ item.pv_name }}" - state: present - delete_after: True - files: - - "{{ template_dir }}/{{ item.pv_template }}" - when: - - not miq_pv_check.results.results.0 diff --git a/roles/openshift_cfme/tasks/main.yml b/roles/openshift_cfme/tasks/main.yml deleted file mode 100644 index 74ae16d91..000000000 --- a/roles/openshift_cfme/tasks/main.yml +++ /dev/null @@ -1,117 +0,0 @@ ---- -###################################################################### -# Users, projects, and privileges - -- name: Ensure the CFME user exists - oc_user: - state: present - username: "{{ openshift_cfme_user }}" - -- name: Ensure the CFME namespace exists with CFME user as admin - oc_project: - state: present - name: "{{ openshift_cfme_project }}" - display_name: "{{ openshift_cfme_project_description }}" - admin: "{{ openshift_cfme_user }}" - -- name: Ensure the CFME namespace service account is privileged - oc_adm_policy_user: - namespace: "{{ openshift_cfme_project }}" - user: "{{ openshift_cfme_service_account }}" - resource_kind: scc - resource_name: privileged - state: present - -###################################################################### -# NFS -# In the case that we are not running on a cloud provider, volumes must be statically provisioned - -- include: nfs.yml - when: not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')) - -###################################################################### -# CFME App Template -# -# Note, this is different from the create_pvs.yml tasks in that the -# application template does not require any jinja2 evaluation. -# -# TODO: Handle the case where the server template is updated in -# openshift-ansible and the change needs to be landed on the managed -# cluster. - -- name: Check if the CFME Server template has been created already - oc_obj: - namespace: "{{ openshift_cfme_project }}" - state: list - kind: template - name: manageiq - register: miq_server_check - -- name: Copy over CFME Server template - copy: - src: miq-template.yaml - dest: "{{ template_dir }}/miq-template.yaml" - -- name: Ensure the server template was read from disk - debug: - var=r_openshift_cfme_miq_template_content - -- name: Ensure CFME Server Template exists - oc_obj: - namespace: "{{ openshift_cfme_project }}" - kind: template - name: "manageiq" - state: present - content: "{{ r_openshift_cfme_miq_template_content }}" - -###################################################################### -# Let's do this - -- name: Ensure the CFME Server is created - oc_process: - namespace: "{{ openshift_cfme_project }}" - template_name: manageiq - create: True - params: - APPLICATION_IMG_NAME: "{{ openshift_cfme_application_img_name }}" - POSTGRESQL_IMG_NAME: "{{ openshift_cfme_postgresql_img_name }}" - MEMCACHED_IMG_NAME: "{{ openshift_cfme_memcached_img_name }}" - APPLICATION_IMG_TAG: "{{ openshift_cfme_application_img_tag }}" - POSTGRESQL_IMG_TAG: "{{ openshift_cfme_postgresql_img_tag }}" - MEMCACHED_IMG_TAG: "{{ openshift_cfme_memcached_img_tag }}" - register: cfme_new_app_process - run_once: True - when: - # User said to install CFME in their inventory - - openshift_cfme_install_app | bool - # # The server app doesn't exist already - # - not miq_server_check.results.results.0 - -- debug: - var: cfme_new_app_process - -###################################################################### -# Various cleanup steps - -# TODO: Not sure what to do about this right now. Might be able to -# just delete it? This currently warns about "Unable to find -# '<TEMP_DIR>' in expected paths." -- name: Ensure the temporary PV/App templates are erased - file: - path: "{{ item }}" - state: absent - with_fileglob: - - "{{ template_dir }}/*.yaml" - -- name: Ensure the temporary PV/app template directory is erased - file: - path: "{{ template_dir }}" - state: absent - -###################################################################### - -- name: Status update - debug: - msg: > - CFME has been deployed. Note that there will be a delay before - it is fully initialized. diff --git a/roles/openshift_cfme/tasks/nfs.yml b/roles/openshift_cfme/tasks/nfs.yml deleted file mode 100644 index ca04628a8..000000000 --- a/roles/openshift_cfme/tasks/nfs.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Tasks to statically provision NFS volumes -# Include if not using dynamic volume provisioning - -- name: Set openshift_cfme_nfs_server fact - when: openshift_cfme_nfs_server is not defined - set_fact: - # Hostname/IP of the NFS server. Currently defaults to first master - openshift_cfme_nfs_server: "{{ oo_nfs_to_config.0 }}" - -- name: Ensure the /exports/ directory exists - file: - path: /exports/ - state: directory - mode: 0755 - owner: root - group: root - -- name: Ensure the miq-pv0X export directories exist - file: - path: "/exports/{{ item }}" - state: directory - mode: 0775 - owner: root - group: root - with_items: "{{ openshift_cfme_pv_exports }}" - -- name: Ensure the NFS exports for CFME PVs exist - copy: - src: openshift_cfme.exports - dest: /etc/exports.d/openshift_cfme.exports - register: nfs_exports_updated - -- name: Ensure the NFS export table is refreshed if exports were added - command: exportfs -ar - when: - - nfs_exports_updated.changed - - -###################################################################### -# Create the required CFME PVs. Check out these online docs if you -# need a refresher on includes looping with items: -# * http://docs.ansible.com/ansible/playbooks_loops.html#loops-and-includes-in-2-0 -# * http://stackoverflow.com/a/35128533 -# -# TODO: Handle the case where a PV template is updated in -# openshift-ansible and the change needs to be landed on the managed -# cluster. - -- include: create_pvs.yml - with_items: "{{ openshift_cfme_pv_data }}" diff --git a/roles/openshift_cfme/tasks/tune_masters.yml b/roles/openshift_cfme/tasks/tune_masters.yml deleted file mode 100644 index 02b0f10bf..000000000 --- a/roles/openshift_cfme/tasks/tune_masters.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Ensure bulk image import limit is tuned - yedit: - src: /etc/origin/master/master-config.yaml - key: 'imagePolicyConfig.maxImagesBulkImportedPerRepository' - value: "{{ openshift_cfme_maxImagesBulkImportedPerRepository | int() }}" - state: present - backup: True - notify: - - restart master - -- meta: flush_handlers diff --git a/roles/openshift_cfme/tasks/uninstall.yml b/roles/openshift_cfme/tasks/uninstall.yml deleted file mode 100644 index 406b59364..000000000 --- a/roles/openshift_cfme/tasks/uninstall.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- include_role: - name: lib_openshift - -- name: Uninstall CFME - ManageIQ - debug: - msg: Uninstalling Cloudforms Management Engine - ManageIQ - -- name: Ensure the CFME project is removed - oc_project: - state: absent - name: "{{ openshift_cfme_project }}" - -- name: Ensure the CFME template is removed - oc_obj: - namespace: "{{ openshift_cfme_project }}" - state: absent - kind: template - name: manageiq - -- name: Ensure the CFME PVs are removed - oc_obj: - state: absent - all_namespaces: True - kind: pv - name: "{{ item }}" - with_items: "{{ openshift_cfme_pv_exports }}" - when: not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')) - -- name: Ensure the CFME user is removed - oc_user: - state: absent - username: "{{ openshift_cfme_user }}" - -- name: Ensure the CFME NFS Exports are removed - file: - path: /etc/exports.d/openshift_cfme.exports - state: absent - register: nfs_exports_removed - when: not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')) - -- name: Ensure the NFS export table is refreshed if exports were removed - command: exportfs -ar - when: - - nfs_exports_removed.changed - - not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')) diff --git a/roles/openshift_cli/library/openshift_container_binary_sync.py b/roles/openshift_cli/library/openshift_container_binary_sync.py index b40c49701..08045794a 100644 --- a/roles/openshift_cli/library/openshift_container_binary_sync.py +++ b/roles/openshift_cli/library/openshift_container_binary_sync.py @@ -36,7 +36,7 @@ class BinarySyncer(object): self.changed = False self.output = [] self.bin_dir = '/usr/local/bin' - self.image = image + self._image = image self.tag = tag self.backend = backend self.temp_dir = None # TBD @@ -142,6 +142,33 @@ class BinarySyncer(object): self.output.append("Moved %s to %s." % (src_path, dest_path)) self.changed = True + @property + def raw_image(self): + """ + Returns the image as it was originally passed in to the instance. + + .. note:: + This image string will only work directly with the atomic command. + + :returns: The original image passed in. + :rtype: str + """ + return self._image + + @property + def image(self): + """ + Returns the image without atomic prefixes used to map to skopeo args. + + :returns: The image string without prefixes + :rtype: str + """ + image = self._image + for remove in ('oci:', 'http:', 'https:'): + if image.startswith(remove): + image = image.replace(remove, '') + return image + def main(): module = AnsibleModule( # noqa: F405 diff --git a/roles/openshift_cli/tasks/main.yml b/roles/openshift_cli/tasks/main.yml index 9e61805f9..14d8a3325 100644 --- a/roles/openshift_cli/tasks/main.yml +++ b/roles/openshift_cli/tasks/main.yml @@ -1,6 +1,9 @@ --- - set_fact: - l_use_crio: "{{ openshift_use_crio | default(false) }}" + l_use_crio_only: "{{ openshift_use_crio_only | default(false) }}" + l_is_system_container_image: "{{ openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool }}" +- set_fact: + l_use_cli_atomic_image: "{{ l_use_crio_only or l_is_system_container_image }}" - name: Install clients package: name={{ openshift.common.service_type }}-clients state=present @@ -20,23 +23,23 @@ backend: "docker" when: - openshift.common.is_containerized | bool - - not l_use_crio + - not l_use_cli_atomic_image | bool - block: - name: Pull CLI Image command: > - atomic pull --storage ostree {{ openshift.common.system_images_registry }}/{{ openshift.common.cli_image }}:{{ openshift_image_tag }} + atomic pull --storage ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.common.cli_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Pulling layer' in pull_result.stdout" - name: Copy client binaries/symlinks out of CLI image for use on the host openshift_container_binary_sync: - image: "{{ openshift.common.system_images_registry }}/{{ openshift.common.cli_image }}" + image: "{{ '' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.common.cli_image }}" tag: "{{ openshift_image_tag }}" backend: "atomic" when: - openshift.common.is_containerized | bool - - l_use_crio + - l_use_cli_atomic_image | bool - name: Reload facts to pick up installed OpenShift version openshift_facts: diff --git a/roles/openshift_cloud_provider/tasks/openstack.yml b/roles/openshift_cloud_provider/tasks/openstack.yml index 5788e6d74..324630491 100644 --- a/roles/openshift_cloud_provider/tasks/openstack.yml +++ b/roles/openshift_cloud_provider/tasks/openstack.yml @@ -1,8 +1,4 @@ --- -- fail: - msg: "The Openstack integration requires OpenShift Enterprise 3.2 or Origin 1.2." - when: not openshift.common.version_gte_3_2_or_1_2 | bool - - name: Create cloud config template: dest: "{{ openshift.common.config_base }}/cloudprovider/openstack.conf" diff --git a/roles/openshift_cluster_autoscaler/README.md b/roles/openshift_cluster_autoscaler/README.md new file mode 100644 index 000000000..d775a8a71 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/README.md @@ -0,0 +1,58 @@ +Openshift cluster autoscaler +================================ + +Install the cluster autoscaler + +Requirements +------------ + +* One or more Master servers +* A cloud provider that supports the cluster-autoscaler + +Role Variables +-------------- +Check defaults/main.yml + +Dependencies +------------ + + +Example Playbook +---------------- + +#!/usr/bin/ansible-playbook +``` +--- +- hosts: masters + gather_facts: no + remote_user: root + tasks: + - name: include role autoscaler + include_role: + name: openshift_cluster_autoscaler + vars: + openshift_clusterid: opstest + openshift_cluster_autoscaler_aws_key: <aws_key> + openshift_cluster_autoscaler_aws_secret_key: <aws_secret_key> +``` + + +Notes +----- + +This is currently experimental software. This role allows users to install the cluster-autoscaler and the necessary authorization pieces that allow the autoscaler to function. + + +This feature requires cloud provider credentials or a serviceaccount that has access to scale up/down nodes within the scaling groups. + +https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Openshift diff --git a/roles/openshift_cluster_autoscaler/defaults/main.yml b/roles/openshift_cluster_autoscaler/defaults/main.yml new file mode 100644 index 000000000..707e3c79b --- /dev/null +++ b/roles/openshift_cluster_autoscaler/defaults/main.yml @@ -0,0 +1,40 @@ +--- +openshift_cluster_autoscaler_name: cluster-autoscaler +openshift_cluster_autoscaler_version: 4 + +openshift_cluster_autoscaler_template_location: /tmp +openshift_cluster_autoscaler_template_name: "{{ openshift_cluster_autoscaler_name }}" + +openshift_cluster_autoscaler_node_selector: + type: infra + +openshift_cluster_autoscaler_state: present +openshift_cluster_autoscaler_namespace: openshift-infra +openshift_cluster_autoscaler_delete_config: True +openshift_cluster_autoscaler_skip_nodes_local_storage: False +openshift_cluster_autoscaler_serviceaccount: cluster-autoscaler +openshift_cluster_autoscaler_region: us-east-1 + +openshift_cluster_autoscaler_image: docker.io/openshift/kubernetes-autoscaler:v0.6.1 + +openshift_cluster_autoscaler_cloud_provider: aws + +# AWS specific variables here +openshift_cluster_autoscaler_aws_creds_name: aws-creds +openshift_cluster_autoscaler_aws_secret_name: autoscaler-credentials +openshift_cluster_autoscaler_aws_creds_path: "/var/run/secrets/{{ openshift_cluster_autoscaler_aws_creds_name }}/creds" +openshift_cluster_autoscaler_aws_env_vars: +- name: AWS_REGION + value: "{{ openshift_cluster_autoscaler_region }}" +- name: AWS_SHARED_CREDENTIALS_FILE + value: "{{ openshift_cluster_autoscaler_aws_creds_path }}" + +## End AWS vars ## + +openshift_cluster_autoscaler_env_vars: [] + + +openshift_cluster_autoscaler_node_groups: +- min: 3 + max: 10 + name: "{{ openshift_cluster_autoscaler_node_group_name | default(openshift_clusterid ~ ' openshift compute') }}" diff --git a/roles/openshift_cluster_autoscaler/files/clusterrole.yml b/roles/openshift_cluster_autoscaler/files/clusterrole.yml new file mode 100644 index 000000000..a4691888a --- /dev/null +++ b/roles/openshift_cluster_autoscaler/files/clusterrole.yml @@ -0,0 +1,41 @@ +--- +apiVersion: v1 +kind: ClusterRole +metadata: + name: system:cluster-autoscaler +rules: +- apiGroups: + - "" + resources: + - nodes + - persistentvolumeclaims + - persistentvolumes + - pods + - replicationcontrollers + - services + verbs: + - get + - list + - watch + attributeRestrictions: null +- apiGroups: + - extensions + - apps + resources: + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list + - watch + attributeRestrictions: null +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + attributeRestrictions: null diff --git a/roles/openshift_cluster_autoscaler/files/role.yml b/roles/openshift_cluster_autoscaler/files/role.yml new file mode 100644 index 000000000..c2abb5435 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/files/role.yml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: Role +metadata: + name: cluster-autoscaler +rules: +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - cluster-autoscaler + - cluster-autoscaler-status + verbs: + - create + - get + - patch + - update + attributeRestrictions: null +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + attributeRestrictions: null +- apiGroups: + - "" + resources: + - events + verbs: + - create + attributeRestrictions: null diff --git a/roles/openshift_cluster_autoscaler/meta/main.yml b/roles/openshift_cluster_autoscaler/meta/main.yml new file mode 100644 index 000000000..d2bbd2576 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: +- lib_openshift diff --git a/roles/openshift_cluster_autoscaler/tasks/aws.yml b/roles/openshift_cluster_autoscaler/tasks/aws.yml new file mode 100644 index 000000000..f08e97ebc --- /dev/null +++ b/roles/openshift_cluster_autoscaler/tasks/aws.yml @@ -0,0 +1,17 @@ +--- +- when: openshift_cluster_autoscaler_cloud_provider == 'aws' + block: + - name: laydown the aws-credentials + template: + src: aws-creds.j2 + dest: "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_aws_creds_name }}" + when: openshift_cluster_autoscaler_state == 'present' + + - name: create the aws creds secret + oc_secret: + state: "{{ openshift_cluster_autoscaler_state }}" + name: "{{ openshift_cluster_autoscaler_aws_secret_name }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + files: + - name: creds + path: "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_aws_creds_name }}" diff --git a/roles/openshift_cluster_autoscaler/tasks/main.yml b/roles/openshift_cluster_autoscaler/tasks/main.yml new file mode 100644 index 000000000..173dcf044 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/tasks/main.yml @@ -0,0 +1,72 @@ +--- +- name: create the cluster-autoscaler serviceaccount + oc_serviceaccount: + name: "{{ openshift_cluster_autoscaler_serviceaccount }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + state: "{{ openshift_cluster_autoscaler_state }}" + +- name: copy the cluster-autoscaler files + copy: + src: "{{ item }}" + dest: "{{ openshift_cluster_autoscaler_template_location }}/{{ item }}" + with_items: + - clusterrole.yml + - role.yml + when: openshift_cluster_autoscaler_state == 'present' + +- name: "Ensure the cluster-autoscaler roles are {{ openshift_cluster_autoscaler_state }}" + oc_obj: + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + state: "{{ openshift_cluster_autoscaler_state }}" + kind: "{{ item.type }}" + name: "{{ item.name }}" + delete_after: "{{ openshift_cluster_autoscaler_delete_config }}" + files: + - "{{ openshift_cluster_autoscaler_template_location }}/{{ item.fname }}" + with_items: + - fname: clusterrole.yml + type: clusterrole + name: "system:{{ openshift_cluster_autoscaler_name }}" + - fname: role.yml + type: role + name: "{{ openshift_cluster_autoscaler_name }}" + +- include: aws.yml + when: openshift_cluster_autoscaler_cloud_provider == 'aws' + +- name: create the policies + oc_adm_policy_user: + state: "{{ openshift_cluster_autoscaler_state }}" + user: "system:serviceaccount:openshift-infra:{{ openshift_cluster_autoscaler_serviceaccount }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + resource_kind: "{{ item.name }}" + resource_name: cluster-autoscaler + role_namespace: "{{ item.role_namespace | default(omit) }}" + with_items: + - name: cluster-role + - name: role + role_namespace: "{{ openshift_cluster_autoscaler_namespace }}" + +- name: "grant cluster-reader to {{ openshift_cluster_autoscaler_serviceaccount }}" + oc_adm_policy_user: + state: "{{ openshift_cluster_autoscaler_state }}" + user: "system:serviceaccount:{{ openshift_cluster_autoscaler_namespace }}:{{ openshift_cluster_autoscaler_serviceaccount }}" + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + resource_name: cluster-reader + resource_kind: cluster-role + +- name: laydown the deployment file for cluster-autoscaler + template: + src: cluster-autoscaler.j2 + dest: "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_template_name }}" + when: openshift_cluster_autoscaler_state == 'present' + +- name: "Ensure the cluster-autoscaler is {{ openshift_cluster_autoscaler_state }}" + oc_obj: + namespace: "{{ openshift_cluster_autoscaler_namespace }}" + state: "{{ openshift_cluster_autoscaler_state }}" + kind: deployment + name: "{{ openshift_cluster_autoscaler_name }}" + delete_after: "{{ openshift_cluster_autoscaler_delete_config }}" + files: + - "{{ openshift_cluster_autoscaler_template_location }}/{{ openshift_cluster_autoscaler_template_name }}" diff --git a/roles/openshift_cluster_autoscaler/templates/aws-creds.j2 b/roles/openshift_cluster_autoscaler/templates/aws-creds.j2 new file mode 100644 index 000000000..28399e652 --- /dev/null +++ b/roles/openshift_cluster_autoscaler/templates/aws-creds.j2 @@ -0,0 +1,3 @@ +[default] +aws_access_key_id = {{ openshift_cluster_autoscaler_aws_key }} +aws_secret_access_key = {{ openshift_cluster_autoscaler_aws_secret_key }} diff --git a/roles/openshift_cluster_autoscaler/templates/cluster-autoscaler.j2 b/roles/openshift_cluster_autoscaler/templates/cluster-autoscaler.j2 new file mode 100644 index 000000000..f76bce37b --- /dev/null +++ b/roles/openshift_cluster_autoscaler/templates/cluster-autoscaler.j2 @@ -0,0 +1,58 @@ +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: {{ openshift_cluster_autoscaler_name }} + name: {{ openshift_cluster_autoscaler_name }} + namespace: {{ openshift_cluster_autoscaler_namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ openshift_cluster_autoscaler_name }} + role: infra + template: + metadata: + labels: + app: {{ openshift_cluster_autoscaler_name }} + role: infra + spec: + containers: + - args: + - --alsologtostderr + - --v={{ openshift_cluster_autoscaler_version }} + - --skip-nodes-with-local-storage={{ openshift_cluster_autoscaler_skip_nodes_local_storage }} + - --leader-elect-resource-lock=configmaps + - --namespace={{ openshift_cluster_autoscaler_namespace }} +{% if openshift_cluster_autoscaler_scale_down_delay is defined %} + - --scale-down-delay={{ openshift_cluster_autoscaler_scale_down_delay }} +{% endif %} + - --cloud-provider={{ openshift_cluster_autoscaler_cloud_provider }} +{% for group in openshift_cluster_autoscaler_node_groups %} + - --nodes={{ group.min }}:{{ group.max }}:{{ group.name }} +{% endfor %} +{% if openshift_cluster_autoscaler_cloud_provider == 'aws' %} + env: {{ openshift_cluster_autoscaler_aws_env_vars | union(openshift_cluster_autoscaler_env_vars) | to_json }} +{% else %} + env: {{ openshift_cluster_autoscaler_env_vars }} +{% endif %} + image: {{ openshift_cluster_autoscaler_image }} + name: autoscaler +{% if openshift_cluster_autoscaler_cloud_provider == 'aws' %} + volumeMounts: + - mountPath: {{ openshift_cluster_autoscaler_aws_creds_path | dirname }} + name: {{ openshift_cluster_autoscaler_aws_creds_name }} + readOnly: true +{% endif %} + nodeSelector: {{ openshift_cluster_autoscaler_node_selector | to_json }} + dnsPolicy: ClusterFirst + serviceAccountName: {{ openshift_cluster_autoscaler_serviceaccount }} + terminationGracePeriodSeconds: 30 +{% if openshift_cluster_autoscaler_cloud_provider == 'aws' %} + volumes: + - name: {{ openshift_cluster_autoscaler_aws_creds_name }} + secret: + defaultMode: 420 + secretName: {{ openshift_cluster_autoscaler_aws_secret_name }} +{% endif %} diff --git a/roles/openshift_default_storage_class/defaults/main.yml b/roles/openshift_default_storage_class/defaults/main.yml index bdece7640..014c06641 100644 --- a/roles/openshift_default_storage_class/defaults/main.yml +++ b/roles/openshift_default_storage_class/defaults/main.yml @@ -13,6 +13,12 @@ openshift_storageclass_defaults: parameters: type: pd-standard + openstack: + name: standard + provisioner: cinder + parameters: + fstype: xfs + openshift_storageclass_default: "true" openshift_storageclass_name: "{{ openshift_storageclass_defaults[openshift_cloudprovider_kind]['name'] }}" openshift_storageclass_provisioner: "{{ openshift_storageclass_defaults[openshift_cloudprovider_kind]['provisioner'] }}" diff --git a/roles/openshift_default_storage_class/tasks/main.yml b/roles/openshift_default_storage_class/tasks/main.yml index 172e2ac25..281ec8ed5 100644 --- a/roles/openshift_default_storage_class/tasks/main.yml +++ b/roles/openshift_default_storage_class/tasks/main.yml @@ -1,5 +1,5 @@ --- -# Install default storage classes in GCE & AWS +# Install default storage classes in GCE & AWS & OPENSTACK - name: Ensure storageclass object oc_storageclass: name: "{{ openshift_storageclass_name }}" diff --git a/roles/openshift_docker_gc/defaults/main.yml b/roles/openshift_docker_gc/defaults/main.yml new file mode 100644 index 000000000..9d79de8a1 --- /dev/null +++ b/roles/openshift_docker_gc/defaults/main.yml @@ -0,0 +1,3 @@ +--- +r_enable_docker_gc: "{{ openshift_crio_enable_docker_gc | default(False) }}" +r_docker_gc_node_selectors: "{{ openshift_crio_docker_gc_node_selector | default({}) }}" diff --git a/roles/openshift_docker_gc/meta/main.yml b/roles/openshift_docker_gc/meta/main.yml new file mode 100644 index 000000000..f88a7c533 --- /dev/null +++ b/roles/openshift_docker_gc/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: OpenShift + description: docker garbage collection + company: Red Hat, Inc + license: ASL 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 +dependencies: +- role: lib_openshift diff --git a/roles/openshift_docker_gc/tasks/main.yaml b/roles/openshift_docker_gc/tasks/main.yaml new file mode 100644 index 000000000..9ba551479 --- /dev/null +++ b/roles/openshift_docker_gc/tasks/main.yaml @@ -0,0 +1,27 @@ +--- +- name: Create docker-gc tempdir + command: mktemp -d + register: templates_tmpdir + +# NOTE: oc_adm_policy_user does not support -z (yet) +- name: Add dockergc as priviledged + shell: oc adm policy add-scc-to-user -z dockergc privileged +# oc_adm_policy_user: +# user: dockergc +# resource_kind: scc +# resource_name: privileged +# state: present + +- name: Create dockergc DaemonSet + become: yes + template: + src: dockergc-ds.yaml.j2 + dest: "{{ templates_tmpdir.stdout }}/dockergc-ds.yaml" + +- name: Apply dockergc DaemonSet + oc_obj: + state: present + kind: DaemonSet + name: "dockergc" + files: + - "{{ templates_tmpdir.stdout }}/dockergc-ds.yaml" diff --git a/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 b/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 new file mode 100644 index 000000000..53e8b448b --- /dev/null +++ b/roles/openshift_docker_gc/templates/dockergc-ds.yaml.j2 @@ -0,0 +1,58 @@ +apiVersion: v1 +kind: List +items: +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: dockergc + # You must grant privileged via: oadm policy add-scc-to-user -z dockergc privileged + # in order for the dockergc to access the docker socket and root directory +- apiVersion: extensions/v1beta1 + kind: DaemonSet + metadata: + name: dockergc + labels: + app: dockergc + spec: + template: + metadata: + labels: + app: dockergc + name: dockergc + spec: +{# Only set nodeSelector if the dict is not empty #} +{% if r_docker_gc_node_selectors %} + nodeSelector: +{% for k,v in r_docker_gc_node_selectors.items() %} + {{ k }}: {{ v }}{% endfor %}{% endif %} + + serviceAccountName: dockergc + containers: + - image: openshift/origin:latest + args: + - "ex" + - "dockergc" + - "--image-gc-low-threshold=60" + - "--image-gc-high-threshold=80" + - "--minimum-ttl-duration=1h0m0s" + securityContext: + privileged: true + name: dockergc + resources: + requests: + memory: 30Mi + cpu: 50m + volumeMounts: + - name: docker-root + readOnly: true + mountPath: /var/lib/docker + - name: docker-socket + readOnly: false + mountPath: /var/run/docker.sock + volumes: + - name: docker-root + hostPath: + path: /var/lib/docker + - name: docker-socket + hostPath: + path: /var/run/docker.sock diff --git a/roles/openshift_etcd_facts/vars/main.yml b/roles/openshift_etcd_facts/vars/main.yml index b3ecd57a6..0c072b64a 100644 --- a/roles/openshift_etcd_facts/vars/main.yml +++ b/roles/openshift_etcd_facts/vars/main.yml @@ -6,6 +6,5 @@ etcd_ip: "{{ openshift.common.ip }}" etcd_cert_subdir: "etcd-{{ openshift.common.hostname }}" etcd_cert_prefix: etcd_cert_config_dir: "/etc/etcd" -etcd_system_container_cert_config_dir: /var/lib/etcd/etcd.etcd/etc etcd_peer_url_scheme: https etcd_url_scheme: https diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index fc4b56bbf..e623b33f3 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -10,10 +10,12 @@ content_version: "{{ openshift.common.examples_content_version }}" examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples" image_streams_base: "{{ examples_base }}/image-streams" -centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" +centos_image_streams: + - "{{ image_streams_base }}/image-streams-centos7.json" + - "{{ image_streams_base }}/dotnet_imagestreams_centos.json" rhel_image_streams: - - "{{ image_streams_base}}/image-streams-rhel7.json" - - "{{ image_streams_base}}/dotnet_imagestreams.json" + - "{{ image_streams_base }}/image-streams-rhel7.json" + - "{{ image_streams_base }}/dotnet_imagestreams.json" db_templates_base: "{{ examples_base }}/db-templates" xpaas_image_streams: "{{ examples_base }}/xpaas-streams/" xpaas_templates_base: "{{ examples_base }}/xpaas-templates" diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index ca3f219d8..1d5fba990 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -5,7 +5,7 @@ # # This script should be run from openshift-ansible/roles/openshift_examples -XPAAS_VERSION=ose-v1.4.1 +XPAAS_VERSION=ose-v1.4.6 ORIGIN_VERSION=${1:-v3.7} RHAMP_TAG=2.0.0.GA EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} @@ -38,6 +38,7 @@ find 3scale-amp-openshift-templates-${RHAMP_TAG}/ -name '*.yml' -exec mv {} ${EX popd wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json +wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams_centos.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams_centos.json wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-example.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-example.json wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-pgsql-persistent.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-pgsql-persistent.json wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-runtime-example.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-runtime-example.json diff --git a/roles/openshift_examples/files/examples/latest b/roles/openshift_examples/files/examples/latest index 7658d1015..8ddcf661c 120000 --- a/roles/openshift_examples/files/examples/latest +++ b/roles/openshift_examples/files/examples/latest @@ -1 +1 @@ -v3.7
\ No newline at end of file +v3.8
\ No newline at end of file diff --git a/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams_centos.json b/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams_centos.json new file mode 100644 index 000000000..79afc355b --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams_centos.json @@ -0,0 +1,104 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .NET Core on CentOS" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core Builder Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0", + "description": "Build and run .NET Core 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnet20", + "supports":"dotnet:2.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-runtime", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime (Latest)", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core Runtime available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0 Runtime", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-runtime-centos7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.6/image-streams/dotnet_imagestreams_centos.json b/roles/openshift_examples/files/examples/v3.6/image-streams/dotnet_imagestreams_centos.json new file mode 100644 index 000000000..79afc355b --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.6/image-streams/dotnet_imagestreams_centos.json @@ -0,0 +1,104 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .NET Core on CentOS" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core Builder Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0", + "description": "Build and run .NET Core 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnet20", + "supports":"dotnet:2.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-runtime", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime (Latest)", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core Runtime available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0 Runtime", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-runtime-centos7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json index 0bb56452b..af66b9ea4 100644 --- a/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v3.6/xpaas-streams/jboss-image-streams.json @@ -31,6 +31,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.1" } }, { @@ -44,6 +48,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2" } }, { @@ -56,6 +64,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.3" } } ] @@ -84,6 +96,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.1" } }, { @@ -97,6 +113,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.2" } }, { @@ -109,6 +129,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.3" } } ] @@ -137,6 +161,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.0" } } ] @@ -165,6 +193,10 @@ "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.0" } } ] @@ -194,6 +226,10 @@ "sampleRef": "6.4.x", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.1" } }, { @@ -208,6 +244,10 @@ "sampleRef": "6.4.x", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.2" } }, { @@ -222,6 +262,10 @@ "sampleRef": "6.4.x", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.3" } }, { @@ -236,6 +280,10 @@ "sampleRef": "6.4.x", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.4" } }, { @@ -248,7 +296,12 @@ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.5" } } ] @@ -278,6 +331,10 @@ "sampleRef": "7.0.0.GA", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.3" } }, { @@ -292,6 +349,10 @@ "sampleRef": "7.0.0.GA", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.4" } }, { @@ -304,7 +365,44 @@ "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "7.0.0.GA", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.5" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-eap71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss EAP 7.1" + } + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-eap-7/eap71-openshift", + "tags": [ + { + "name": "1.0-TP", + "annotations": { + "description": "JBoss EAP 7.1 Tech Preview.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.1,javaee:7,java:8,xpaas:1.0", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7-tech-preview/eap71-openshift:1.0" } } ] @@ -334,6 +432,10 @@ "sampleRef": "1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2" } } ] @@ -363,6 +465,10 @@ "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.3" } }, { @@ -375,7 +481,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.4" } } ] @@ -400,7 +511,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.0" } } ] @@ -430,6 +546,10 @@ "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.3" } }, { @@ -442,7 +562,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.4" } } ] @@ -467,7 +592,12 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.0" } } ] @@ -494,6 +624,10 @@ "supports": "datagrid:6.5,xpaas:1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.2" } }, { @@ -505,6 +639,10 @@ "supports": "datagrid:6.5,xpaas:1.4", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.3" } }, { @@ -514,7 +652,42 @@ "iconClass": "icon-jboss", "tags": "datagrid,jboss,xpaas", "supports":"datagrid:6.5,xpaas:1.4", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.4" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + } + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 S2I images.", + "iconClass": "icon-jboss", + "tags": "datagrid,jboss,xpaas", + "supports": "datagrid:7.1,xpaas:1.0", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.0" } } ] @@ -540,6 +713,39 @@ "tags": "client,jboss,xpaas", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-client-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP" + } + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 Client Modules for EAP.", + "iconClass": "icon-jboss", + "tags": "client,jboss,xpaas", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift:1.0" } } ] @@ -566,6 +772,10 @@ "supports": "datavirt:6.3,xpaas:1.4", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.0" } }, { @@ -577,6 +787,10 @@ "supports": "datavirt:6.3,xpaas:1.4", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.1" } }, { @@ -586,7 +800,12 @@ "iconClass": "icon-jboss", "tags": "datavirt,jboss,xpaas", "supports":"datavirt:6.3,xpaas:1.4", - "version": "1.2" + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.2" } } ] @@ -612,6 +831,10 @@ "tags": "client,jboss,xpaas", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.0" } } ] @@ -638,6 +861,10 @@ "supports": "amq:6.2,messaging,xpaas:1.1", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.1" } }, { @@ -649,6 +876,10 @@ "supports": "amq:6.2,messaging,xpaas:1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.2" } }, { @@ -660,6 +891,10 @@ "supports": "amq:6.2,messaging,xpaas:1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.3" } }, { @@ -669,7 +904,27 @@ "iconClass": "icon-jboss", "tags": "messaging,amq,jboss,xpaas", "supports":"amq:6.2,messaging,xpaas:1.4", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.4" + } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "supports":"amq:6.2,messaging,xpaas:1.5", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.5" } } ] @@ -696,6 +951,25 @@ "supports": "amq:6.3,messaging,xpaas:1.0", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss A-MQ 6.3 broker image.", + "iconClass": "icon-jboss", + "tags": "messaging,amq,jboss,xpaas", + "supports": "amq:6.3,messaging,xpaas:1.1", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.1" } } ] @@ -723,6 +997,10 @@ "supports": "sso:7.0,xpaas:1.3", "version": "1.3", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.3" } }, { @@ -734,6 +1012,10 @@ "supports": "sso:7.0,xpaas:1.4", "version": "1.4", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.4" } } ] @@ -761,6 +1043,10 @@ "supports": "sso:7.1,xpaas:1.4", "version": "1.0", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.0" } }, { @@ -772,6 +1058,10 @@ "supports": "sso:7.1,xpaas:1.4", "version": "1.1", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1" } } ] @@ -800,6 +1090,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.0" } }, { @@ -813,6 +1107,10 @@ "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.1" } } ] diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-ephemeral-template.json index 6500ed0d3..5e7585eeb 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "MariaDB database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mariadb", "tags": "database,mariadb", - "template.openshift.io/long-description": "This template provides a standalone MariaDB server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MariaDB server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-persistent-template.json index 4378fa4a0..217ef11dd 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mariadb-persistent-template.json @@ -8,10 +8,10 @@ "description": "MariaDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mariadb", "tags": "database,mariadb", - "template.openshift.io/long-description": "This template provides a standalone MariaDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MariaDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-ephemeral-template.json index 7271a2c69..10f202c59 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "MongoDB database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mongodb", "tags": "database,mongodb", - "template.openshift.io/long-description": "This template provides a standalone MongoDB server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mongodb.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MongoDB server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mongodb.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MONGODB_USER}\n Password: ${MONGODB_PASSWORD}\n Database Name: ${MONGODB_DATABASE}\n Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-persistent-template.json index d70d2263f..97e4128a4 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mongodb-persistent-template.json @@ -8,10 +8,10 @@ "description": "MongoDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mongodb", "tags": "database,mongodb", - "template.openshift.io/long-description": "This template provides a standalone MongoDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mongodb.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MongoDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mongodb.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MONGODB_USER}\n Password: ${MONGODB_PASSWORD}\n Database Name: ${MONGODB_DATABASE}\n Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-ephemeral-template.json index 54785993c..c0946416d 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "MySQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-mysql-database", "tags": "database,mysql", - "template.openshift.io/long-description": "This template provides a standalone MySQL server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mysql.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MySQL server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mysql.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-persistent-template.json index 2bd84b106..48ac114fd 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/mysql-persistent-template.json @@ -8,10 +8,10 @@ "description": "MySQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-mysql-database", "tags": "database,mysql", - "template.openshift.io/long-description": "This template provides a standalone MySQL server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mysql.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone MySQL server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mysql.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-ephemeral-template.json index 849c9d83f..7c419f1ae 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "PostgreSQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-postgresql", "tags": "database,postgresql", - "template.openshift.io/long-description": "This template provides a standalone PostgreSQL server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/postgresql.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone PostgreSQL server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/postgresql.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${POSTGRESQL_USER}\n Password: ${POSTGRESQL_PASSWORD}\n Database Name: ${POSTGRESQL_DATABASE}\n Connection URL: postgresql://${DATABASE_SERVICE_NAME}:5432/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-persistent-template.json index b622baa01..8a2d23907 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/postgresql-persistent-template.json @@ -8,10 +8,10 @@ "description": "PostgreSQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-postgresql", "tags": "database,postgresql", - "template.openshift.io/long-description": "This template provides a standalone PostgreSQL server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/postgresql.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone PostgreSQL server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/postgresql.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${POSTGRESQL_USER}\n Password: ${POSTGRESQL_PASSWORD}\n Database Name: ${POSTGRESQL_DATABASE}\n Connection URL: postgresql://${DATABASE_SERVICE_NAME}:5432/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/redis-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/redis-ephemeral-template.json index 15bdd079b..ee60af9db 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/redis-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/redis-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "Redis in-memory data structure store, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", "iconClass": "icon-redis", "tags": "database,redis", - "template.openshift.io/long-description": "This template provides a standalone Redis server. The data is not stored on persistent storage, so any restart of the service will result in all data being lost.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/sclorg/redis-container/tree/master/3.2", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone Redis server. The data is not stored on persistent storage, so any restart of the service will result in all data being lost.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/redis-container/tree/master/3.2", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Password: ${REDIS_PASSWORD}\n Connection URL: redis://${DATABASE_SERVICE_NAME}:6379/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.", diff --git a/roles/openshift_examples/files/examples/v3.7/db-templates/redis-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/db-templates/redis-persistent-template.json index 1e31b02e0..e0e0a88d5 100644 --- a/roles/openshift_examples/files/examples/v3.7/db-templates/redis-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/db-templates/redis-persistent-template.json @@ -8,10 +8,10 @@ "description": "Redis in-memory data structure store, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.\n\nNOTE: You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-redis", "tags": "database,redis", - "template.openshift.io/long-description": "This template provides a standalone Redis server. The data is stored on persistent storage.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/sclorg/redis-container/tree/master/3.2", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template provides a standalone Redis server. The data is stored on persistent storage.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/redis-container/tree/master/3.2", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Password: ${REDIS_PASSWORD}\n Connection URL: redis://${DATABASE_SERVICE_NAME}:6379/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.", diff --git a/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json b/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json new file mode 100644 index 000000000..79afc355b --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/image-streams/dotnet_imagestreams_centos.json @@ -0,0 +1,104 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .NET Core on CentOS" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core Builder Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0", + "description": "Build and run .NET Core 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnet20", + "supports":"dotnet:2.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-runtime", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime (Latest)", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core Runtime available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0 Runtime", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-runtime-centos7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-centos7.json index 6cef21945..e7af160d9 100644 --- a/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-centos7.json +++ b/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-centos7.json @@ -9,7 +9,7 @@ "metadata": { "name": "httpd", "annotations": { - "openshift.io/display-name": "Httpd" + "openshift.io/display-name": "Apache HTTP Server (httpd)" } }, "spec": { @@ -17,8 +17,9 @@ { "name": "latest", "annotations": { - "openshift.io/display-name": "Httpd (Latest)", - "description": "Build and serve static content via Httpd on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Httpd available on OpenShift, including major versions updates.", + "openshift.io/display-name": "Apache HTTP Server (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Httpd available on OpenShift, including major versions updates.", "iconClass": "icon-apache", "tags": "builder,httpd", "supports":"httpd", @@ -32,8 +33,9 @@ { "name": "2.4", "annotations": { - "openshift.io/display-name": "Httpd 2.4", - "description": "Build and serve static content via Httpd on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.", + "openshift.io/display-name": "Apache HTTP Server 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) 2.4 on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.", "iconClass": "icon-apache", "tags": "builder,httpd", "supports":"httpd", @@ -63,6 +65,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Ruby (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.3/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -71,13 +74,14 @@ }, "from": { "kind": "ImageStreamTag", - "name": "2.3" + "name": "2.4" } }, { "name": "2.0", "annotations": { "openshift.io/display-name": "Ruby 2.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", "iconClass": "icon-ruby", "tags": "hidden,builder,ruby", @@ -94,6 +98,7 @@ "name": "2.2", "annotations": { "openshift.io/display-name": "Ruby 2.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.2 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.2/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -110,6 +115,7 @@ "name": "2.3", "annotations": { "openshift.io/display-name": "Ruby 2.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.3/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -121,6 +127,23 @@ "kind": "DockerImage", "name": "centos/ruby-23-centos7:latest" } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "Ruby 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.4/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.4,ruby", + "version": "2.4", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/ruby-24-centos7:latest" + } } ] } @@ -140,6 +163,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Node.js (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -155,6 +179,7 @@ "name": "0.10", "annotations": { "openshift.io/display-name": "Node.js 0.10", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "DEPRECATED: Build and run Node.js 0.10 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", "iconClass": "icon-nodejs", "tags": "hidden,nodejs", @@ -171,6 +196,7 @@ "name": "4", "annotations": { "openshift.io/display-name": "Node.js 4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js 4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -187,6 +213,7 @@ "name": "6", "annotations": { "openshift.io/display-name": "Node.js 6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js 6 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/6/README.md.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -217,6 +244,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Perl (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -232,6 +260,7 @@ "name": "5.16", "annotations": { "openshift.io/display-name": "Perl 5.16", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.16 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", "iconClass": "icon-perl", "tags": "hidden,builder,perl", @@ -248,6 +277,7 @@ "name": "5.20", "annotations": { "openshift.io/display-name": "Perl 5.20", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.20 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -264,6 +294,7 @@ "name": "5.24", "annotations": { "openshift.io/display-name": "Perl 5.24", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.24 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -294,6 +325,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PHP (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", "iconClass": "icon-php", "tags": "builder,php", @@ -309,6 +341,7 @@ "name": "5.5", "annotations": { "openshift.io/display-name": "PHP 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 5.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", "iconClass": "icon-php", "tags": "hidden,builder,php", @@ -325,6 +358,7 @@ "name": "5.6", "annotations": { "openshift.io/display-name": "PHP 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 5.6 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.", "iconClass": "icon-php", "tags": "builder,php", @@ -341,6 +375,7 @@ "name": "7.0", "annotations": { "openshift.io/display-name": "PHP 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 7.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", "iconClass": "icon-php", "tags": "builder,php", @@ -371,6 +406,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Python (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", "iconClass": "icon-python", "tags": "builder,python", @@ -386,6 +422,7 @@ "name": "3.3", "annotations": { "openshift.io/display-name": "Python 3.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", "iconClass": "icon-python", "tags": "hidden,builder,python", @@ -402,6 +439,7 @@ "name": "2.7", "annotations": { "openshift.io/display-name": "Python 2.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 2.7 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -418,6 +456,7 @@ "name": "3.4", "annotations": { "openshift.io/display-name": "Python 3.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.4/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -434,6 +473,7 @@ "name": "3.5", "annotations": { "openshift.io/display-name": "Python 3.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -464,6 +504,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "WildFly (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run WildFly applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of WildFly available on OpenShift, including major versions updates.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", @@ -479,6 +520,7 @@ "name": "8.1", "annotations": { "openshift.io/display-name": "WildFly 8.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run WildFly 8.1 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", @@ -495,6 +537,7 @@ "name": "9.0", "annotations": { "openshift.io/display-name": "WildFly 9.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run WildFly 9.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", @@ -511,6 +554,7 @@ "name": "10.0", "annotations": { "openshift.io/display-name": "WildFly 10.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run WildFly 10.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", @@ -527,6 +571,7 @@ "name": "10.1", "annotations": { "openshift.io/display-name": "WildFly 10.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run WildFly 10.1 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", "iconClass": "icon-wildfly", "tags": "builder,wildfly,java", @@ -557,6 +602,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MySQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", "iconClass": "icon-mysql-database", "tags": "mysql" @@ -570,6 +616,7 @@ "name": "5.5", "annotations": { "openshift.io/display-name": "MySQL 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", "iconClass": "icon-mysql-database", "tags": "hidden,mysql", @@ -584,6 +631,7 @@ "name": "5.6", "annotations": { "openshift.io/display-name": "MySQL 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.6 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.", "iconClass": "icon-mysql-database", "tags": "mysql", @@ -598,6 +646,7 @@ "name": "5.7", "annotations": { "openshift.io/display-name": "MySQL 5.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.7 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", "iconClass": "icon-mysql-database", "tags": "mysql", @@ -626,6 +675,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MariaDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MariaDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", "iconClass": "icon-mariadb", "tags": "mariadb" @@ -639,6 +689,7 @@ "name": "10.1", "annotations": { "openshift.io/display-name": "MariaDB 10.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MariaDB 10.1 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.", "iconClass": "icon-mariadb", "tags": "mariadb", @@ -667,6 +718,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PostgreSQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", "iconClass": "icon-postgresql", "tags": "postgresql" @@ -680,6 +732,7 @@ "name": "9.2", "annotations": { "openshift.io/display-name": "PostgreSQL 9.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", "iconClass": "icon-postgresql", "tags": "hidden,postgresql", @@ -694,6 +747,7 @@ "name": "9.4", "annotations": { "openshift.io/display-name": "PostgreSQL 9.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.4.", "iconClass": "icon-postgresql", "tags": "postgresql", @@ -708,6 +762,7 @@ "name": "9.5", "annotations": { "openshift.io/display-name": "PostgreSQL 9.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.", "iconClass": "icon-postgresql", "tags": "postgresql", @@ -736,6 +791,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MongoDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", "iconClass": "icon-mongodb", "tags": "mongodb" @@ -749,6 +805,7 @@ "name": "2.4", "annotations": { "openshift.io/display-name": "MongoDB 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 2.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", "iconClass": "icon-mongodb", "tags": "hidden,mongodb", @@ -763,6 +820,7 @@ "name": "2.6", "annotations": { "openshift.io/display-name": "MongoDB 2.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 2.6 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.6/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", @@ -777,6 +835,7 @@ "name": "3.2", "annotations": { "openshift.io/display-name": "MongoDB 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", @@ -805,6 +864,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Redis (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Redis database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", "iconClass": "icon-redis", "tags": "redis" @@ -818,6 +878,7 @@ "name": "3.2", "annotations": { "openshift.io/display-name": "Redis 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Redis 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", "iconClass": "icon-redis", "tags": "redis", @@ -846,6 +907,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Jenkins (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", "iconClass": "icon-jenkins", "tags": "jenkins" @@ -859,6 +921,7 @@ "name": "1", "annotations": { "openshift.io/display-name": "Jenkins 1.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins 1.X server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", "tags": "hidden,jenkins", @@ -873,6 +936,7 @@ "name": "2", "annotations": { "openshift.io/display-name": "Jenkins 2.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins v2.x server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", "tags": "jenkins", diff --git a/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-rhel7.json index abdae01e3..2b082fc75 100644 --- a/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-rhel7.json +++ b/roles/openshift_examples/files/examples/v3.7/image-streams/image-streams-rhel7.json @@ -9,7 +9,7 @@ "metadata": { "name": "httpd", "annotations": { - "openshift.io/display-name": "Httpd" + "openshift.io/display-name": "Apache HTTP Server (httpd)" } }, "spec": { @@ -17,8 +17,9 @@ { "name": "latest", "annotations": { - "openshift.io/display-name": "Httpd (Latest)", - "description": "Build and serve static content via Httpd on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Httpd available on OpenShift, including major versions updates.", + "openshift.io/display-name": "Apache HTTP Server (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Httpd available on OpenShift, including major versions updates.", "iconClass": "icon-apache", "tags": "builder,httpd", "supports":"httpd", @@ -32,8 +33,9 @@ { "name": "2.4", "annotations": { - "openshift.io/display-name": "Httpd 2.4", - "description": "Build and serve static content via Httpd on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.", + "openshift.io/display-name": "Apache HTTP Server 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) 2.4 on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.", "iconClass": "icon-apache", "tags": "builder,httpd", "supports":"httpd", @@ -63,6 +65,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Ruby (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.3/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -71,13 +74,14 @@ }, "from": { "kind": "ImageStreamTag", - "name": "2.3" + "name": "2.4" } }, { "name": "2.0", "annotations": { "openshift.io/display-name": "Ruby 2.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", "iconClass": "icon-ruby", "tags": "hidden,builder,ruby", @@ -94,6 +98,7 @@ "name": "2.2", "annotations": { "openshift.io/display-name": "Ruby 2.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.2 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.2/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -110,6 +115,7 @@ "name": "2.3", "annotations": { "openshift.io/display-name": "Ruby 2.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Ruby 2.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.3/README.md.", "iconClass": "icon-ruby", "tags": "builder,ruby", @@ -121,6 +127,23 @@ "kind": "DockerImage", "name": "registry.access.redhat.com/rhscl/ruby-23-rhel7:latest" } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "Ruby 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.4/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.4,ruby", + "version": "2.4", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/ruby-24-rhel7:latest" + } } ] } @@ -140,6 +163,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Node.js (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -155,6 +179,7 @@ "name": "0.10", "annotations": { "openshift.io/display-name": "Node.js 0.10", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "DEPRECATED: Build and run Node.js 0.10 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", "iconClass": "icon-nodejs", "tags": "hidden,nodejs", @@ -171,6 +196,7 @@ "name": "4", "annotations": { "openshift.io/display-name": "Node.js 4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js 4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -187,6 +213,7 @@ "name": "6", "annotations": { "openshift.io/display-name": "Node.js 6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Node.js 6 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container.", "iconClass": "icon-nodejs", "tags": "builder,nodejs", @@ -217,6 +244,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Perl (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -232,6 +260,7 @@ "name": "5.16", "annotations": { "openshift.io/display-name": "Perl 5.16", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.16 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", "iconClass": "icon-perl", "tags": "hidden,builder,perl", @@ -248,6 +277,7 @@ "name": "5.20", "annotations": { "openshift.io/display-name": "Perl 5.20", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.20 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -264,6 +294,7 @@ "name": "5.24", "annotations": { "openshift.io/display-name": "Perl 5.24", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Perl 5.24 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", "iconClass": "icon-perl", "tags": "builder,perl", @@ -294,6 +325,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PHP (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", "iconClass": "icon-php", "tags": "builder,php", @@ -309,6 +341,7 @@ "name": "5.5", "annotations": { "openshift.io/display-name": "PHP 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 5.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", "iconClass": "icon-php", "tags": "hidden,builder,php", @@ -325,6 +358,7 @@ "name": "5.6", "annotations": { "openshift.io/display-name": "PHP 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 5.6 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.", "iconClass": "icon-php", "tags": "builder,php", @@ -341,6 +375,7 @@ "name": "7.0", "annotations": { "openshift.io/display-name": "PHP 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run PHP 7.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", "iconClass": "icon-php", "tags": "builder,php", @@ -371,6 +406,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Python (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", "iconClass": "icon-python", "tags": "builder,python", @@ -386,6 +422,7 @@ "name": "3.3", "annotations": { "openshift.io/display-name": "Python 3.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", "iconClass": "icon-python", "tags": "hidden,builder,python", @@ -402,6 +439,7 @@ "name": "2.7", "annotations": { "openshift.io/display-name": "Python 2.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 2.7 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -418,6 +456,7 @@ "name": "3.4", "annotations": { "openshift.io/display-name": "Python 3.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.4/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -434,6 +473,7 @@ "name": "3.5", "annotations": { "openshift.io/display-name": "Python 3.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Build and run Python 3.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.", "iconClass": "icon-python", "tags": "builder,python", @@ -464,6 +504,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MySQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", "iconClass": "icon-mysql-database", "tags": "mysql" @@ -477,6 +518,7 @@ "name": "5.5", "annotations": { "openshift.io/display-name": "MySQL 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", "iconClass": "icon-mysql-database", "tags": "hidden,mysql", @@ -491,6 +533,7 @@ "name": "5.6", "annotations": { "openshift.io/display-name": "MySQL 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.6 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.", "iconClass": "icon-mysql-database", "tags": "mysql", @@ -505,6 +548,7 @@ "name": "5.7", "annotations": { "openshift.io/display-name": "MySQL 5.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MySQL 5.7 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", "iconClass": "icon-mysql-database", "tags": "mysql", @@ -533,6 +577,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MariaDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MariaDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", "iconClass": "icon-mariadb", "tags": "mariadb" @@ -546,6 +591,7 @@ "name": "10.1", "annotations": { "openshift.io/display-name": "MariaDB 10.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MariaDB 10.1 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.", "iconClass": "icon-mariadb", "tags": "mariadb", @@ -574,6 +620,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "PostgreSQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", "iconClass": "icon-postgresql", "tags": "postgresql" @@ -587,6 +634,7 @@ "name": "9.2", "annotations": { "openshift.io/display-name": "PostgreSQL 9.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", "iconClass": "icon-postgresql", "tags": "hidden,postgresql", @@ -601,6 +649,7 @@ "name": "9.4", "annotations": { "openshift.io/display-name": "PostgreSQL 9.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.4.", "iconClass": "icon-postgresql", "tags": "postgresql", @@ -615,6 +664,7 @@ "name": "9.5", "annotations": { "openshift.io/display-name": "PostgreSQL 9.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a PostgreSQL 9.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.", "iconClass": "icon-postgresql", "tags": "postgresql", @@ -643,6 +693,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "MongoDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", "iconClass": "icon-mongodb", "tags": "mongodb" @@ -656,6 +707,7 @@ "name": "2.4", "annotations": { "openshift.io/display-name": "MongoDB 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 2.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", "iconClass": "icon-mongodb", "tags": "hidden,mongodb", @@ -670,6 +722,7 @@ "name": "2.6", "annotations": { "openshift.io/display-name": "MongoDB 2.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 2.6 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.6/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", @@ -684,6 +737,7 @@ "name": "3.2", "annotations": { "openshift.io/display-name": "MongoDB 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a MongoDB 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.", "iconClass": "icon-mongodb", "tags": "mongodb", @@ -712,6 +766,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Redis (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Redis database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", "iconClass": "icon-redis", "tags": "redis" @@ -725,6 +780,7 @@ "name": "3.2", "annotations": { "openshift.io/display-name": "Redis 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Redis 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", "iconClass": "icon-redis", "tags": "redis", @@ -753,6 +809,7 @@ "name": "latest", "annotations": { "openshift.io/display-name": "Jenkins (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", "iconClass": "icon-jenkins", "tags": "jenkins" @@ -766,6 +823,7 @@ "name": "1", "annotations": { "openshift.io/display-name": "Jenkins 1.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins 1.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", "tags": "hidden,jenkins", @@ -780,6 +838,7 @@ "name": "2", "annotations": { "openshift.io/display-name": "Jenkins 2.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Provides a Jenkins 2.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", "iconClass": "icon-jenkins", "tags": "jenkins", diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql-persistent.json index 289f809fa..86ddc184a 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql-persistent.json @@ -8,10 +8,11 @@ "description": "An example CakePHP application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/cakephp-ex/blob/master/README.md.", "tags": "quickstart,php,cakephp", "iconClass": "icon-php", - "template.openshift.io/long-description": "This template defines resources needed to develop a CakePHP application, including a build configuration, application deployment configuration, and database deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/cakephp-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a CakePHP application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/cakephp-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/cake-ex/blob/master/README.md.", @@ -60,10 +61,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -219,7 +217,7 @@ "timeoutSeconds": 3, "initialDelaySeconds": 30, "httpGet": { - "path": "/", + "path": "/health.php", "port": 8080 } }, @@ -342,7 +340,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql.json index 0562982b3..3c964bd6a 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/cakephp-mysql.json @@ -8,10 +8,11 @@ "description": "An example CakePHP application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/cakephp-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "tags": "quickstart,php,cakephp", "iconClass": "icon-php", - "template.openshift.io/long-description": "This template defines resources needed to develop a CakePHP application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/cakephp-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a CakePHP application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/cakephp-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/cake-ex/blob/master/README.md.", @@ -60,10 +61,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -219,7 +217,7 @@ "timeoutSeconds": 3, "initialDelaySeconds": 30, "httpGet": { - "path": "/", + "path": "/health.php", "port": 8080 } }, @@ -325,7 +323,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql-persistent.json index 7a3875d09..0a10c5fbc 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql-persistent.json @@ -8,10 +8,11 @@ "description": "An example Dancer application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", "tags": "quickstart,perl,dancer", "iconClass": "icon-perl", - "template.openshift.io/long-description": "This template defines resources needed to develop a Dancer based application, including a build configuration, application deployment configuration, and database deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/dancer-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Dancer based application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/dancer-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -206,7 +204,7 @@ "timeoutSeconds": 3, "initialDelaySeconds": 30, "httpGet": { - "path": "/", + "path": "/health", "port": 8080 } }, @@ -307,7 +305,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql.json index 399ec72a8..6122d5436 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/dancer-mysql.json @@ -8,10 +8,11 @@ "description": "An example Dancer application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "tags": "quickstart,perl,dancer", "iconClass": "icon-perl", - "template.openshift.io/long-description": "This template defines resources needed to develop a Dancer based application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/dancer-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Dancer based application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/dancer-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -206,7 +204,7 @@ "timeoutSeconds": 3, "initialDelaySeconds": 30, "httpGet": { - "path": "/", + "path": "/health", "port": 8080 } }, @@ -290,7 +288,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql-persistent.json index e37f7a492..f3b5838fa 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql-persistent.json @@ -8,10 +8,11 @@ "description": "An example Django application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", "tags": "quickstart,python,django", "iconClass": "icon-python", - "template.openshift.io/long-description": "This template defines resources needed to develop a Django based application, including a build configuration, application deployment configuration, and database deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/django-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Django based application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/django-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -311,7 +309,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql.json index 965c2ebfe..b21295df2 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/django-postgresql.json @@ -8,10 +8,11 @@ "description": "An example Django application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "tags": "quickstart,python,django", "iconClass": "icon-python", - "template.openshift.io/long-description": "This template defines resources needed to develop a Django based application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/django-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Django based application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/django-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -294,7 +292,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/httpd.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/httpd.json index 6cf9d76eb..3771280bf 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/httpd.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/httpd.json @@ -4,14 +4,15 @@ "metadata": { "name": "httpd-example", "annotations": { - "openshift.io/display-name": "Httpd", - "description": "An example Httpd application that serves static content. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/httpd-ex/blob/master/README.md.", + "openshift.io/display-name": "Apache HTTP Server", + "description": "An example Apache HTTP Server (httpd) application that serves static content. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/httpd-ex/blob/master/README.md.", "tags": "quickstart,httpd", "iconClass": "icon-apache", - "template.openshift.io/long-description": "This template defines resources needed to develop a static application served by httpd, including a build configuration and application deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/httpd-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a static application served by Apache HTTP Server (httpd), including a build configuration and application deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/httpd-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/httpd-ex/blob/master/README.md.", @@ -45,10 +46,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-ephemeral-template.json index 62f43bc0b..28b4b9d81 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-ephemeral-template.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-ephemeral-template.json @@ -8,10 +8,10 @@ "description": "Jenkins service, without persistent storage.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins", - "template.openshift.io/long-description": "This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login. The Jenkins configuration is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/other_images/jenkins.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login. The Jenkins configuration is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/other_images/jenkins.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", @@ -112,10 +112,6 @@ "value": "true" }, { - "name": "OPENSHIFT_JENKINS_JVM_ARCH", - "value": "${JVM_ARCH}" - }, - { "name": "KUBERNETES_MASTER", "value": "https://kubernetes.default:443" }, @@ -124,6 +120,10 @@ "value": "true" }, { + "name": "JENKINS_SERVICE_NAME", + "value": "${JENKINS_SERVICE_NAME}" + }, + { "name": "JNLP_SERVICE_NAME", "value": "${JNLP_SERVICE_NAME}" } @@ -260,12 +260,6 @@ "value": "true" }, { - "name": "JVM_ARCH", - "displayName": "Jenkins JVM Architecture", - "description": "Whether Jenkins runs with a 32 bit (i386) or 64 bit (x86_64) JVM.", - "value": "i386" - }, - { "name": "MEMORY_LIMIT", "displayName": "Memory Limit", "description": "Maximum amount of memory the container can use.", diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-persistent-template.json index e9068e455..4915bb12c 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-persistent-template.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/jenkins-persistent-template.json @@ -8,10 +8,10 @@ "description": "Jenkins service, with persistent storage.\n\nNOTE: You must have persistent volumes available in your cluster to use this template.", "iconClass": "icon-jenkins", "tags": "instant-app,jenkins", - "template.openshift.io/long-description": "This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/other_images/jenkins.html", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/other_images/jenkins.html", + "openshift.io/support-url": "https://access.redhat.com" } }, "message": "A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", @@ -129,10 +129,6 @@ "value": "true" }, { - "name": "OPENSHIFT_JENKINS_JVM_ARCH", - "value": "${JVM_ARCH}" - }, - { "name": "KUBERNETES_MASTER", "value": "https://kubernetes.default:443" }, @@ -141,6 +137,10 @@ "value": "true" }, { + "name": "JENKINS_SERVICE_NAME", + "value": "${JENKINS_SERVICE_NAME}" + }, + { "name": "JNLP_SERVICE_NAME", "value": "${JNLP_SERVICE_NAME}" } @@ -277,12 +277,6 @@ "value": "true" }, { - "name": "JVM_ARCH", - "displayName": "Jenkins JVM Architecture", - "description": "Whether Jenkins runs with a 32 bit (i386) or 64 bit (x86_64) JVM.", - "value": "i386" - }, - { "name": "MEMORY_LIMIT", "displayName": "Memory Limit", "description": "Maximum amount of memory the container can use.", diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb-persistent.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb-persistent.json index df3704b9f..7f2a5d804 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb-persistent.json @@ -8,10 +8,11 @@ "description": "An example Node.js application with a MongoDB database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", "tags": "quickstart,nodejs", "iconClass": "icon-nodejs", - "template.openshift.io/long-description": "This template defines resources needed to develop a NodeJS application, including a build configuration, application deployment configuration, and database deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/nodejs-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a NodeJS application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/nodejs-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -309,7 +307,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb.json index eb6ab33d9..b3afae46e 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/nodejs-mongodb.json @@ -8,10 +8,11 @@ "description": "An example Node.js application with a MongoDB database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "tags": "quickstart,nodejs", "iconClass": "icon-nodejs", - "template.openshift.io/long-description": "This template defines resources needed to develop a NodeJS application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/nodejs-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a NodeJS application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/nodejs-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", @@ -58,10 +59,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -292,7 +290,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql-persistent.json index 59e2e41ea..1c03be28a 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql-persistent.json @@ -8,10 +8,11 @@ "description": "An example Rails application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", "tags": "quickstart,ruby,rails", "iconClass": "icon-ruby", - "template.openshift.io/long-description": "This template defines resources needed to develop a Rails application, including a build configuration, application deployment configuration, and database deployment configuration.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/rails-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Rails application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/rails-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", @@ -23,11 +24,7 @@ "kind": "Secret", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-username": "{.data['application-user']}", - "template.openshift.io/expose-password": "{.data['application-password']}" - } + "name": "${NAME}" }, "stringData" : { "database-user" : "${DATABASE_USER}", @@ -64,10 +61,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -354,7 +348,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql.json index b3d080a91..240289d33 100644 --- a/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.7/quickstart-templates/rails-postgresql.json @@ -8,10 +8,11 @@ "description": "An example Rails application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", "tags": "quickstart,ruby,rails", "iconClass": "icon-ruby", - "template.openshift.io/long-description": "This template defines resources needed to develop a Rails application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", - "template.openshift.io/provider-display-name": "Red Hat, Inc.", - "template.openshift.io/documentation-url": "https://github.com/openshift/rails-ex", - "template.openshift.io/support-url": "https://access.redhat.com" + "openshift.io/long-description": "This template defines resources needed to develop a Rails application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/rails-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" } }, "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", @@ -23,11 +24,7 @@ "kind": "Secret", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-username": "{.data['application-user']}", - "template.openshift.io/expose-password": "{.data['application-password']}" - } + "name": "${NAME}" }, "stringData" : { "database-user" : "${DATABASE_USER}", @@ -64,10 +61,7 @@ "kind": "Route", "apiVersion": "v1", "metadata": { - "name": "${NAME}", - "annotations": { - "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" - } + "name": "${NAME}" }, "spec": { "host": "${APPLICATION_DOMAIN}", @@ -337,7 +331,8 @@ "metadata": { "name": "${DATABASE_SERVICE_NAME}", "annotations": { - "description": "Defines how to deploy the database" + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" } }, "spec": { diff --git a/roles/openshift_examples/files/examples/v3.7/v3.8 b/roles/openshift_examples/files/examples/v3.7/v3.8 new file mode 120000 index 000000000..8ddcf661c --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/v3.8 @@ -0,0 +1 @@ +v3.8
\ No newline at end of file diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json index 0bb56452b..ed2dbf572 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-streams/jboss-image-streams.json @@ -4,7 +4,8 @@ "metadata": { "name": "jboss-image-streams", "annotations": { - "description": "ImageStream definitions for JBoss Middleware products." + "description": "ImageStream definitions for JBoss Middleware products.", + "openshift.io/provider-display-name": "Red Hat, Inc." } }, "items": [ @@ -14,48 +15,65 @@ "metadata": { "name": "jboss-webserver30-tomcat7-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 7", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift", "tags": [ { "name": "1.1", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 7 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", - "supports": "tomcat7:3.0,tomcat:7,java:8,xpaas:1.1", + "description": "JBoss Web Server 3.0 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.0,tomcat:7,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.1" } }, { "name": "1.2", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 7 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", - "supports": "tomcat7:3.0,tomcat:7,java:8,xpaas:1.2", + "description": "JBoss Web Server 3.0 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.0,tomcat:7,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2" } }, { "name": "1.3", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 7 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", - "supports":"tomcat7:3.0,tomcat:7,java:8,xpaas:1.3", + "description": "JBoss Web Server 3.0 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.0,tomcat:7,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", - "version": "1.3" + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 ApacheTomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.3" } } ] @@ -67,48 +85,65 @@ "metadata": { "name": "jboss-webserver30-tomcat8-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift", "tags": [ { "name": "1.1", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 8 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", - "supports": "tomcat8:3.0,tomcat:8,java:8,xpaas:1.1", + "description": "JBoss Web Server 3.0 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.0,tomcat:8,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.1", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.1" } }, { "name": "1.2", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 8 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", - "supports": "tomcat8:3.0,tomcat:8,java:8,xpaas:1.2", + "description": "JBoss Web Server 3.0 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.0,tomcat:8,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.2", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.2" } }, { "name": "1.3", "annotations": { - "description": "JBoss Web Server 3.0 Tomcat 8 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", - "supports":"tomcat8:3.0,tomcat:8,java:8,xpaas:1.3", + "description": "JBoss Web Server 3.0 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.0,tomcat:8,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", - "version": "1.3" + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.3" } } ] @@ -120,23 +155,48 @@ "metadata": { "name": "jboss-webserver31-tomcat7-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift", "tags": [ { "name": "1.0", "annotations": { - "description": "JBoss Web Server 3.1 Tomcat 7 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat7,java,jboss,xpaas", - "supports": "tomcat7:3.1,tomcat:7,java:8,xpaas:1.4", + "description": "JBoss Web Server 3.1 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.1,tomcat:7,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7" + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Web Server 3.1 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.1,tomcat:7,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.1" } } ] @@ -148,23 +208,48 @@ "metadata": { "name": "jboss-webserver31-tomcat8-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8" + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift", "tags": [ { "name": "1.0", "annotations": { - "description": "JBoss Web Server 3.1 Tomcat 8 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,tomcat,tomcat8,java,jboss,xpaas", - "supports": "tomcat8:3.1,tomcat:8,java:8,xpaas:1.4", + "description": "JBoss Web Server 3.1 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.1,tomcat:8,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "tomcat-websocket-chat", "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8" + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Web Server 3.1 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.1,tomcat:8,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.1" } } ] @@ -176,79 +261,122 @@ "metadata": { "name": "jboss-eap64-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + "openshift.io/display-name": "Red Hat JBoss EAP 6.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-eap-6/eap64-openshift", "tags": [ { "name": "1.1", "annotations": { "description": "JBoss EAP 6.4 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:6.4,javaee:6,java:8,xpaas:1.1", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.1" } }, { "name": "1.2", "annotations": { "description": "JBoss EAP 6.4 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:6.4,javaee:6,java:8,xpaas:1.2", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.2" } }, { "name": "1.3", "annotations": { "description": "JBoss EAP 6.4 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:6.4,javaee:6,java:8,xpaas:1.3", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "JBoss EAP 6.4 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:6.4,javaee:6,java:8,xpaas:1.4", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.4" } }, { "name": "1.5", "annotations": { "description": "JBoss EAP 6.4 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports":"eap:6.4,javaee:6,java:8,xpaas:1.5", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "6.4.x", - "version": "1.5" + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.5" + } + }, + { + "name": "1.6", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.6", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.6" } } ] @@ -260,51 +388,141 @@ "metadata": { "name": "jboss-eap70-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + "openshift.io/display-name": "Red Hat JBoss EAP 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-eap-7/eap70-openshift", "tags": [ { "name": "1.3", "annotations": { "description": "JBoss EAP 7.0 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:7.0,javaee:7,java:8,xpaas:1.3", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "7.0.0.GA", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "JBoss EAP 7.0 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports": "eap:7.0,javaee:7,java:8,xpaas:1.4", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "7.0.0.GA", "version": "1.4", "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.4" } }, { "name": "1.5", "annotations": { "description": "JBoss EAP 7.0 S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,eap,javaee,java,jboss,xpaas", - "supports":"eap:7.0,javaee:7,java:8,xpaas:1.5", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.5" + } + }, + { + "name": "1.6", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", "sampleContextDir": "kitchensink", "sampleRef": "7.0.0.GA", - "version": "1.5" + "version": "1.6", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.6" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-eap71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss EAP 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "TP", + "annotations": { + "description": "JBoss EAP 7.1 Tech Preview.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.1,javaee:7,java:8,xpass:1.0", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "TP", + "openshift.io/display-name": "Red Hat JBoss EAP 7.1 (Tech Preview)" + }, + "from": { + "kind": "ImageStreamTag", + "name": "1.0-TP" + } + }, + { + "name": "1.0-TP", + "annotations": { + "description": "JBoss EAP 7.1 Tech Preview.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.1,javaee:7,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss EAP 7.1 (Tech Preview)" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7-tech-preview/eap71-openshift:1.0" } } ] @@ -316,24 +534,31 @@ "metadata": { "name": "jboss-decisionserver62-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server" + "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift", "tags": [ { "name": "1.2", "annotations": { "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,decisionserver,xpaas", - "supports": "decisionserver:6.2,xpaas:1.2", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,hidden", + "supports": "decisionserver:6.2", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.2", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2" } } ] @@ -345,37 +570,50 @@ "metadata": { "name": "jboss-decisionserver63-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift", "tags": [ { "name": "1.3", "annotations": { "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,decisionserver,xpaas", - "supports": "decisionserver:6.3,xpaas:1.3", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,hidden", + "supports": "decisionserver:6.3", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,decisionserver,java,xpaas", - "supports":"decisionserver:6.3,java:8,xpaas:1.4", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,java,hidden", + "supports": "decisionserver:6.3,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.4" } } ] @@ -385,22 +623,52 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "jboss-decisionserver64-openshift" + "name": "jboss-decisionserver64-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "Red Hat JBoss BRMS 6.4 decision server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,decisionserver,java,xpaas", - "supports":"decisionserver:6.4,java:8,xpaas:1.4", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,java,hidden", + "supports": "decisionserver:6.4,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "decisionserver/hellorules", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "Red Hat JBoss BRMS 6.4 decision server S2I images.", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,java,hidden", + "supports": "decisionserver:6.4,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.1" } } ] @@ -412,37 +680,50 @@ "metadata": { "name": "jboss-processserver63-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift", "tags": [ { "name": "1.3", "annotations": { "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,processserver,xpaas", - "supports": "processserver:6.3,xpaas:1.3", + "iconClass": "icon-processserver", + "tags": "builder,processserver,hidden", + "supports": "processserver:6.3", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,processserver,java,xpaas", - "supports":"processserver:6.3,java:8,xpaas:1.4", + "iconClass": "icon-processserver", + "tags": "builder,processserver,java,hidden", + "supports": "processserver:6.3,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.4" + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.4" } } ] @@ -452,22 +733,52 @@ "kind": "ImageStream", "apiVersion": "v1", "metadata": { - "name": "jboss-processserver64-openshift" + "name": "jboss-processserver64-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "Red Hat JBoss BPM Suite 6.4 intelligent process server S2I images.", - "iconClass": "icon-jboss", - "tags": "builder,processserver,java,xpaas", - "supports":"processserver:6.4,java:8,xpaas:1.4", + "iconClass": "icon-processserver", + "tags": "builder,processserver,java,hidden", + "supports": "processserver:6.4,java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", "sampleContextDir": "processserver/library", "sampleRef": "1.3", - "version": "1.0" + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.4 intelligent process server S2I images.", + "iconClass": "icon-processserver", + "tags": "builder,processserver,java,hidden", + "supports": "processserver:6.4,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.1" } } ] @@ -479,42 +790,123 @@ "metadata": { "name": "jboss-datagrid65-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift", "tags": [ { "name": "1.2", "annotations": { "description": "JBoss Data Grid 6.5 S2I images.", - "iconClass": "icon-jboss", - "tags": "datagrid,jboss,xpaas", - "supports": "datagrid:6.5,xpaas:1.2", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.2" } }, { "name": "1.3", "annotations": { "description": "JBoss Data Grid 6.5 S2I images.", - "iconClass": "icon-jboss", - "tags": "datagrid,jboss,xpaas", - "supports": "datagrid:6.5,xpaas:1.4", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "JBoss Data Grid 6.5 S2I images.", - "iconClass": "icon-jboss", - "tags": "datagrid,jboss,xpaas", - "supports":"datagrid:6.5,xpaas:1.4", - "version": "1.4" + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.4" + } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss Data Grid 6.5 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.5" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:7.1", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Data Grid 7.1 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:7.1", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.1" } } ] @@ -526,20 +918,75 @@ "metadata": { "name": "jboss-datagrid65-client-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "JBoss Data Grid 6.5 Client Modules for EAP.", - "iconClass": "icon-jboss", - "tags": "client,jboss,xpaas", + "iconClass": "icon-datagrid", + "tags": "client,jboss,hidden", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Data Grid 6.5 Client Modules for EAP.", + "iconClass": "icon-datagrid", + "tags": "client,jboss,hidden", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.1" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-client-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 Client Modules for EAP.", + "iconClass": "icon-datagrid", + "tags": "client,jboss,hidden", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift:1.0" } } ] @@ -551,44 +998,76 @@ "metadata": { "name": "jboss-datavirt63-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", - "iconClass": "icon-jboss", - "tags": "datavirt,jboss,xpaas", - "supports": "datavirt:6.3,xpaas:1.4", + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports": "datavirt:6.3", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.0" } }, { "name": "1.1", "annotations": { "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", - "iconClass": "icon-jboss", - "tags": "datavirt,jboss,xpaas", - "supports": "datavirt:6.3,xpaas:1.4", + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports": "datavirt:6.3", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.1" } }, { "name": "1.2", "annotations": { "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", - "iconClass": "icon-jboss", - "tags": "datavirt,jboss,xpaas", - "supports":"datavirt:6.3,xpaas:1.4", - "version": "1.2" + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports": "datavirt:6.3", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.2" } - } + }, + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports":"datavirt:6.3", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.3" + } + } ] } }, @@ -598,20 +1077,42 @@ "metadata": { "name": "jboss-datavirt63-driver-openshift", "annotations": { - "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP.", - "iconClass": "icon-jboss", - "tags": "client,jboss,xpaas", + "iconClass": "icon-datavirt", + "tags": "client,jboss,hidden", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP.", + "iconClass": "icon-datavirt", + "tags": "client,jboss,hidden", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.1" } } ] @@ -623,55 +1124,106 @@ "metadata": { "name": "jboss-amq-62", "annotations": { - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-amq-6/amq62-openshift", "tags": [ { "name": "1.1", "annotations": { "description": "JBoss A-MQ 6.2 broker image.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "supports": "amq:6.2,messaging,xpaas:1.1", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", "version": "1.1", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.1" } }, { "name": "1.2", "annotations": { "description": "JBoss A-MQ 6.2 broker image.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "supports": "amq:6.2,messaging,xpaas:1.2", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", "version": "1.2", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.2" } }, { "name": "1.3", "annotations": { "description": "JBoss A-MQ 6.2 broker image.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "supports": "amq:6.2,messaging,xpaas:1.3", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", "version": "1.3", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "JBoss A-MQ 6.2 broker image.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "supports":"amq:6.2,messaging,xpaas:1.4", - "version": "1.4" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.4" } - } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.5" + } + }, + { + "name": "1.6", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports":"amq:6.2,messaging", + "version": "1.6", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.6" + } + } ] } }, @@ -681,21 +1233,59 @@ "metadata": { "name": "jboss-amq-63", "annotations": { - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-amq-6/amq63-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "JBoss A-MQ 6.3 broker image.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "supports": "amq:6.3,messaging,xpaas:1.0", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.3,messaging", "version": "1.0", "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss A-MQ 6.3 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.3,messaging", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss A-MQ 6.3 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.3,messaging", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.2" } } ] @@ -708,32 +1298,44 @@ "name": "redhat-sso70-openshift", "annotations": { "description": "Red Hat SSO 7.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + "openshift.io/display-name": "Red Hat Single Sign-On 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift", "tags": [ { "name": "1.3", "annotations": { "description": "Red Hat SSO 7.0", - "iconClass": "icon-jboss", - "tags": "sso,keycloak,redhat", - "supports": "sso:7.0,xpaas:1.3", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.0", "version": "1.3", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.3" } }, { "name": "1.4", "annotations": { "description": "Red Hat SSO 7.0", - "iconClass": "icon-jboss", - "tags": "sso,keycloak,redhat", - "supports": "sso:7.0,xpaas:1.4", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.0", "version": "1.4", "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.4" } } ] @@ -746,32 +1348,59 @@ "name": "redhat-sso71-openshift", "annotations": { "description": "Red Hat SSO 7.1", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + "openshift.io/display-name": "Red Hat Single Sign-On 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso71-openshift", "tags": [ { "name": "1.0", "annotations": { "description": "Red Hat SSO 7.1", - "iconClass": "icon-jboss", - "tags": "sso,keycloak,redhat", - "supports": "sso:7.1,xpaas:1.4", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.1", "version": "1.0", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.0" } }, { "name": "1.1", "annotations": { "description": "Red Hat SSO 7.1", - "iconClass": "icon-jboss", - "tags": "sso,keycloak,redhat", - "supports": "sso:7.1,xpaas:1.4", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.1", "version": "1.1", "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "Red Hat SSO 7.1", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.1", + "version": "1.2", + "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.2" } } ] @@ -783,23 +1412,31 @@ "metadata": { "name": "redhat-openjdk18-openshift", "annotations": { - "openshift.io/display-name": "Red Hat OpenJDK 8" + "openshift.io/display-name": "Red Hat OpenJDK 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" } }, + "labels": { + "xpaas": "1.4.7" + }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift", "tags": [ { "name": "1.0", "annotations": { "openshift.io/display-name": "Red Hat OpenJDK 8", "description": "Build and run Java applications using Maven and OpenJDK 8.", - "iconClass": "icon-jboss", - "tags": "builder,java,xpaas,openjdk", - "supports": "java:8,xpaas:1.0", + "iconClass": "icon-rh-openjdk", + "tags": "builder,java,openjdk,hidden", + "supports": "java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.0" } }, { @@ -807,12 +1444,33 @@ "annotations": { "openshift.io/display-name": "Red Hat OpenJDK 8", "description": "Build and run Java applications using Maven and OpenJDK 8.", - "iconClass": "icon-jboss", - "tags": "builder,java,xpaas,openjdk", - "supports": "java:8,xpaas:1.4", + "iconClass": "icon-rh-openjdk", + "tags": "builder,java,openjdk", + "supports": "java:8", "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", "sampleContextDir": "undertow-servlet", "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "openshift.io/display-name": "Red Hat OpenJDK 8", + "description": "Build and run Java applications using Maven and OpenJDK 8.", + "iconClass": "icon-rh-openjdk", + "tags": "builder,java,openjdk", + "supports": "java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", + "sampleContextDir": "undertow-servlet", + "version": "1.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.2" } } ] diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-basic.json index af20b373a..8f8e14cb6 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-basic.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-basic.json @@ -4,16 +4,17 @@ "metadata": { "annotations": { "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template doesn't feature SSL support.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2 (Ephemeral, no SSL)" + "iconClass": "icon-amq", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (Ephemeral, no SSL)" }, "name": "amq62-basic" }, "labels": { "template": "amq62-basic", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", "parameters": [ @@ -83,6 +84,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -215,7 +223,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -322,6 +330,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent-ssl.json index 5acdbfabf..96f9d616f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent-ssl.json @@ -3,17 +3,22 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for JBoss A-MQ brokers. These are deployed as standalone and use persistent storage for saving messages. This template supports SSL and requires usage of OpenShift secrets.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2 (Persistent with SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.2 based application, including a deployment configuration, using persistence and secure communication using SSL.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, "name": "amq62-persistent-ssl" }, "labels": { "template": "amq62-persistent-ssl", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", "parameters": [ @@ -26,9 +31,9 @@ }, { "displayName": "Split Data?", - "description": "Split the data directory for each node in a mesh.", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", "name": "AMQ_SPLIT", - "value": "false", + "value": "true", "required": false }, { @@ -132,6 +137,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -360,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -523,6 +535,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } @@ -546,6 +562,114 @@ } }, { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-62", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { "apiVersion": "v1", "kind": "PersistentVolumeClaim", "metadata": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent.json index b8089cd6d..67c812fb4 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-persistent.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone and use persistent storage for saving messages. This template doesn't feature SSL support.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2 (Persistent, no SSL)" + "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone and use persistent storage for saving messages, including message migration when the number of pods are reduced. This template doesn't feature SSL support.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "amq62-persistent" }, "labels": { "template": "amq62-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", "parameters": [ @@ -26,9 +27,9 @@ }, { "displayName": "Split Data?", - "description": "Split the data directory for each node in a mesh.", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", "name": "AMQ_SPLIT", - "value": "false", + "value": "true", "required": false }, { @@ -97,6 +98,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -229,7 +237,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -346,6 +354,118 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-62", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-ssl.json index b52fdbfb0..9f488820c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-ssl.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq62-ssl.json @@ -4,16 +4,17 @@ "metadata": { "annotations": { "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template supports SSL and requires usage of OpenShift secrets.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2 (Ephemeral with SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (Ephemeral with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "amq62-ssl" }, "labels": { "template": "amq62-ssl", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", "parameters": [ @@ -118,6 +119,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -346,7 +354,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -501,6 +509,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-basic.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-basic.json index d29f6a300..e13530764 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-basic.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-basic.json @@ -4,16 +4,17 @@ "metadata": { "annotations": { "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template doesn't feature SSL support.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Ephemeral, no SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Ephemeral, no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "amq63-basic" }, "labels": { "template": "amq63-basic", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", "parameters": [ @@ -83,6 +84,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -215,7 +223,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, @@ -322,6 +330,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent-ssl.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent-ssl.json index 47f6396dd..3eedee933 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent-ssl.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for JBoss A-MQ brokers. These are deployed as standalone and use persistent storage for saving messages. This template supports SSL and requires usage of OpenShift secrets.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Persistent with SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.3 (with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.3 based application, including a deployment configuration, using persistence and secure communication using SSL.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "amq63-persistent-ssl" }, "labels": { "template": "amq63-persistent-ssl", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", "parameters": [ @@ -26,9 +30,9 @@ }, { "displayName": "Split Data?", - "description": "Split the data directory for each node in a mesh.", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", "name": "AMQ_SPLIT", - "value": "false", + "value": "true", "required": false }, { @@ -132,6 +136,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -360,7 +371,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, @@ -523,6 +534,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } @@ -546,6 +561,114 @@ } }, { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-63:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-63", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { "apiVersion": "v1", "kind": "PersistentVolumeClaim", "metadata": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent.json index 4b64203c4..7c0aec61a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-persistent.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone and use persistent storage for saving messages. This template doesn't feature SSL support.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Persistent, no SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.3 (no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.3 based application, including a deployment configuration and using persistence.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "amq63-persistent" }, "labels": { "template": "amq63-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", "parameters": [ @@ -26,9 +30,9 @@ }, { "displayName": "Split Data?", - "description": "Split the data directory for each node in a mesh.", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", "name": "AMQ_SPLIT", - "value": "false", + "value": "true", "required": false }, { @@ -97,6 +101,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -229,7 +240,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, @@ -346,6 +357,118 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-63:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-63", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-ssl.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-ssl.json index 20ad50016..a55403c79 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-ssl.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/amq63-ssl.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template supports SSL and requires usage of OpenShift secrets.", - "iconClass": "icon-jboss", - "tags": "messaging,amq,jboss,xpaas", - "version": "1.0", - "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Ephemeral with SSL)" + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.3 (Ephemeral with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.2 based application, including a deployment configuration, using ephemeral (temporary) storage and secure communication using SSL. These can be deployed as standalone or in a mesh.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "amq63-ssl" }, "labels": { "template": "amq63-ssl", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", "parameters": [ @@ -118,6 +122,13 @@ "required": false }, { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { "displayName": "ImageStream Namespace", "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", "name": "IMAGE_STREAM_NAMESPACE", @@ -346,7 +357,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, @@ -501,6 +512,10 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-basic.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-basic.json index 32433bef0..af390c13d 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-basic.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-basic.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datagrid", "description": "Application template for JDG 6.5 applications.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 (Ephemeral, no https)" + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 (Ephemeral, no https)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "datagrid65-basic" }, "labels": { "template": "datagrid65-basic", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\".", "parameters": [ @@ -227,7 +228,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-https.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-https.json index e6f020400..97d02c788 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-https.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-https.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datagrid", "description": "Application template for JDG 6.5 applications.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 (Ephemeral with https)" + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "datagrid65-https" }, "labels": { "template": "datagrid65-https", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -337,7 +338,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, @@ -502,6 +503,10 @@ "value": "${REST_SECURITY_DOMAIN}" }, { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { "name": "JGROUPS_ENCRYPT_SECRET", "value": "${JGROUPS_ENCRYPT_SECRET}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql-persistent.json index ff57a7936..018132668 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql-persistent.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for JDG 6.5 and MySQL applications with persistent storage.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 + MySQL (Persistent with https)" + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 6.5 based application, including a deployment configuration, using MySQL databased using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "datagrid65-mysql-persistent" }, "labels": { "template": "datagrid65-mysql-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service (using MySQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -457,7 +461,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, @@ -666,6 +670,10 @@ "value": "${APPLICATION_NAME}-hotrod" }, { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { "name": "MEMCACHED_CACHE", "value": "${MEMCACHED_CACHE}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql.json index 44902de25..1e8ca1b51 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-mysql.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datagrid", "description": "Application template for JDG 6.5 and MySQL applications.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 + MySQL (Ephemeral with https)" + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "datagrid65-mysql" }, "labels": { "template": "datagrid65-mysql", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service (using MySQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -450,7 +451,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, @@ -659,6 +660,10 @@ "value": "${APPLICATION_NAME}-hotrod" }, { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { "name": "MEMCACHED_CACHE", "value": "${MEMCACHED_CACHE}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql-persistent.json index 6b90e1370..4a1d818c9 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql-persistent.json @@ -3,17 +3,22 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datagrid", "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 + PostgreSQL (Persistent with https)" + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 6.5 based application, including a deployment configuration, using PostgreSQL database using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "datagrid65-postgresql-persistent" }, "labels": { "template": "datagrid65-postgresql-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service (using PostgreSQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -437,7 +442,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, @@ -646,6 +651,10 @@ "value": "${APPLICATION_NAME}-hotrod" }, { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { "name": "MEMCACHED_CACHE", "value": "${MEMCACHED_CACHE}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql.json index ae36376db..d97bdfa75 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid65-postgresql.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datagrid", "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", - "tags": "datagrid,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 + PostgreSQL (Ephemeral with https)" + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "datagrid65-postgresql" }, "labels": { "template": "datagrid65-postgresql", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data grid service (using PostgreSQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -430,7 +431,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-openshift:1.4" + "name": "jboss-datagrid65-openshift:1.5" } } }, @@ -639,6 +640,10 @@ "value": "${APPLICATION_NAME}-hotrod" }, { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { "name": "MEMCACHED_CACHE", "value": "${MEMCACHED_CACHE}" }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-basic.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-basic.json new file mode 100644 index 000000000..d4b83da34 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-basic.json @@ -0,0 +1,420 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 (Ephemeral, no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using using ephemeral (temporary) storage and communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-basic" + }, + "labels": { + "template": "datagrid71-basic", + "xpaas": "1.4.7" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\".", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-https.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-https.json new file mode 100644 index 000000000..2a46bd3a2 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-https.json @@ -0,0 +1,602 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-https" + }, + "labels": { + "template": "datagrid71-https", + "xpaas": "1.4.7" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql-persistent.json new file mode 100644 index 000000000..72bdf2037 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql-persistent.json @@ -0,0 +1,904 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using MySQL databased using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-mysql-persistent" + }, + "labels": { + "template": "datagrid71-mysql-persistent", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using MySQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql.json new file mode 100644 index 000000000..99f97a7c7 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-mysql.json @@ -0,0 +1,863 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using MySQL databased using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-mysql" + }, + "labels": { + "template": "datagrid71-mysql", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using MySQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-partition.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-partition.json new file mode 100644 index 000000000..baf17dbbb --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-partition.json @@ -0,0 +1,501 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 (Ephemeral, no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using using ephemeral (temporary) storage and communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-partition" + }, + "labels": { + "template": "datagrid71-partition", + "xpaas": "1.4.0" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\".", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "ADMIN_GROUP", + "description": "Comma delimited list of groups/roles for the Application Realm User", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "HOTROD_AUTHENTICATION", + "description": "True/False for HotRod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "CONTAINER_SECURITY_ROLE_MAPPER", + "description": "Container Role Mapper", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "CONTAINER_SECURITY_ROLES", + "description": "Comma Delimited List of Container Roles", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datagrid Volume Size", + "description": "Size of the volume used by Datagrid for persisting metadata.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", + "name": "DATAGRID_SPLIT", + "value": "true", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8787, + "targetPort": 8787 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-debug", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/datagrid/standalone/partitioned_data", + "name": "${APPLICATION_NAME}-datagrid-pvol" + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + }, + { + "name": "debug", + "containerPort": 8787, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "DATAGRID_SPLIT", + "value": "${DATAGRID_SPLIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-datagrid-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-datagrid-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-datagrid-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql-persistent.json new file mode 100644 index 000000000..5cd6e854a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql-persistent.json @@ -0,0 +1,876 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using PostgreSQL database using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-postgresql-persistent" + }, + "labels": { + "template": "datagrid71-postgresql-persistent", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using PostgreSQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql.json new file mode 100644 index 000000000..505d67750 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datagrid71-postgresql.json @@ -0,0 +1,835 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using PostgreSQL database using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-postgresql" + }, + "labels": { + "template": "datagrid71-postgresql", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using PostgreSQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configurd for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-basic-s2i.json index ea2f13742..b6885d6f6 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-basic-s2i.json @@ -3,17 +3,18 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", + "iconClass": "icon-datavirt", "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I.", - "tags": "jdv,datavirt,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3 (no SSL)" + "tags": "jdv,datavirt,database,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Virtualization 6.3 (no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." }, "name": "datavirt63-basic-s2i" }, "labels": { "template": "datavirt63-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the secret named ${CONFIGURATION_NAME} containing the datasource configuration details required by the deployed VDB(s).", "parameters": [ @@ -173,6 +174,11 @@ "name": "jdbc", "port": 31000, "targetPort": "jdbc" + }, + { + "name": "odbc", + "port": 35432, + "targetPort": "odbc" } ], "selector": { @@ -244,7 +250,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" }, "paths": [ { @@ -262,7 +268,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datavirt63-openshift:1.2" + "name": "jboss-datavirt63-openshift:1.3" }, "env": [ { @@ -312,7 +318,7 @@ "imageChange": { "from": { "kind": "ImageStreamTag", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" } } }, @@ -415,6 +421,11 @@ "protocol": "TCP" }, { + "name": "odbc", + "containerPort": 35432, + "protocol": "TCP" + }, + { "name": "ping", "containerPort": 8888, "protocol": "TCP" diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-extensions-support-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-extensions-support-s2i.json index 22b579ecc..a06f714a7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-extensions-support-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-extensions-support-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I. Includes support for installing extensions (e.g. third-party DB drivers) and the ability to configure certificates for serving secure content.", - "tags": "jdv,datavirt,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3 (with SSL and Extensions)" + "iconClass": "icon-datavirt", + "tags": "jdv,datavirt,database,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Virtualization 6.3 (with SSL and Extensions)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Virtualization application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Data Virtualization based application, including a build configuration, application deployment configuration, support for installing extensions (e.g. third-party DB drivers) and the ability to configure certificates for serving secure content.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-virtualization/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "datavirt63-extensions-support-s2i" }, "labels": { "template": "datavirt63-extensions-support-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -288,6 +292,16 @@ "name": "jdbcs", "port": 31443, "targetPort": "jdbcs" + }, + { + "name": "odbc", + "port": 35432, + "targetPort": "odbc" + }, + { + "name": "odbcs", + "port": 35443, + "targetPort": "odbcs" } ], "selector": { @@ -470,7 +484,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" }, "paths": [ { @@ -500,7 +514,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datavirt63-openshift:1.2" + "name": "jboss-datavirt63-openshift:1.3" }, "env": [ { @@ -559,7 +573,7 @@ "imageChange": { "from": { "kind": "ImageStreamTag", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" } } }, @@ -682,6 +696,16 @@ "protocol": "TCP" }, { + "name": "odbc", + "containerPort": 35432, + "protocol": "TCP" + }, + { + "name": "odbcs", + "containerPort": 35443, + "protocol": "TCP" + }, + { "name": "ping", "containerPort": 8888, "protocol": "TCP" diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-secure-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-secure-s2i.json index 9392c20a6..1758b1be0 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-secure-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/datavirt63-secure-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I. Includes ability to configure certificates for serving secure content.", - "tags": "jdv,datavirt,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3 (with SSL)" + "iconClass": "icon-datavirt", + "tags": "jdv,datavirt,database,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Virtualization 6.3 (with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Virtualization application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Data Virtualization based application, including a build configuration, application deployment configuration and ability to configure certificates for serving secure content.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-virtualization/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "datavirt63-secure-s2i" }, "labels": { "template": "datavirt63-secure-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -401,6 +405,16 @@ "name": "jdbcs", "port": 31443, "targetPort": "jdbcs" + }, + { + "name": "odbc", + "port": 35432, + "targetPort": "odbc" + }, + { + "name": "odbcs", + "port": 35443, + "targetPort": "odbcs" } ], "selector": { @@ -524,7 +538,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" }, "paths": [ { @@ -542,7 +556,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-datavirt63-openshift:1.2" + "name": "jboss-datavirt63-openshift:1.3" }, "env": [ { @@ -592,7 +606,7 @@ "imageChange": { "from": { "kind": "ImageStreamTag", - "name": "jboss-datagrid65-client-openshift:1.0" + "name": "jboss-datagrid65-client-openshift:1.1" } } }, @@ -715,6 +729,16 @@ "protocol": "TCP" }, { + "name": "odbc", + "containerPort": 35432, + "protocol": "TCP" + }, + { + "name": "odbcs", + "containerPort": 35443, + "protocol": "TCP" + }, + { "name": "ping", "containerPort": 8888, "protocol": "TCP" diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-amq-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-amq-s2i.json index c688a2a67..3006a7265 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-amq-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.4 decision server A-MQ applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server + A-MQ (with https)" + "iconClass": "icon-decisionserver", + "tags": "decisionserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BRMS 6.4 decision server + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BRMS decision server A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss BRMS 6.4 decision server with A-MQ application, including a build configuration and application deployment configuration.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-brms/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "decisionserver64-amq-s2i" }, "labels": { "template": "decisionserver64-amq-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BRMS/A-MQ application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -392,7 +396,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver64-openshift:1.0" + "name": "jboss-decisionserver64-openshift:1.1" } } }, @@ -626,7 +630,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-basic-s2i.json index 778c51844..eaee9c1a5 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-basic-s2i.json @@ -4,16 +4,16 @@ "metadata": { "annotations": { "description": "Application template for Red Hat JBoss BRMS 6.4 decision server applications built using S2I.", - "iconClass": "icon-jboss", + "iconClass": "icon-decisionserver", "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", + "version": "1.4.7", "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server (no https)" }, "name": "decisionserver64-basic-s2i" }, "labels": { "template": "decisionserver64-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BRMS application has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}.", "parameters": [ @@ -227,7 +227,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver64-openshift:1.0" + "name": "jboss-decisionserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-https-s2i.json index e6c6961c1..cb6eb1706 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver64-https-s2i.json @@ -4,16 +4,21 @@ "metadata": { "annotations": { "description": "Application template for Red Hat JBoss BRMS 6.4 decision server HTTPS applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server (with https)" + "iconClass": "icon-decisionserver", + "tags": "decisionserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BRMS 6.4 decision server (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BRMS decision server application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss BRMS 6.4 decision server, including a build configuration, application deployment configuration and secured using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-brms/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "decisionserver64-https-s2i" }, "labels": { "template": "decisionserver64-https-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BRMS application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -323,7 +328,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver64-openshift:1.0" + "name": "jboss-decisionserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-persistent-s2i.json index 912838175..9ebbfd06c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + A-MQ (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ with persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-amq-persistent-s2i" }, "labels": { "template": "eap64-amq-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and A-MQ persistent based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -423,7 +427,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, @@ -700,7 +704,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-s2i.json index dd4c7a27b..6b0e1a30c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-amq-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 A-MQ applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + A-MQ (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + A-MQ (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-amq-s2i" }, "labels": { "template": "eap64-amq-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and A-MQ based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -409,7 +413,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, @@ -683,7 +687,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-basic-s2i.json index e13b3851b..17fdd2333 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-basic-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 6 applications built using S2I.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 (no https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-basic-s2i" }, "labels": { "template": "eap64-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 based application has been created in your project.", "parameters": [ @@ -216,7 +220,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-https-s2i.json index 0da32eb40..8616ac04f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-https-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 6 applications built using S2I.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-https-s2i" }, "labels": { "template": "eap64-https-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -340,7 +344,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-persistent-s2i.json index 77b75466d..ea3b46d78 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + MongoDB (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MongoDB (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-mongodb-persistent-s2i" }, "labels": { "template": "eap64-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and MongoDB persistent based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -454,7 +458,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-s2i.json index 2785782d4..4aa9be281 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mongodb-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 MongoDB applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + MongoDB (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MongoDB (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-mongodb-s2i" }, "labels": { "template": "eap64-mongodb-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and MongoDB based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -447,7 +451,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-persistent-s2i.json index cca0f9c2b..304f11348 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + MySQL (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-mysql-persistent-s2i" }, "labels": { "template": "eap64-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and MySQL persistent based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -458,7 +462,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-s2i.json index 5766506fd..bc1cdaca5 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-mysql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + MySQL (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-mysql-s2i" }, "labels": { "template": "eap64-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and MySQL based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -451,7 +455,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-persistent-s2i.json index 01891774d..d2e6ea25b 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + PostgreSQL (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + PostgreSQL (Persistent with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-postgresql-persistent-s2i" }, "labels": { "template": "eap64-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and PostgreSQL persistent based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -440,7 +444,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-s2i.json index e00f2b0e3..7a2d4009e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-postgresql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 6 PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + PostgreSQL (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-postgresql-s2i" }, "labels": { "template": "eap64-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 and PostgreSQL based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -433,7 +437,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-sso-s2i.json index ec0739d04..368f147f4 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-sso-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + Single Sign-On (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + Single Sign-On (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 Single Sign-On application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration and integrated with Red Hat Single Sign-On.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-sso-s2i" }, "labels": { "template": "eap64-sso-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 based application with SSL and SSO support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -458,7 +462,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" }, "env": [ { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-third-party-db-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-third-party-db-s2i.json index e8f6d6585..701f4eee6 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-third-party-db-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap64-third-party-db-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 6 DB applications built using S2I. Includes support for installing third-party DB drivers.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 6.4 (with https, supporting third-party DB drivers)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4 (with https, DB drivers)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 DB application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, using third-party DB drivers and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap64-third-party-db-s2i" }, "labels": { "template": "eap64-third-party-db-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 6 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets:\"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed application(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -70,7 +74,7 @@ "displayName": "Drivers ImageStreamTag", "description": "ImageStreamTag definition for the image containing the drivers and configuration, e.g. jboss-datavirt63-openshift:1.0-driver", "name": "EXTENSIONS_IMAGE", - "value": "jboss-datavirt63-driver-openshift:1.0", + "value": "jboss-datavirt63-driver-openshift:1.1", "required": true }, { @@ -387,7 +391,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.5" + "name": "jboss-eap64-openshift:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-persistent-s2i.json index 3f0eba6e3..d16756bad 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + A-MQ (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ with persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-amq-persistent-s2i" }, "labels": { "template": "eap70-amq-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and A-MQ persistent based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -423,7 +427,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -700,7 +704,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-s2i.json index f2d65f353..70323214f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-amq-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 A-MQ applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + A-MQ (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-amq-s2i" }, "labels": { "template": "eap70-amq-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and A-MQ based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -409,7 +413,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -683,7 +687,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-basic-s2i.json index c33e3f7cb..312db1971 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-basic-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 7 applications built using S2I.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 (no https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-basic-s2i" }, "labels": { "template": "eap70-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 based application has been created in your project.", "parameters": [ @@ -216,7 +220,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -299,17 +303,6 @@ "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-https-s2i.json index 7542d31c8..7c3b35f5a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-https-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 7 applications built using S2I.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-https-s2i" }, "labels": { "template": "eap70-https-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -340,7 +344,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -436,17 +440,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-persistent-s2i.json index 8a7da66c1..205e451c7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + MongoDB (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + MongoDB (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-mongodb-persistent-s2i" }, "labels": { "template": "eap70-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and MongoDB persistent based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -454,7 +458,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -550,17 +554,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-s2i.json index ae52a3deb..63b57d5dc 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mongodb-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 MongoDB applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + MongoDB (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Boss EAP 7.0 + MongoDB (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-mongodb-s2i" }, "labels": { "template": "eap70-mongodb-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and MongoDB based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -447,7 +451,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -543,17 +547,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-persistent-s2i.json index a0a3d7717..f9f77f22c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + MySQL (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-mysql-persistent-s2i" }, "labels": { "template": "eap70-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and MySQL persistent based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -458,7 +462,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -554,17 +558,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-s2i.json index 8255ade5d..8ea433a80 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-mysql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + MySQL (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-mysql-s2i" }, "labels": { "template": "eap70-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and MySQL based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -451,7 +455,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -547,17 +551,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-persistent-s2i.json index 436c541d8..a2bc9d3b9 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + PostgreSQL (Persistent with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + PostgreSQL (Persistent with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-postgresql-persistent-s2i" }, "labels": { "template": "eap70-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and PostgreSQL persistent based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -440,7 +444,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -536,17 +540,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-s2i.json index a2a37a886..66b0c737d 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-postgresql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for EAP 7 PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + PostgreSQL (Ephemeral with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-postgresql-s2i" }, "labels": { "template": "eap70-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 and PostgreSQL based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -433,7 +437,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -529,17 +533,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-sso-s2i.json index 08a844cd9..2201ff7f3 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-sso-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 + Single Sign-On (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + Single Sign-On (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 Single Sign-On application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration and integrated with Red Hat Single Sign-On.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-sso-s2i" }, "labels": { "template": "eap70-sso-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 based application with SSL and SSO support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -62,18 +66,26 @@ { "displayName": "Queues", "description": "Queue names", - "name": "HORNETQ_QUEUES", + "name": "MQ_QUEUES", "value": "", "required": false }, { "displayName": "Topics", "description": "Topic names", - "name": "HORNETQ_TOPICS", + "name": "MQ_TOPICS", "value": "", "required": false }, { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { "displayName": "Service Account Name", "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", "name": "SERVICE_ACCOUNT_NAME", @@ -116,14 +128,6 @@ "required": false }, { - "displayName": "HornetQ Password", - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "displayName": "Github Webhook Secret", "description": "GitHub trigger secret", "name": "GITHUB_WEBHOOK_SECRET", @@ -458,7 +462,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" }, "env": [ { @@ -578,17 +582,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ @@ -671,16 +664,16 @@ "value": "${HTTPS_PASSWORD}" }, { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" }, { "name": "JGROUPS_ENCRYPT_SECRET", diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-third-party-db-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-third-party-db-s2i.json index 9e854d7ab..3ca69f6c7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-third-party-db-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap70-third-party-db-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for EAP 7 DB applications built using S2I. Includes support for installing third-party DB drivers.", - "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss EAP 7.0 (with https, supporting third-party DB drivers)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 (with https, DB drivers)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 DB application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, using third-party DB drivers and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "eap70-third-party-db-s2i" }, "labels": { "template": "eap70-third-party-db-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets:\"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed application(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ @@ -70,7 +74,7 @@ "displayName": "Drivers ImageStreamTag", "description": "ImageStreamTag definition for the image containing the drivers and configuration, e.g. jboss-datavirt63-openshift:1.0-driver", "name": "EXTENSIONS_IMAGE", - "value": "jboss-datavirt63-driver-openshift:1.0", + "value": "jboss-datavirt63-driver-openshift:1.1", "required": true }, { @@ -387,7 +391,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.5" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -498,17 +502,6 @@ "readOnly": true } ], - "lifecycle": { - "preStop": { - "exec": { - "command": [ - "/opt/eap/bin/jboss-cli.sh", - "-c", - ":shutdown(timeout=60)" - ] - } - } - }, "livenessProbe": { "exec": { "command": [ diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-amq-persistent-s2i.json new file mode 100644 index 000000000..dbc1a8013 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-amq-persistent-s2i.json @@ -0,0 +1,876 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ with persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-amq-persistent-s2i" + }, + "labels": { + "template": "eap71-amq-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and A-MQ persistent based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "displayName": "A-MQ Volume Size", + "description": "Size of the volume used by A-MQ for persisting messages.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "JMS Connection Factory JNDI Name", + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/opt/amq/data/kahadb", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-amq-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-amq-s2i.json new file mode 100644 index 000000000..6e330eae9 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-amq-s2i.json @@ -0,0 +1,821 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,xpaas,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-amq-s2i" + }, + "labels": { + "template": "eap71-amq-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and A-MQ based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "displayName": "JMS Connection Factory JNDI Name", + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-basic-s2i.json new file mode 100644 index 000000000..892ec468c --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-basic-s2i.json @@ -0,0 +1,382 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-basic-s2i" + }, + "labels": { + "template": "eap71-basic-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application has been created in your project.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.0.GA", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-https-s2i.json new file mode 100644 index 000000000..7426830ec --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-https-s2i.json @@ -0,0 +1,578 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-https-s2i" + }, + "labels": { + "template": "eap71-https-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.0.GA", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mongodb-persistent-s2i.json new file mode 100644 index 000000000..fb7f27acf --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mongodb-persistent-s2i.json @@ -0,0 +1,855 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MongoDB (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mongodb-persistent-s2i" + }, + "labels": { + "template": "eap71-mongodb-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MongoDB persistent based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MongoDB No Preallocation", + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "displayName": "MongoDB Small Files", + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "displayName": "MongoDB Quiet", + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database admin password", + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MongoDB Image Stream Tag", + "description": "The tag to use for the \"mongodb\" image stream. Typically, this aligns with the major.minor version of MongoDB.", + "name": "MONGODB_IMAGE_STREAM_TAG", + "value": "3.2", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:${MONGODB_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mongodb/data", + "name": "${APPLICATION_NAME}-mongodb-pvol" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mongodb-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mongodb-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mongodb-s2i.json new file mode 100644 index 000000000..915c9ba0a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mongodb-s2i.json @@ -0,0 +1,814 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MongoDB (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mongodb-s2i" + }, + "labels": { + "template": "eap71-mongodb-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MongoDB based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MongoDB No Preallocation", + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "displayName": "MongoDB Small Files", + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "displayName": "MongoDB Quiet", + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database admin password", + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MongoDB Image Stream Tag", + "description": "The tag to use for the \"mongodb\" image stream. Typically, this aligns with the major.minor version of MongoDB.", + "name": "MONGODB_IMAGE_STREAM_TAG", + "value": "3.2", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:${MONGODB_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mysql-persistent-s2i.json new file mode 100644 index 000000000..6af9e5f50 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mysql-persistent-s2i.json @@ -0,0 +1,871 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mysql-persistent-s2i" + }, + "labels": { + "template": "eap71-mysql-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MySQL persistent based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mysql-s2i.json new file mode 100644 index 000000000..c7d14d3c7 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-mysql-s2i.json @@ -0,0 +1,830 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mysql-s2i" + }, + "labels": { + "template": "eap71-mysql-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MySQL based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-postgresql-persistent-s2i.json new file mode 100644 index 000000000..a8d77b0ab --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-postgresql-persistent-s2i.json @@ -0,0 +1,845 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-postgresql-persistent-s2i" + }, + "labels": { + "template": "eap71-postgresql-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and PostgreSQL persistent based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-postgresql-s2i.json new file mode 100644 index 000000000..d87f05ea8 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-postgresql-s2i.json @@ -0,0 +1,804 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-postgresql-s2i" + }, + "labels": { + "template": "eap71-postgresql-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and PostgreSQL based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-sso-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-sso-s2i.json new file mode 100644 index 000000000..96b3dffc9 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-sso-s2i.json @@ -0,0 +1,816 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + Single Sign-On (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 Single Sign-On application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration and integrated with Red Hat Single Sign-On.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-sso-s2i" + }, + "labels": { + "template": "eap71-sso-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application with SSL and SSO support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "displayName": "Custom https Route Hostname", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "HornetQ Password", + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "URL for SSO", + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "displayName": "URL for SSO (internal service)", + "description": "The URL for the internal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "displayName": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "displayName": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "displayName": "SSO Password", + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "SSO Public Key", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "displayName": "SSO Bearer Only?", + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "displayName": "Artifact Directories", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "displayName": "SSO SAML Keystore Secret", + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "SSO SAML Keystore", + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "SSO SAML Certificate Name", + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "displayName": "SSO SAML Keystore Password", + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "displayName": "SSO Client Secret", + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Enable CORS for SSO?", + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "displayName": "SSO SAML Logout Page", + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "displayName": "Disable SSL Validation in EAP->SSO communication", + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "displayName": "SSO Trust Store", + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "displayName": "SSO Trust Store Password", + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "SSO Trust Store Secret", + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + }, + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-third-party-db-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-third-party-db-s2i.json new file mode 100644 index 000000000..a2a7264fb --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/eap71-third-party-db-s2i.json @@ -0,0 +1,650 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 (with https, DB drivers)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 DB application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, using third-party DB drivers and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-third-party-db-s2i" + }, + "labels": { + "template": "eap71-third-party-db-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets:\"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed application(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Configuration Secret Name", + "description": "The name of the secret containing configuration properties for the datasources.", + "name": "CONFIGURATION_NAME", + "value": "eap-app-config", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "datavirt/hibernate-webapp", + "required": false + }, + { + "displayName": "Drivers ImageStreamTag", + "description": "ImageStreamTag definition for the image containing the drivers and configuration, e.g. jboss-datavirt63-openshift:1.0-driver", + "name": "EXTENSIONS_IMAGE", + "value": "jboss-datavirt63-driver-openshift:1.1", + "required": true + }, + { + "displayName": "Drivers ImageStream Namespace", + "description": "Namespace within which the ImageStream definition for the image containing the drivers and configuration is located.", + "name": "EXTENSIONS_IMAGE_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Drivers Image Install Directory", + "description": "Full path to the directory within the extensions image where the extensions are located (e.g. install.sh, modules/, etc.)", + "name": "EXTENSIONS_INSTALL_DIR", + "value": "/extensions", + "required": true + }, + { + "displayName": "Queue Names", + "description": "Queue names to preconfigure within Messaging subsystem.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topic Names", + "description": "Topic names to preconfigure within Messaging subsystem.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "displayName": "Messaging Cluster Admin Password", + "description": "Admin password for Messaging cluster.", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the JGroups secret.", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the JGroups server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "namespace": "${EXTENSIONS_IMAGE_NAMESPACE}", + "name": "${EXTENSIONS_IMAGE}" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/extras", + "sourcePath": "${EXTENSIONS_INSTALL_DIR}/." + } + ] + } + ] + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${EXTENSIONS_IMAGE_NAMESPACE}", + "name": "${EXTENSIONS_IMAGE}" + } + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/eap-environment", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "ENV_FILES", + "value": "/etc/eap-environment/*" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-basic-s2i.json index 6db6e8cc6..42e352538 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-basic-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 (no https)" + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 (no https)" }, "name": "jws31-tomcat7-basic-s2i" }, "labels": { "template": "jws31-tomcat7-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", + "message": "A new JWS application for Apache Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", "parameters": [ { "displayName": "Application Name", @@ -195,7 +196,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-https-s2i.json index fd5fca316..b0a81d9c3 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-https-s2i.json @@ -3,19 +3,24 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 (with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Web Server application configured for use with https. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 (with https)", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 7 based application, including a build configuration, and application deployment configuration. This also illustrations how to connect to the web applicaiton using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, "name": "jws31-tomcat7-https-s2i" }, "labels": { "template": "jws31-tomcat7-https-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -277,7 +282,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-persistent-s2i.json index 6bbea8ab8..565f97822 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-persistent-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + MongoDB (Persistent with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + MongoDB (with https)", + "description": "An example JBoss Web Server application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 7 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "jws31-tomcat7-mongodb-persistent-s2i" }, "labels": { "template": "jws31-tomcat7-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -391,7 +395,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-s2i.json index a565ee4c0..fc473f5c3 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mongodb-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MongoDB applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + MongoDB (Ephemeral with https)" + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + MongoDB (Ephemeral with https)" }, "name": "jws31-tomcat7-mongodb-s2i" }, "labels": { "template": "jws31-tomcat7-mongodb-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -384,7 +385,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-persistent-s2i.json index be6899958..1223acd0f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-persistent-s2i.json @@ -3,19 +3,24 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + MySQL (Persistent with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7 + MySQL (with https)", + "description": "An example JBoss Web Server application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 7 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, "name": "jws31-tomcat7-mysql-persistent-s2i" }, "labels": { "template": "jws31-tomcat7-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -395,7 +400,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-s2i.json index 2983cc905..39becd41e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-mysql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MySQL applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + MySQL (Ephemeral with https)" + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + MySQL (Ephemeral with https)" }, "name": "jws31-tomcat7-mysql-s2i" }, "labels": { "template": "jws31-tomcat7-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -388,7 +389,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-persistent-s2i.json index cc5ea452c..77f4f8c9f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-persistent-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + PostgreSQL (Persistent with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + PostgreSQL (with https)", + "description": "An example JBoss Web Server application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "jws31-tomcat7-postgresql-persistent-s2i" }, "labels": { "template": "jws31-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -377,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-s2i.json index bd23e1558..6d1d7aef7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat7-postgresql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS PostgreSQL applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 7 + PostgreSQL (Ephemeral with https)" + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + PostgreSQL (Ephemeral with https)" }, "name": "jws31-tomcat7-postgresql-s2i" }, "labels": { "template": "jws31-tomcat7-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -370,7 +371,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat7-openshift:1.0" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-basic-s2i.json index f3a5786f6..9e7dc3488 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-basic-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 (no https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 (no https)", + "description": "An example JBoss Web Server application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, and an application deployment configuration.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "jws31-tomcat8-basic-s2i" }, "labels": { "template": "jws31-tomcat8-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", + "message": "A new JWS application for Apache Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", "parameters": [ { "displayName": "Application Name", @@ -195,7 +199,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-https-s2i.json index 634948a80..8fd5d9fab 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-https-s2i.json @@ -3,19 +3,24 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 (with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 (with https)", + "description": "An example JBoss Web Server application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, "name": "jws31-tomcat8-https-s2i" }, "labels": { "template": "jws31-tomcat8-https-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -277,7 +282,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-persistent-s2i.json index 1ad60d8cc..f4b11ccfa 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-persistent-s2i.json @@ -3,18 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + MongoDB (Persistent with https)" + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MongoDB (with https)", + "description": "An example JBoss Web Server application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, "name": "jws31-tomcat8-mongodb-persistent-s2i" }, - "message": "A new persistent JWS application for Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "labels": { "template": "jws31-tomcat8-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "parameters": [ { @@ -391,7 +396,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-s2i.json index f3e918afc..e2f69f157 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mongodb-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MongoDB applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + MongoDB (Ephemeral with https)" + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MongoDB (Ephemeral with https)" }, "name": "jws31-tomcat8-mongodb-s2i" }, "labels": { "template": "jws31-tomcat8-mongodb-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -384,7 +385,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-persistent-s2i.json index 08b456440..579071cb1 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-persistent-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + MySQL (Persistent with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MySQL (with https)", + "description": "An example JBoss Web Server application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "jws31-tomcat8-mysql-persistent-s2i" }, "labels": { "template": "jws31-tomcat8-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -395,7 +399,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-s2i.json index 260515b73..e84d61608 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-mysql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MySQL applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + MySQL (Ephemeral with https)" + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MySQL (Ephemeral with https)" }, "name": "jws31-tomcat8-mysql-s2i" }, "labels": { "template": "jws31-tomcat8-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -388,7 +389,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-persistent-s2i.json index eef5b6939..83a6ca19b 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-persistent-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + PostgreSQL (Persistent with https)" + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + PostgreSQL (with https)" }, "name": "jws31-tomcat8-postgresql-persistent-s2i" }, "labels": { "template": "jws31-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -377,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-s2i.json index 07ef7218a..e28cf8a04 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws31-tomcat8-postgresql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS PostgreSQL applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Tomcat 8 + (PostgreSQL with https)" + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.0 Apache Tomcat 8 + PostgreSQL (Ephemeral with https)" }, "name": "jws31-tomcat8-postgresql-s2i" }, "labels": { "template": "jws31-tomcat8-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -370,7 +371,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver31-tomcat8-openshift:1.0" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-amq-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-amq-template.json index cd0bec3c1..aad649f84 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-amq-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-amq-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Camel route using ActiveMQ in Karaf container.", + "description": "Camel route using ActiveMQ in Karaf container. This quickstart shows how to use Camel in a Karaf Container using Blueprint to connect to the A-MQ xPaaS message broker on OpenShift that should already be installed, one simple way to run a A-MQ service is following the documentation of the A-MQ xPaaS image for OpenShift related to the amq62-basic template.", "tags": "quickstart,java,karaf,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "karaf2-camel-amq-1.0.0.redhat-000010", + "value": "karaf2-camel-amq-1.0.0.redhat-000019", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -49,7 +49,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000010", + "value": "1.0.0.redhat-000019", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-log-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-log-template.json index 2ecce08a9..38b7bc249 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-log-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-log-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "A simple Camel route in Karaf container.", + "description": "A simple Camel route in Karaf container. This quickstart shows a simple Apache Camel application that logs a message to the server log every 5th second.", "tags": "quickstart,java,karaf,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "karaf2-camel-log-1.0.0.redhat-000010", + "value": "karaf2-camel-log-1.0.0.redhat-000019", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -49,7 +49,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000010", + "value": "1.0.0.redhat-000019", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-rest-sql-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-rest-sql-template.json index d80939efb..6d9573e5b 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-rest-sql-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-camel-rest-sql-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Camel example using Rest DSL with SQL Database in Karaf container.", + "description": "Camel example using Rest DSL with SQL Database in Karaf container. This example demonstrates how to use SQL via JDBC along with Camel's REST DSL to expose a RESTful API. The OpenShift MySQL container image should already be installed and running on your OpenShift installation, one simple way to run a MySQL service is following the documentation of the Openshift MySQL container image related to the mysql-ephemeral template..", "tags": "quickstart,java,karaf,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "karaf2-camel-rest-sql-1.0.0.redhat-000010", + "value": "karaf2-camel-rest-sql-1.0.0.redhat-000019", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -73,7 +73,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000010", + "value": "1.0.0.redhat-000019", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-cxf-rest-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-cxf-rest-template.json index f99099868..fdc0c00e5 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-cxf-rest-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/karaf2-cxf-rest-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "REST example using CXF in Karaf container.", + "description": "REST example using CXF in Karaf container. This quickstart demonstrates how to create a RESTful (JAX-RS) web service using CXF and expose it through the OSGi HTTP Service", "tags": "quickstart,java,karaf,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "karaf2-cxf-rest-1.0.0.redhat-000010", + "value": "karaf2-cxf-rest-1.0.0.redhat-000019", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -49,7 +49,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000010", + "value": "1.0.0.redhat-000019", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/openjdk18-web-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/openjdk18-web-basic-s2i.json index a48e204ae..6336f0398 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/openjdk18-web-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/openjdk18-web-basic-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-jboss", - "description": "Application template for Java applications built using S2I.", - "tags": "java,xpaas", - "version": "1.1.0", - "openshift.io/display-name": "Red Hat OpenJDK 8" + "iconClass": "icon-rh-openjdk", + "tags": "java", + "version": "1.4.7", + "openshift.io/display-name": "OpenJDK 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example Java application using OpenJDK 8. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat OpenJDK Java 8 based application.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "openjdk18-web-basic-s2i" }, "labels": { "template": "openjdk18-web-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new java application has been created in your project.", "parameters": [ @@ -156,7 +160,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-openjdk18-openshift:1.1" + "name": "redhat-openjdk18-openshift:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-persistent-s2i.json index 293d04d63..9ef04ae71 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + A-MQ + MySQL (Persistent with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-amq-mysql-persistent-s2i" }, "labels": { "template": "processserver64-amq-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using MySQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -543,7 +547,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -996,7 +1000,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-s2i.json index 760940b36..4cb45db42 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-mysql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server AMQ and MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + A-MQ + MySQL (Ephemeral with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-amq-mysql-s2i" }, "labels": { "template": "processserver64-amq-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BPMS application (using MySQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -529,7 +533,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -912,7 +916,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-persistent-s2i.json index 1603bccff..56fefcc0a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + A-MQ + PostgreSQL (Persistent with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-amq-postgresql-persistent-s2i" }, "labels": { "template": "processserver64-amq-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using PostgreSQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -525,7 +529,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -966,7 +970,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-s2i.json index 422f51c11..bb8d2df28 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-amq-postgresql-s2i.json @@ -4,16 +4,21 @@ "metadata": { "annotations": { "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server AMQ and PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + A-MQ + PostgreSQL (Ephemeral with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-amq-postgresql-s2i" }, "labels": { "template": "processserver64-amq-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BPMS application (using PostgreSQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -511,7 +516,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -882,7 +887,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-63:1.0" + "name": "jboss-amq-63:1.2" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-basic-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-basic-s2i.json index 2bf15ff25..1b7cc8cf1 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-basic-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server (no https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-basic-s2i" }, "labels": { "template": "processserver64-basic-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BPMS application has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}.", "parameters": [ @@ -234,7 +238,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-persistent-s2i.json index 4673dfb0d..1a4d0887c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-persistent-s2i.json @@ -4,16 +4,21 @@ "metadata": { "annotations": { "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + MySQL (Persistent with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-mysql-persistent-s2i" }, "labels": { "template": "processserver64-mysql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using MySQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -455,7 +460,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-s2i.json index 9078f20b8..7c491d832 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-mysql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + MySQL (Ephemeral with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-mysql-s2i" }, "labels": { "template": "processserver64-mysql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BPMS application (using MySQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -448,7 +452,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-persistent-s2i.json index 75b6d310e..8965ea41f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + PostgreSQL (Persistent with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-postgresql-persistent-s2i" }, "labels": { "template": "processserver64-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using PostgreSQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -437,7 +441,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-s2i.json index 51923c0ad..e21f0ce4e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver64-postgresql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server + PostgreSQL (Ephemeral with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "processserver64-postgresql-s2i" }, "labels": { "template": "processserver64-postgresql-s2i", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new BPMS application (using PostgreSQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -430,7 +434,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver64-openshift:1.0" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-amq-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-amq-template.json index 8b3cd6ed0..2c1a73a29 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-amq-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-amq-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring Boot, Camel and ActiveMQ QuickStart. This quickstart demonstrates how to connect a Spring-Boot application to an ActiveMQ broker and use JMS messaging between two Camel routes using OpenShift. In this example we will use two containers, one container to run as a ActiveMQ broker, and another as a client to the broker, where the Camel routes are running. This quickstart requires the ActiveMQ broker has been deployed and running first.", + "description": "Spring Boot, Camel and ActiveMQ QuickStart. This quickstart demonstrates how to connect a Spring-Boot application to an ActiveMQ broker and use JMS messaging between two Camel routes using OpenShift. In this example we will use two containers, one container to run as a ActiveMQ broker, and another as a client to the broker, where the Camel routes are running. This quickstart requires the ActiveMQ broker has been deployed and running first, one simple way to run a A-MQ service is following the documentation of the A-MQ xPaaS image for OpenShift related to the amq62-basic template", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-amq-1.0.0.redhat-000055", + "value": "spring-boot-camel-amq-1.0.0.redhat-000064", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -60,7 +60,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000055", + "value": "1.0.0.redhat-000064", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-config-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-config-template.json index bc5bbad22..b62e768b6 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-config-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-config-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring Boot and Camel using ConfigMaps and Secrets. This quickstart demonstrates how to configure a Spring-Boot application using Openshift ConfigMaps and Secrets.", + "description": "Spring Boot and Camel using ConfigMaps and Secrets. This quickstart demonstrates how to configure a Spring-Boot application using OpenShift ConfigMaps and Secrets. This example requires that a ConfigMap named camel-config and a Secret named camel-config are present in the namespace before the application is deployed, instruction about how to manually create them can be found here: https://github.com/fabric8-quickstarts/spring-boot-camel-config/blob/fis-2.0.x.redhat/README.redhat.md ", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-config-1.0.0.redhat-000005", + "value": "spring-boot-camel-config-1.0.0.redhat-000014", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -64,7 +64,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000005", + "value": "1.0.0.redhat-000014", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-drools-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-drools-template.json index e54fa0d59..91081e493 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-drools-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-drools-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring-Boot, Camel and JBoss BRMS QuickStart. This example demonstrates how you can use Apache Camel and JBoss BRMS with Spring Boot on OpenShift. DRL files contain simple rules which are used to create knowledge session via Spring configuration file. Camel routes, defined via Spring as well, are then used to e.g. pass (insert) the Body of the message as a POJO to Drools engine for execution.", + "description": "Spring-Boot, Camel and JBoss BRMS QuickStart. This example demonstrates how you can use Apache Camel and JBoss BRMS with Spring Boot on OpenShift. DRL files contain simple rules which are used to create knowledge session via Spring configuration file. Camel routes, defined via Spring as well, are then used to e.g. pass (insert) the Body of the message as a POJO to Drools engine for execution. A Kie Server should be deployed and configured before running the application, more information about how to configure it can be found at https://github.com/fabric8-quickstarts/spring-boot-camel-drools/blob/fis-2.0.x.redhat/README.redhat.md", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-drools-1.0.0.redhat-000054", + "value": "spring-boot-camel-drools-1.0.0.redhat-000063", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -63,7 +63,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000054", + "value": "1.0.0.redhat-000063", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-infinispan-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-infinispan-template.json index 20ba97dac..8d97400ab 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-infinispan-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-infinispan-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring Boot, Camel and JBoss Data Grid QuickStart. This quickstart demonstrates how to connect a Spring-Boot application to a JBoss Data Grid (or Infinispan) server using the Hot Rod protocol. It requires that the data grid server (or cluster) has been deployed first.", + "description": "Spring Boot, Camel and JBoss Data Grid QuickStart. This quickstart demonstrates how to connect a Spring-Boot application to a JBoss Data Grid (or Infinispan) server using the Hot Rod protocol. It requires that the data grid server (or cluster) has been deployed first, one simple way to run a JDG service is following the documentation of the JDG xPaaS image for OpenShift related to the datagrid65-basic template.", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-infinispan-1.0.0.redhat-000024", + "value": "spring-boot-camel-infinispan-1.0.0.redhat-000033", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -50,7 +50,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000024", + "value": "1.0.0.redhat-000033", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-rest-sql-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-rest-sql-template.json index 555647fab..bf722844c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-rest-sql-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-rest-sql-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring Boot, Camel REST DSL and MySQL QuickStart. This quickstart demonstrates how to connect a Spring Boot application to a MySQL database and expose a REST API with Camel on OpenShift. In this example we will use two containers, one container to run as a MySQL server, and another as a client to the database, where the Camel routes are running. This quickstart requires the MySQL server to be deployed and started first.", + "description": "Spring Boot, Camel REST DSL and MySQL QuickStart. This quickstart demonstrates how to connect a Spring Boot application to a MySQL database and expose a REST API with Camel on OpenShift. In this example we will use two containers, one container to run as a MySQL server, and another as a client to the database, where the Camel routes are running. This quickstart requires the MySQL server to be deployed and started first, one simple way to run a MySQL service is following the documentation of the OpenShift MySQL container image related to the mysql-ephemeral template.", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-rest-sql-1.0.0.redhat-000055", + "value": "spring-boot-camel-rest-sql-1.0.0.redhat-000064", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -72,7 +72,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000055", + "value": "1.0.0.redhat-000064", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-teiid-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-teiid-template.json index cf9a4e903..856264615 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-teiid-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-teiid-template.json @@ -3,7 +3,7 @@ "kind": "Template", "metadata": { "annotations": { - "description": "Spring-Boot, Camel and JBoss Data Virtualization QuickStart. This example demonstrates how to connect Apache Camel to a remote JBoss Data Virtualization (or Teiid) Server using the JDBC protocol.", + "description": "Spring-Boot, Camel and JBoss Data Virtualization QuickStart. This example demonstrates how to connect Apache Camel to a remote JBoss Data Virtualization (or Teiid) Server using the JDBC protocol. This quickstart assumes that the JDV server is already running and configured on OpenShift, more information about to setup a JDV server can be found at https://github.com/fabric8-quickstarts/spring-boot-camel-teiid/blob/fis-2.0.x.redhat/README.redhat.md", "tags": "quickstart,java,springboot,fis", "iconClass": "icon-jboss", "version": "2.0" @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-teiid-1.0.0.redhat-000053", + "value": "spring-boot-camel-teiid-1.0.0.redhat-000062", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -68,7 +68,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000053", + "value": "1.0.0.redhat-000062", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-template.json index c78a96f7c..9c0fe287e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-template.json @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-1.0.0.redhat-000055", + "value": "spring-boot-camel-1.0.0.redhat-000064", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -43,7 +43,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000055", + "value": "1.0.0.redhat-000064", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-xml-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-xml-template.json index 620425902..87c0e347a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-xml-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-camel-xml-template.json @@ -31,7 +31,7 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-camel-xml-1.0.0.redhat-000055", + "value": "spring-boot-camel-xml-1.0.0.redhat-000064", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { @@ -43,7 +43,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000055", + "value": "1.0.0.redhat-000064", "description": "The application version." }, { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxrs-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxrs-template.json index 15cfc93fd..8b0261035 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxrs-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxrs-template.json @@ -31,10 +31,16 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-cxf-jaxrs-1.0.0.redhat-000005", + "value": "spring-boot-cxf-jaxrs-1.0.0.redhat-000014", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "cxf-jaxrs", + "description": "Exposed service name." + }, + { "name": "BUILDER_VERSION", "displayName": "Builder version", "value": "2.0", @@ -43,7 +49,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000005", + "value": "1.0.0.redhat-000014", "description": "The application version." }, { @@ -93,6 +99,59 @@ ], "objects": [ { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}-route" + }, + "spec": { + "to": { + "kind": "Service", + "name": "${SERVICE_NAME}" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + }, + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}" + }, + "spec": { + "clusterIP": "None", + "deprecatedPublicIPs": [], + "ports": [ + { + "port": 9413, + "protocol": "TCP", + "targetPort": 8080 + } + ], + "selector": { + "project": "${APP_NAME}", + "component": "${APP_NAME}", + "provider": "s2i", + "group": "quickstarts" + } + } + }, + { "kind": "ImageStream", "apiVersion": "v1", "metadata": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxws-template.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxws-template.json index c70ee7726..8b36f5f0b 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxws-template.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/spring-boot-cxf-jaxws-template.json @@ -31,10 +31,16 @@ { "name": "GIT_REF", "displayName": "Git Reference", - "value": "spring-boot-cxf-jaxws-1.0.0.redhat-000005", + "value": "spring-boot-cxf-jaxws-1.0.0.redhat-000014", "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." }, { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "cxf-jaxws", + "description": "Exposed service name." + }, + { "name": "BUILDER_VERSION", "displayName": "Builder version", "value": "2.0", @@ -43,7 +49,7 @@ { "name": "APP_VERSION", "displayName": "Application Version", - "value": "1.0.0.redhat-000005", + "value": "1.0.0.redhat-000014", "description": "The application version." }, { @@ -93,6 +99,59 @@ ], "objects": [ { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}-route" + }, + "spec": { + "to": { + "kind": "Service", + "name": "${SERVICE_NAME}" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + }, + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}" + }, + "spec": { + "clusterIP": "None", + "deprecatedPublicIPs": [], + "ports": [ + { + "port": 9414, + "protocol": "TCP", + "targetPort": 8080 + } + ], + "selector": { + "project": "${APP_NAME}", + "component": "${APP_NAME}", + "provider": "s2i", + "group": "quickstarts" + } + } + }, + { "kind": "ImageStream", "apiVersion": "v1", "metadata": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-https.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-https.json index bee86d7c4..26dd26624 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-https.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-https.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.1", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.0.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso71-https" }, "labels": { "template": "sso71-https", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new SSO service has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -316,7 +320,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso71-openshift:1.1" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -379,7 +383,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql-persistent.json index 49b37f348..7092bb65e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql-persistent.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.1 MySQL applications with persistent storage", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.0.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1 + MySQL (Persistent)" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + MySQL", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for MySQL using persistence.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso71-mysql-persistent" }, "labels": { "template": "sso71-mysql-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent SSO service (using MySQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -416,7 +420,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso71-openshift:1.1" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -479,7 +483,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql.json index 634a75bab..d90f0a0cc 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-mysql.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.1 MySQL applications", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.0.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1 + MySQL (Ephemeral)" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + MySQL (Ephemeral)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for MySQL using ephemeral (temporary) storage.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso71-mysql" }, "labels": { "template": "sso71-mysql", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new SSO service (using MySQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -415,7 +419,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso71-openshift:1.1" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -479,7 +483,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql-persistent.json index c53bb9d5b..b1077db91 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql-persistent.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.1 PostgreSQL applications with persistent storage", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.0.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1 + PostgreSQL (Persistent)" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + PostgreSQL", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for PostgreSQL using persistence.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso71-postgresql-persistent" }, "labels": { "template": "sso71-postgresql-persistent", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new persistent SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -398,7 +402,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso71-openshift:1.1" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -461,7 +465,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql.json b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql.json index c1fc41eda..0955d712a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso71-postgresql.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.1 PostgreSQL applications", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.0.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.1 + PostgreSQL (Ephemeral)" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + PostgreSQL (Ephemeral)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for PostgreSQL using ephemeral (temporary) storage.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, "name": "sso71-postgresql" }, "labels": { "template": "sso71-postgresql", - "xpaas": "1.4.0" + "xpaas": "1.4.7" }, "message": "A new SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -397,7 +401,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso71-openshift:1.1" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -461,7 +465,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_cfme/templates/miq-pv-db.yaml.j2 b/roles/openshift_examples/files/examples/v3.8/cfme-templates/cfme-pv-db-example.yaml index 280f3e97a..250a99b8d 100644 --- a/roles/openshift_cfme/templates/miq-pv-db.yaml.j2 +++ b/roles/openshift_examples/files/examples/v3.8/cfme-templates/cfme-pv-db-example.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: miq-pv01 + name: cfme-pv01 spec: capacity: storage: 15Gi accessModes: - ReadWriteOnce nfs: - path: {{ openshift_cfme_nfs_directory }}/miq-pv01 - server: {{ openshift_cfme_nfs_server }} + path: /exports/cfme-pv01 + server: <your-nfs-host-here> persistentVolumeReclaimPolicy: Retain diff --git a/roles/openshift_cfme/templates/miq-pv-region.yaml.j2 b/roles/openshift_examples/files/examples/v3.8/cfme-templates/cfme-pv-region-example.yaml index fe80dffa5..cba9bbe35 100644 --- a/roles/openshift_cfme/templates/miq-pv-region.yaml.j2 +++ b/roles/openshift_examples/files/examples/v3.8/cfme-templates/cfme-pv-region-example.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: miq-pv02 + name: cfme-pv02 spec: capacity: storage: 5Gi accessModes: - ReadWriteOnce nfs: - path: {{ openshift_cfme_nfs_directory }}/miq-pv02 - server: {{ openshift_cfme_nfs_server }} + path: /exports/cfme-pv02 + server: <your-nfs-host-here> persistentVolumeReclaimPolicy: Retain diff --git a/roles/openshift_cfme/templates/miq-pv-server.yaml.j2 b/roles/openshift_examples/files/examples/v3.8/cfme-templates/cfme-pv-server-example.yaml index f84b67ea9..c08c21265 100644 --- a/roles/openshift_cfme/templates/miq-pv-server.yaml.j2 +++ b/roles/openshift_examples/files/examples/v3.8/cfme-templates/cfme-pv-server-example.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: miq-pv03 + name: cfme-pv03 spec: capacity: storage: 5Gi accessModes: - ReadWriteOnce nfs: - path: {{ openshift_cfme_nfs_directory }}/miq-pv03 - server: {{ openshift_cfme_nfs_server }} + path: /exports/cfme-pv03 + server: <your-nfs-host-here> persistentVolumeReclaimPolicy: Retain diff --git a/roles/openshift_examples/files/examples/v3.8/cfme-templates/cfme-template.yaml b/roles/openshift_examples/files/examples/v3.8/cfme-templates/cfme-template.yaml new file mode 100644 index 000000000..3bc6c5813 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/cfme-templates/cfme-template.yaml @@ -0,0 +1,545 @@ +apiVersion: v1 +kind: Template +labels: + template: cloudforms +metadata: + name: cloudforms + annotations: + description: "CloudForms appliance with persistent storage" + tags: "instant-app,cloudforms,cfme" + iconClass: "icon-rails" +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: "Exposes and load balances CloudForms pods" + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"},{"name":"${MEMCACHED_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: ${NAME} + spec: + clusterIP: None + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + name: ${NAME} +- apiVersion: v1 + kind: Route + metadata: + name: ${NAME} + spec: + host: ${APPLICATION_DOMAIN} + port: + targetPort: https + tls: + termination: passthrough + to: + kind: Service + name: ${NAME} +- apiVersion: v1 + kind: ImageStream + metadata: + name: cfme-openshift-app + annotations: + description: "Keeps track of changes in the CloudForms app image" + spec: + dockerImageRepository: "${APPLICATION_IMG_NAME}" +- apiVersion: v1 + kind: ImageStream + metadata: + name: cfme-openshift-postgresql + annotations: + description: "Keeps track of changes in the CloudForms postgresql image" + spec: + dockerImageRepository: "${POSTGRESQL_IMG_NAME}" +- apiVersion: v1 + kind: ImageStream + metadata: + name: cfme-openshift-memcached + annotations: + description: "Keeps track of changes in the CloudForms memcached image" + spec: + dockerImageRepository: "${MEMCACHED_IMG_NAME}" +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: "${NAME}-${DATABASE_SERVICE_NAME}" + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${DATABASE_VOLUME_CAPACITY} +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: "${NAME}-region" + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${APPLICATION_REGION_VOLUME_CAPACITY} +- apiVersion: apps/v1beta1 + kind: "StatefulSet" + metadata: + name: ${NAME} + annotations: + description: "Defines how to deploy the CloudForms appliance" + spec: + serviceName: "${NAME}" + replicas: 1 + template: + metadata: + labels: + name: ${NAME} + name: ${NAME} + spec: + containers: + - name: cloudforms + image: "${APPLICATION_IMG_NAME}:${APPLICATION_IMG_TAG}" + livenessProbe: + tcpSocket: + port: 443 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: / + port: 443 + scheme: HTTPS + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP + securityContext: + privileged: true + volumeMounts: + - + name: "${NAME}-server" + mountPath: "/persistent" + - + name: "${NAME}-region" + mountPath: "/persistent-region" + env: + - + name: "APPLICATION_INIT_DELAY" + value: "${APPLICATION_INIT_DELAY}" + - + name: "DATABASE_SERVICE_NAME" + value: "${DATABASE_SERVICE_NAME}" + - + name: "DATABASE_REGION" + value: "${DATABASE_REGION}" + - + name: "MEMCACHED_SERVICE_NAME" + value: "${MEMCACHED_SERVICE_NAME}" + - + name: "POSTGRESQL_USER" + value: "${DATABASE_USER}" + - + name: "POSTGRESQL_PASSWORD" + value: "${DATABASE_PASSWORD}" + - + name: "POSTGRESQL_DATABASE" + value: "${DATABASE_NAME}" + - + name: "POSTGRESQL_MAX_CONNECTIONS" + value: "${POSTGRESQL_MAX_CONNECTIONS}" + - + name: "POSTGRESQL_SHARED_BUFFERS" + value: "${POSTGRESQL_SHARED_BUFFERS}" + resources: + requests: + memory: "${APPLICATION_MEM_REQ}" + cpu: "${APPLICATION_CPU_REQ}" + limits: + memory: "${APPLICATION_MEM_LIMIT}" + lifecycle: + preStop: + exec: + command: + - /opt/rh/cfme-container-scripts/sync-pv-data + volumes: + - + name: "${NAME}-region" + persistentVolumeClaim: + claimName: ${NAME}-region + volumeClaimTemplates: + - metadata: + name: "${NAME}-server" + annotations: + # Uncomment this if using dynamic volume provisioning. + # https://docs.openshift.org/latest/install_config/persistent_storage/dynamically_provisioning_pvs.html + # volume.alpha.kubernetes.io/storage-class: anything + spec: + accessModes: [ ReadWriteOnce ] + resources: + requests: + storage: "${APPLICATION_VOLUME_CAPACITY}" +- apiVersion: v1 + kind: "Service" + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: "Exposes the memcached server" + spec: + ports: + - + name: "memcached" + port: 11211 + targetPort: 11211 + selector: + name: "${MEMCACHED_SERVICE_NAME}" +- apiVersion: v1 + kind: "DeploymentConfig" + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: "Defines how to deploy memcached" + spec: + strategy: + type: "Recreate" + triggers: + - + type: "ImageChange" + imageChangeParams: + automatic: true + containerNames: + - "memcached" + from: + kind: "ImageStreamTag" + name: "cfme-openshift-memcached:${MEMCACHED_IMG_TAG}" + - + type: "ConfigChange" + replicas: 1 + selector: + name: "${MEMCACHED_SERVICE_NAME}" + template: + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + labels: + name: "${MEMCACHED_SERVICE_NAME}" + spec: + volumes: [] + containers: + - + name: "memcached" + image: "${MEMCACHED_IMG_NAME}:${MEMCACHED_IMG_TAG}" + ports: + - + containerPort: 11211 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + tcpSocket: + port: 11211 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + tcpSocket: + port: 11211 + volumeMounts: [] + env: + - + name: "MEMCACHED_MAX_MEMORY" + value: "${MEMCACHED_MAX_MEMORY}" + - + name: "MEMCACHED_MAX_CONNECTIONS" + value: "${MEMCACHED_MAX_CONNECTIONS}" + - + name: "MEMCACHED_SLAB_PAGE_SIZE" + value: "${MEMCACHED_SLAB_PAGE_SIZE}" + resources: + requests: + memory: "${MEMCACHED_MEM_REQ}" + cpu: "${MEMCACHED_CPU_REQ}" + limits: + memory: "${MEMCACHED_MEM_LIMIT}" +- apiVersion: v1 + kind: "Service" + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: "Exposes the database server" + spec: + ports: + - + name: "postgresql" + port: 5432 + targetPort: 5432 + selector: + name: "${DATABASE_SERVICE_NAME}" +- apiVersion: v1 + kind: "DeploymentConfig" + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: "Defines how to deploy the database" + spec: + strategy: + type: "Recreate" + triggers: + - + type: "ImageChange" + imageChangeParams: + automatic: true + containerNames: + - "postgresql" + from: + kind: "ImageStreamTag" + name: "cfme-openshift-postgresql:${POSTGRESQL_IMG_TAG}" + - + type: "ConfigChange" + replicas: 1 + selector: + name: "${DATABASE_SERVICE_NAME}" + template: + metadata: + name: "${DATABASE_SERVICE_NAME}" + labels: + name: "${DATABASE_SERVICE_NAME}" + spec: + volumes: + - + name: "cfme-pgdb-volume" + persistentVolumeClaim: + claimName: "${NAME}-${DATABASE_SERVICE_NAME}" + containers: + - + name: "postgresql" + image: "${POSTGRESQL_IMG_NAME}:${POSTGRESQL_IMG_TAG}" + ports: + - + containerPort: 5432 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 15 + exec: + command: + - "/bin/sh" + - "-i" + - "-c" + - "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'" + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 60 + tcpSocket: + port: 5432 + volumeMounts: + - + name: "cfme-pgdb-volume" + mountPath: "/var/lib/pgsql/data" + env: + - + name: "POSTGRESQL_USER" + value: "${DATABASE_USER}" + - + name: "POSTGRESQL_PASSWORD" + value: "${DATABASE_PASSWORD}" + - + name: "POSTGRESQL_DATABASE" + value: "${DATABASE_NAME}" + - + name: "POSTGRESQL_MAX_CONNECTIONS" + value: "${POSTGRESQL_MAX_CONNECTIONS}" + - + name: "POSTGRESQL_SHARED_BUFFERS" + value: "${POSTGRESQL_SHARED_BUFFERS}" + resources: + requests: + memory: "${POSTGRESQL_MEM_REQ}" + cpu: "${POSTGRESQL_CPU_REQ}" + limits: + memory: "${POSTGRESQL_MEM_LIMIT}" + +parameters: + - + name: "NAME" + displayName: Name + required: true + description: "The name assigned to all of the frontend objects defined in this template." + value: cloudforms + - + name: "DATABASE_SERVICE_NAME" + displayName: "PostgreSQL Service Name" + required: true + description: "The name of the OpenShift Service exposed for the PostgreSQL container." + value: "postgresql" + - + name: "DATABASE_USER" + displayName: "PostgreSQL User" + required: true + description: "PostgreSQL user that will access the database." + value: "root" + - + name: "DATABASE_PASSWORD" + displayName: "PostgreSQL Password" + required: true + description: "Password for the PostgreSQL user." + value: "smartvm" + - + name: "DATABASE_NAME" + required: true + displayName: "PostgreSQL Database Name" + description: "Name of the PostgreSQL database accessed." + value: "vmdb_production" + - + name: "DATABASE_REGION" + required: true + displayName: "Application Database Region" + description: "Database region that will be used for application." + value: "0" + - + name: "MEMCACHED_SERVICE_NAME" + required: true + displayName: "Memcached Service Name" + description: "The name of the OpenShift Service exposed for the Memcached container." + value: "memcached" + - + name: "MEMCACHED_MAX_MEMORY" + displayName: "Memcached Max Memory" + description: "Memcached maximum memory for memcached object storage in MB." + value: "64" + - + name: "MEMCACHED_MAX_CONNECTIONS" + displayName: "Memcached Max Connections" + description: "Memcached maximum number of connections allowed." + value: "1024" + - + name: "MEMCACHED_SLAB_PAGE_SIZE" + displayName: "Memcached Slab Page Size" + description: "Memcached size of each slab page." + value: "1m" + - + name: "POSTGRESQL_MAX_CONNECTIONS" + displayName: "PostgreSQL Max Connections" + description: "PostgreSQL maximum number of database connections allowed." + value: "100" + - + name: "POSTGRESQL_SHARED_BUFFERS" + displayName: "PostgreSQL Shared Buffer Amount" + description: "Amount of memory dedicated for PostgreSQL shared memory buffers." + value: "256MB" + - + name: "APPLICATION_CPU_REQ" + displayName: "Application Min CPU Requested" + required: true + description: "Minimum amount of CPU time the Application container will need (expressed in millicores)." + value: "1000m" + - + name: "POSTGRESQL_CPU_REQ" + displayName: "PostgreSQL Min CPU Requested" + required: true + description: "Minimum amount of CPU time the PostgreSQL container will need (expressed in millicores)." + value: "500m" + - + name: "MEMCACHED_CPU_REQ" + displayName: "Memcached Min CPU Requested" + required: true + description: "Minimum amount of CPU time the Memcached container will need (expressed in millicores)." + value: "200m" + - + name: "APPLICATION_MEM_REQ" + displayName: "Application Min RAM Requested" + required: true + description: "Minimum amount of memory the Application container will need." + value: "6144Mi" + - + name: "POSTGRESQL_MEM_REQ" + displayName: "PostgreSQL Min RAM Requested" + required: true + description: "Minimum amount of memory the PostgreSQL container will need." + value: "1024Mi" + - + name: "MEMCACHED_MEM_REQ" + displayName: "Memcached Min RAM Requested" + required: true + description: "Minimum amount of memory the Memcached container will need." + value: "64Mi" + - + name: "APPLICATION_MEM_LIMIT" + displayName: "Application Max RAM Limit" + required: true + description: "Maximum amount of memory the Application container can consume." + value: "16384Mi" + - + name: "POSTGRESQL_MEM_LIMIT" + displayName: "PostgreSQL Max RAM Limit" + required: true + description: "Maximum amount of memory the PostgreSQL container can consume." + value: "8192Mi" + - + name: "MEMCACHED_MEM_LIMIT" + displayName: "Memcached Max RAM Limit" + required: true + description: "Maximum amount of memory the Memcached container can consume." + value: "256Mi" + - + name: "POSTGRESQL_IMG_NAME" + displayName: "PostgreSQL Image Name" + description: "This is the PostgreSQL image name requested to deploy." + value: "registry.access.redhat.com/cloudforms45/cfme-openshift-postgresql" + - + name: "POSTGRESQL_IMG_TAG" + displayName: "PostgreSQL Image Tag" + description: "This is the PostgreSQL image tag/version requested to deploy." + value: "latest" + - + name: "MEMCACHED_IMG_NAME" + displayName: "Memcached Image Name" + description: "This is the Memcached image name requested to deploy." + value: "registry.access.redhat.com/cloudforms45/cfme-openshift-memcached" + - + name: "MEMCACHED_IMG_TAG" + displayName: "Memcached Image Tag" + description: "This is the Memcached image tag/version requested to deploy." + value: "latest" + - + name: "APPLICATION_IMG_NAME" + displayName: "Application Image Name" + description: "This is the Application image name requested to deploy." + value: "registry.access.redhat.com/cloudforms45/cfme-openshift-app" + - + name: "APPLICATION_IMG_TAG" + displayName: "Application Image Tag" + description: "This is the Application image tag/version requested to deploy." + value: "latest" + - + name: "APPLICATION_DOMAIN" + displayName: "Application Hostname" + description: "The exposed hostname that will route to the application service, if left blank a value will be defaulted." + value: "" + - + name: "APPLICATION_INIT_DELAY" + displayName: "Application Init Delay" + required: true + description: "Delay in seconds before we attempt to initialize the application." + value: "15" + - + name: "APPLICATION_VOLUME_CAPACITY" + displayName: "Application Volume Capacity" + required: true + description: "Volume space available for application data." + value: "5Gi" + - + name: "APPLICATION_REGION_VOLUME_CAPACITY" + displayName: "Application Region Volume Capacity" + required: true + description: "Volume space available for region application data." + value: "5Gi" + - + name: "DATABASE_VOLUME_CAPACITY" + displayName: "Database Volume Capacity" + required: true + description: "Volume space available for database." + value: "15Gi" diff --git a/roles/openshift_examples/files/examples/v3.8/cfme-templates/jboss-middleware-manager-pv-example.yaml b/roles/openshift_examples/files/examples/v3.8/cfme-templates/jboss-middleware-manager-pv-example.yaml new file mode 100644 index 000000000..240f6cbdf --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/cfme-templates/jboss-middleware-manager-pv-example.yaml @@ -0,0 +1,58 @@ +# +# Copyright 2016-2017 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: v1 +kind: Template +parameters: +- name: HAWKULAR_SERVICES_DATA_LIMIT + description: Maximum amount data used by hawkular-services container (mostly logging) + displayName: Hawkular Services Container Data Limit + value: 1Gi +- name: CASSANDRA_DATA_LIMIT + description: Maximum amount data used by Cassandra container + displayName: Cassandra Container Data Limit + value: 2Gi + +objects: +- apiVersion: v1 + kind: PersistentVolume + metadata: + name: h-services-pv + labels: + type: h-services + spec: + capacity: + storage: ${HAWKULAR_SERVICES_DATA_LIMIT} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /tmp/pv-services +- apiVersion: v1 + kind: PersistentVolume + metadata: + name: cassandra-pv + labels: + type: cassandra + spec: + capacity: + storage: ${CASSANDRA_DATA_LIMIT} + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /tmp/pv-cassandra diff --git a/roles/openshift_examples/files/examples/v3.8/cfme-templates/jboss-middleware-manager-template.yaml b/roles/openshift_examples/files/examples/v3.8/cfme-templates/jboss-middleware-manager-template.yaml new file mode 100644 index 000000000..bbc0c7044 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/cfme-templates/jboss-middleware-manager-template.yaml @@ -0,0 +1,254 @@ +# +# Copyright 2016-2017 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apiVersion: v1 +kind: Template +metadata: + name: hawkular-services + annotations: + openshift.io/display-name: Hawkular Services + description: Hawkular-Services all-in-one (including Hawkular Metrics, Hawkular Alerts and Hawkular Inventory). + iconClass: icon-wildfly + tags: hawkular,hawkular-services,metrics,alerts,manageiq,cassandra + +parameters: +- name: HAWKULAR_SERVICES_IMAGE + description: What docker image should be used for hawkular-services. + displayName: Hawkular Services Docker Image + value: registry.access.redhat.com/jboss-mm-7-tech-preview/middleware-manager:latest +- name: CASSANDRA_IMAGE + description: What docker image should be used for cassandra node. + displayName: Cassandra Docker Image + value: registry.access.redhat.com/openshift3/metrics-cassandra:3.5.0 +- name: CASSANDRA_MEMORY_LIMIT + description: Maximum amount of memory for Cassandra container. + displayName: Cassandra Memory Limit + value: 2Gi +- name: CASSANDRA_DATA_LIMIT + description: Maximum amount data used by Cassandra container. + displayName: Cassandra Container Data Limit + value: 2Gi +- name: HAWKULAR_SERVICES_DATA_LIMIT + description: Maximum amount data used by hawkular-services container (mostly logging). + displayName: Hawkular Services Container Data Limit + value: 1Gi +- name: ROUTE_NAME + description: Public route with this name will be created. + displayName: Route Name + value: hawkular-services +- name: ROUTE_HOSTNAME + description: Under this hostname the Hawkular Services will be accessible, if left blank a value will be defaulted. + displayName: Hostname +- name: HAWKULAR_USER + description: Username that is used for accessing the Hawkular Services, if left blank a value will be generated. + displayName: Hawkular User + from: '[a-zA-Z0-9]{16}' + generate: expression +- name: HAWKULAR_PASSWORD + description: Password that is used for accessing the Hawkular Services, if left blank a value will be generated. + displayName: Hawkular Password + from: '[a-zA-Z0-9]{16}' + generate: expression +labels: + template: hawkular-services +message: Credentials for hawkular-services are ${HAWKULAR_USER}:${HAWKULAR_PASSWORD} + +objects: +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Exposes and load balances the application pods + service.alpha.openshift.io/dependencies: '[{"name":"hawkular-cassandra","namespace":"","kind":"Service"}]' + name: hawkular-services + spec: + ports: + - name: http-8080-tcp + port: 8080 + protocol: TCP + targetPort: 8080 + - name: admin-9990-tcp + port: 9990 + protocol: TCP + targetPort: 9990 + selector: + name: hawkular-services + type: ClusterIP +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Cassandra Service + name: hawkular-cassandra + spec: + ports: + - name: cql-9042-tcp + port: 9042 + protocol: TCP + targetPort: 9042 + selector: + name: hawkular-cassandra +- apiVersion: v1 + kind: Route + metadata: + name: ${ROUTE_NAME} + spec: + host: ${ROUTE_HOSTNAME} + to: + kind: Service + name: hawkular-services + port: + targetPort: http-8080-tcp + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + annotations: + description: Defines how to deploy the application server + name: hawkular-services + spec: + replicas: 1 + selector: + name: hawkular-services + strategy: + type: Rolling + template: + metadata: + labels: + name: hawkular-services + spec: + containers: + - image: ${HAWKULAR_SERVICES_IMAGE} + env: + - name: HAWKULAR_BACKEND + value: remote + - name: CASSANDRA_NODES + value: hawkular-cassandra + - name: HAWKULAR_USER + value: ${HAWKULAR_USER} + - name: HAWKULAR_PASSWORD + value: ${HAWKULAR_PASSWORD} + imagePullPolicy: IfNotPresent + name: hawkular-services + volumeMounts: + - name: h-services-data + mountPath: /var/opt/hawkular + ports: + - containerPort: 8080 + - containerPort: 9990 + livenessProbe: + exec: + command: + - /opt/hawkular/bin/ready.sh + initialDelaySeconds: 180 + timeoutSeconds: 3 + readinessProbe: + exec: + command: + - /opt/hawkular/bin/ready.sh + initialDelaySeconds: 120 + timeoutSeconds: 3 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 12 + resources: + requests: + memory: 1024Mi + cpu: 2000m + dnsPolicy: ClusterFirst + restartPolicy: Always + volumes: + - name: h-services-data + persistentVolumeClaim: + claimName: h-services-pvc + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + annotations: + description: Defines how to deploy the cassandra + name: hawkular-cassandra + spec: + replicas: 1 + selector: + name: hawkular-cassandra + strategy: + type: Recreate + rollingParams: + timeoutSeconds: 300 + template: + metadata: + labels: + name: hawkular-cassandra + spec: + containers: + - image: ${CASSANDRA_IMAGE} + imagePullPolicy: Always + name: hawkular-cassandra + env: + - name: DATA_VOLUME + value: /var/lib/cassandra + volumeMounts: + - name: cassandra-data + mountPath: /var/lib/cassandra + ports: + - containerPort: 9042 + - containerPort: 9160 + readinessProbe: + exec: + command: ['nodetool', 'status'] + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + livenessProbe: + exec: + command: ['nodetool', 'status'] + initialDelaySeconds: 300 + timeoutSeconds: 10 + periodSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + resources: + limits: + memory: ${CASSANDRA_MEMORY_LIMIT} + volumes: + - name: cassandra-data + persistentVolumeClaim: + claimName: cassandra-pvc + +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: h-services-pvc + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: cassandra-pvc + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/OWNERS b/roles/openshift_examples/files/examples/v3.8/db-templates/OWNERS new file mode 100644 index 000000000..cbdc20f41 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/OWNERS @@ -0,0 +1,12 @@ +reviewers: + - bparees + - gabemontero + - mfojtik + - dinhxuanvu + - jim-minter + - spadgett +approvers: + - bparees + - mfojtik + - spadgett + - jupierce diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/README.md b/roles/openshift_examples/files/examples/v3.8/db-templates/README.md new file mode 100644 index 000000000..a36d7ba7d --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/README.md @@ -0,0 +1,76 @@ +OpenShift 3 Database Examples +============================= + +This directory contains example JSON templates to deploy databases in OpenShift. +They can be used to immediately instantiate a database and expose it as a +service in the current project, or to add a template that can be later used from +the Web Console or the CLI. + +The examples can also be tweaked to create new templates. + + +## Ephemeral vs. Persistent + +For each supported database, there are two template files. + +Files named `*-ephemeral-template.json` use +"[emptyDir](https://docs.openshift.org/latest/dev_guide/volumes.html)" volumes +for data storage, which means that data is lost after a pod restart. +This is tolerable for experimenting, but not suitable for production use. + +The other templates, named `*-persistent-template.json`, use [persistent volume +claims](https://docs.openshift.org/latest/architecture/additional_concepts/storage.html#persistent-volume-claims) +to request persistent storage provided by [persistent +volumes](https://docs.openshift.org/latest/architecture/additional_concepts/storage.html#persistent-volumes), +that must have been created upfront. + + +## Usage + +### Instantiating a new database service + +Use these instructions if you want to quickly deploy a new database service in +your current project. Instantiate a new database service with this command: + + $ oc new-app /path/to/template.json + +Replace `/path/to/template.json` with an appropriate path, that can be either a +local path or an URL. Example: + + $ oc new-app https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json + +The parameters listed in the output above can be tweaked by specifying values in +the command line with the `-p` option: + + $ oc new-app examples/db-templates/mongodb-ephemeral-template.json -p DATABASE_SERVICE_NAME=mydb -p MONGODB_USER=default + +Note that the persistent template requires an existing persistent volume, +otherwise the deployment won't ever succeed. + + +### Adding a database as a template + +Use these instructions if, instead of instantiating a service right away, you +want to load the template into an OpenShift project so that it can be used +later. Create the template with this command: + + $ oc create -f /path/to/template.json + +Replace `/path/to/template.json` with an appropriate path, that can be either a +local path or an URL. Example: + + $ oc create -f https://raw.githubusercontent.com/openshift/origin/master/examples/db-templates/mongodb-ephemeral-template.json + template "mongodb-ephemeral" created + +The new template is now available to use in the Web Console or with `oc +new-app`. + + +## More information + +The usage of each supported database image is further documented in the links +below: + +- [MySQL](https://docs.openshift.org/latest/using_images/db_images/mysql.html) +- [PostgreSQL](https://docs.openshift.org/latest/using_images/db_images/postgresql.html) +- [MongoDB](https://docs.openshift.org/latest/using_images/db_images/mongodb.html) diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/mariadb-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.8/db-templates/mariadb-ephemeral-template.json new file mode 100644 index 000000000..5e7585eeb --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/mariadb-ephemeral-template.json @@ -0,0 +1,247 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-ephemeral", + "annotations": { + "openshift.io/display-name": "MariaDB (Ephemeral)", + "description": "MariaDB database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-mariadb", + "tags": "database,mariadb", + "openshift.io/long-description": "This template provides a standalone MariaDB server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.", + "labels": { + "template": "mariadb-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-username": "{.data['database-user']}", + "template.openshift.io/expose-password": "{.data['database-password']}", + "template.openshift.io/expose-root_password": "{.data['database-root-password']}", + "template.openshift.io/expose-database_name": "{.data['database-name']}" + } + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}", + "database-name" : "${MYSQL_DATABASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "mysql://{.spec.clusterIP}:{.spec.ports[?(.name==\"mariadb\")].port}" + } + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-name" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MariaDB root Password", + "description": "Password for the MariaDB root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/mariadb-persistent-template.json b/roles/openshift_examples/files/examples/v3.8/db-templates/mariadb-persistent-template.json new file mode 100644 index 000000000..217ef11dd --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/mariadb-persistent-template.json @@ -0,0 +1,271 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mariadb-persistent", + "annotations": { + "openshift.io/display-name": "MariaDB (Persistent)", + "description": "MariaDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-mariadb", + "tags": "database,mariadb", + "openshift.io/long-description": "This template provides a standalone MariaDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/blob/master/10.1/README.md.", + "labels": { + "template": "mariadb-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-username": "{.data['database-user']}", + "template.openshift.io/expose-password": "{.data['database-password']}", + "template.openshift.io/expose-root_password": "{.data['database-root-password']}", + "template.openshift.io/expose-database_name": "{.data['database-name']}" + } + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}", + "database-name" : "${MYSQL_DATABASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "mysql://{.spec.clusterIP}:{.spec.ports[?(.name==\"mariadb\")].port}" + } + }, + "spec": { + "ports": [ + { + "name": "mariadb", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mariadb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mariadb:10.1", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mariadb", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-name" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mariadb", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MariaDB Connection Username", + "description": "Username for MariaDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MariaDB Connection Password", + "description": "Password for the MariaDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MariaDB root Password", + "description": "Password for the MariaDB root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MariaDB Database Name", + "description": "Name of the MariaDB database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/mongodb-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.8/db-templates/mongodb-ephemeral-template.json new file mode 100644 index 000000000..10f202c59 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/mongodb-ephemeral-template.json @@ -0,0 +1,272 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mongodb-ephemeral", + "annotations": { + "openshift.io/display-name": "MongoDB (Ephemeral)", + "description": "MongoDB database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-mongodb", + "tags": "database,mongodb", + "openshift.io/long-description": "This template provides a standalone MongoDB server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mongodb.html", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MONGODB_USER}\n Password: ${MONGODB_PASSWORD}\n Database Name: ${MONGODB_DATABASE}\n Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.", + "labels": { + "template": "mongodb-ephemeral-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-username": "{.data['database-user']}", + "template.openshift.io/expose-password": "{.data['database-password']}", + "template.openshift.io/expose-admin_password": "{.data['database-admin-password']}", + "template.openshift.io/expose-database_name": "{.data['database-name']}" + } + }, + "stringData" : { + "database-user" : "${MONGODB_USER}", + "database-password" : "${MONGODB_PASSWORD}", + "database-admin-password" : "${MONGODB_ADMIN_PASSWORD}", + "database-name" : "${MONGODB_DATABASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "mongodb://{.spec.clusterIP}:{.spec.ports[?(.name==\"mongo\")].port}" + } + }, + "spec": { + "ports": [ + { + "name": "mongo", + "protocol": "TCP", + "port": 27017, + "targetPort": 27017, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mongodb:${MONGODB_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mongodb", + "image": " ", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 3, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 27017 + } + }, + "env": [ + { + "name": "MONGODB_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MONGODB_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-admin-password" + } + } + }, + { + "name": "MONGODB_DATABASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-name" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mongodb/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mongodb", + "required": true + }, + { + "name": "MONGODB_USER", + "displayName": "MongoDB Connection Username", + "description": "Username for MongoDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MONGODB_PASSWORD", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MONGODB_DATABASE", + "displayName": "MongoDB Database Name", + "description": "Name of the MongoDB database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "displayName": "MongoDB Admin Password", + "description": "Password for the database admin user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MONGODB_VERSION", + "displayName": "Version of MongoDB Image", + "description": "Version of MongoDB image to be used (2.4, 2.6, 3.2 or latest).", + "value": "3.2", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/mongodb-persistent-template.json b/roles/openshift_examples/files/examples/v3.8/db-templates/mongodb-persistent-template.json new file mode 100644 index 000000000..97e4128a4 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/mongodb-persistent-template.json @@ -0,0 +1,296 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mongodb-persistent", + "annotations": { + "openshift.io/display-name": "MongoDB (Persistent)", + "description": "MongoDB database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-mongodb", + "tags": "database,mongodb", + "openshift.io/long-description": "This template provides a standalone MongoDB server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mongodb.html", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MONGODB_USER}\n Password: ${MONGODB_PASSWORD}\n Database Name: ${MONGODB_DATABASE}\n Connection URL: mongodb://${MONGODB_USER}:${MONGODB_PASSWORD}@${DATABASE_SERVICE_NAME}/${MONGODB_DATABASE}\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/blob/master/3.2/README.md.", + "labels": { + "template": "mongodb-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-username": "{.data['database-user']}", + "template.openshift.io/expose-password": "{.data['database-password']}", + "template.openshift.io/expose-admin_password": "{.data['database-admin-password']}", + "template.openshift.io/expose-database_name": "{.data['database-name']}" + } + }, + "stringData" : { + "database-user" : "${MONGODB_USER}", + "database-password" : "${MONGODB_PASSWORD}", + "database-admin-password" : "${MONGODB_ADMIN_PASSWORD}", + "database-name" : "${MONGODB_DATABASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "mongodb://{.spec.clusterIP}:{.spec.ports[?(.name==\"mongo\")].port}" + } + }, + "spec": { + "ports": [ + { + "name": "mongo", + "protocol": "TCP", + "port": 27017, + "targetPort": 27017, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mongodb:${MONGODB_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mongodb", + "image": " ", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 3, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\""] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 27017 + } + }, + "env": [ + { + "name": "MONGODB_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MONGODB_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-admin-password" + } + } + }, + { + "name": "MONGODB_DATABASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-name" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mongodb/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mongodb", + "required": true + }, + { + "name": "MONGODB_USER", + "displayName": "MongoDB Connection Username", + "description": "Username for MongoDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MONGODB_PASSWORD", + "displayName": "MongoDB Connection Password", + "description": "Password for the MongoDB connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MONGODB_DATABASE", + "displayName": "MongoDB Database Name", + "description": "Name of the MongoDB database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "displayName": "MongoDB Admin Password", + "description": "Password for the database admin user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "MONGODB_VERSION", + "displayName": "Version of MongoDB Image", + "description": "Version of MongoDB image to be used (2.4, 2.6, 3.2 or latest).", + "value": "3.2", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/mysql-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.8/db-templates/mysql-ephemeral-template.json new file mode 100644 index 000000000..c0946416d --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/mysql-ephemeral-template.json @@ -0,0 +1,273 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mysql-ephemeral", + "annotations": { + "openshift.io/display-name": "MySQL (Ephemeral)", + "description": "MySQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-mysql-database", + "tags": "database,mysql", + "openshift.io/long-description": "This template provides a standalone MySQL server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mysql.html", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", + "labels": { + "template": "mysql-ephemeral-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-username": "{.data['database-user']}", + "template.openshift.io/expose-password": "{.data['database-password']}", + "template.openshift.io/expose-root_password": "{.data['database-root-password']}", + "template.openshift.io/expose-database_name": "{.data['database-name']}" + } + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}", + "database-name" : "${MYSQL_DATABASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "mysql://{.spec.clusterIP}:{.spec.ports[?(.name==\"mysql\")].port}" + } + }, + "spec": { + "ports": [ + { + "name": "mysql", + "protocol": "TCP", + "port": 3306, + "targetPort": 3306, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mysql" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mysql:${MYSQL_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mysql", + "image": " ", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-name" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mysql", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MySQL Connection Username", + "description": "Username for MySQL user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MySQL root user Password", + "description": "Password for the MySQL root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MySQL Database Name", + "description": "Name of the MySQL database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "MYSQL_VERSION", + "displayName": "Version of MySQL Image", + "description": "Version of MySQL image to be used (5.5, 5.6, 5.7, or latest).", + "value": "5.7", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/mysql-persistent-template.json b/roles/openshift_examples/files/examples/v3.8/db-templates/mysql-persistent-template.json new file mode 100644 index 000000000..48ac114fd --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/mysql-persistent-template.json @@ -0,0 +1,278 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "mysql-persistent", + "annotations": { + "openshift.io/display-name": "MySQL (Persistent)", + "description": "MySQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-mysql-database", + "tags": "database,mysql", + "openshift.io/long-description": "This template provides a standalone MySQL server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/mysql.html", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${MYSQL_USER}\n Password: ${MYSQL_PASSWORD}\n Database Name: ${MYSQL_DATABASE}\n Connection URL: mysql://${DATABASE_SERVICE_NAME}:3306/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/mysql-container/blob/master/5.7/README.md.", + "labels": { + "template": "mysql-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-username": "{.data['database-user']}", + "template.openshift.io/expose-password": "{.data['database-password']}", + "template.openshift.io/expose-root_password": "{.data['database-root-password']}", + "template.openshift.io/expose-database_name": "{.data['database-name']}" + } + }, + "stringData" : { + "database-user" : "${MYSQL_USER}", + "database-password" : "${MYSQL_PASSWORD}", + "database-root-password" : "${MYSQL_ROOT_PASSWORD}", + "database-name" : "${MYSQL_DATABASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "mysql://{.spec.clusterIP}:{.spec.ports[?(.name==\"mysql\")].port}" + } + }, + "spec": { + "ports": [ + { + "name": "mysql", + "port": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mysql" + ], + "from": { + "kind": "ImageStreamTag", + "name": "mysql:${MYSQL_VERSION}", + "namespace": "${NAMESPACE}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mysql", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-root-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-name" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "mysql", + "required": true + }, + { + "name": "MYSQL_USER", + "displayName": "MySQL Connection Username", + "description": "Username for MySQL user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MySQL Connection Password", + "description": "Password for the MySQL connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MySQL root user Password", + "description": "Password for the MySQL root user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MySQL Database Name", + "description": "Name of the MySQL database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "MYSQL_VERSION", + "displayName": "Version of MySQL Image", + "description": "Version of MySQL image to be used (5.5, 5.6, 5.7, or latest).", + "value": "5.7", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/postgresql-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.8/db-templates/postgresql-ephemeral-template.json new file mode 100644 index 000000000..7c419f1ae --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/postgresql-ephemeral-template.json @@ -0,0 +1,253 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "postgresql-ephemeral", + "annotations": { + "openshift.io/display-name": "PostgreSQL (Ephemeral)", + "description": "PostgreSQL database service, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-postgresql", + "tags": "database,postgresql", + "openshift.io/long-description": "This template provides a standalone PostgreSQL server with a database created. The database is not stored on persistent storage, so any restart of the service will result in all data being lost. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/postgresql.html", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${POSTGRESQL_USER}\n Password: ${POSTGRESQL_PASSWORD}\n Database Name: ${POSTGRESQL_DATABASE}\n Connection URL: postgresql://${DATABASE_SERVICE_NAME}:5432/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.", + "labels": { + "template": "postgresql-ephemeral-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-username": "{.data['database-user']}", + "template.openshift.io/expose-password": "{.data['database-password']}", + "template.openshift.io/expose-database_name": "{.data['database-name']}" + } + }, + "stringData" : { + "database-user" : "${POSTGRESQL_USER}", + "database-password" : "${POSTGRESQL_PASSWORD}", + "database-name" : "${POSTGRESQL_DATABASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "postgres://{.spec.clusterIP}:{.spec.ports[?(.name==\"postgresql\")].port}" + } + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "protocol": "TCP", + "port": 5432, + "targetPort": 5432, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "name": "postgresql:${POSTGRESQL_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "env": [ + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-name" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "postgresql", + "required": true + }, + { + "name": "POSTGRESQL_USER", + "displayName": "PostgreSQL Connection Username", + "description": "Username for PostgreSQL user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "POSTGRESQL_PASSWORD", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "POSTGRESQL_DATABASE", + "displayName": "PostgreSQL Database Name", + "description": "Name of the PostgreSQL database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "POSTGRESQL_VERSION", + "displayName": "Version of PostgreSQL Image", + "description": "Version of PostgreSQL image to be used (9.2, 9.4, 9.5 or latest).", + "value": "9.5", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/postgresql-persistent-template.json b/roles/openshift_examples/files/examples/v3.8/db-templates/postgresql-persistent-template.json new file mode 100644 index 000000000..8a2d23907 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/postgresql-persistent-template.json @@ -0,0 +1,277 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "postgresql-persistent", + "annotations": { + "openshift.io/display-name": "PostgreSQL (Persistent)", + "description": "PostgreSQL database service, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.\n\nNOTE: Scaling to more than one replica is not supported. You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-postgresql", + "tags": "database,postgresql", + "openshift.io/long-description": "This template provides a standalone PostgreSQL server with a database created. The database is stored on persistent storage. The database name, username, and password are chosen via parameters when provisioning this service.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/db_images/postgresql.html", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Username: ${POSTGRESQL_USER}\n Password: ${POSTGRESQL_PASSWORD}\n Database Name: ${POSTGRESQL_DATABASE}\n Connection URL: postgresql://${DATABASE_SERVICE_NAME}:5432/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/blob/master/9.5.", + "labels": { + "template": "postgresql-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-username": "{.data['database-user']}", + "template.openshift.io/expose-password": "{.data['database-password']}", + "template.openshift.io/expose-database_name": "{.data['database-name']}" + } + }, + "stringData" : { + "database-user" : "${POSTGRESQL_USER}", + "database-password" : "${POSTGRESQL_PASSWORD}", + "database-name" : "${POSTGRESQL_DATABASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "postgres://{.spec.clusterIP}:{.spec.ports[?(.name==\"postgresql\")].port}" + } + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "protocol": "TCP", + "port": 5432, + "targetPort": 5432, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "name": "postgresql:${POSTGRESQL_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "env": [ + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-user" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-name" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "postgresql", + "required": true + }, + { + "name": "POSTGRESQL_USER", + "displayName": "PostgreSQL Connection Username", + "description": "Username for PostgreSQL user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}", + "required": true + }, + { + "name": "POSTGRESQL_PASSWORD", + "displayName": "PostgreSQL Connection Password", + "description": "Password for the PostgreSQL connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "POSTGRESQL_DATABASE", + "displayName": "PostgreSQL Database Name", + "description": "Name of the PostgreSQL database accessed.", + "value": "sampledb", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "POSTGRESQL_VERSION", + "displayName": "Version of PostgreSQL Image", + "description": "Version of PostgreSQL image to be used (9.2, 9.4, 9.5 or latest).", + "value": "9.5", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/redis-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.8/db-templates/redis-ephemeral-template.json new file mode 100644 index 000000000..ee60af9db --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/redis-ephemeral-template.json @@ -0,0 +1,216 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "redis-ephemeral", + "annotations": { + "openshift.io/display-name": "Redis (Ephemeral)", + "description": "Redis in-memory data structure store, without persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing", + "iconClass": "icon-redis", + "tags": "database,redis", + "openshift.io/long-description": "This template provides a standalone Redis server. The data is not stored on persistent storage, so any restart of the service will result in all data being lost.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/redis-container/tree/master/3.2", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Password: ${REDIS_PASSWORD}\n Connection URL: redis://${DATABASE_SERVICE_NAME}:6379/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.", + "labels": { + "template": "redis-ephemeral-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-password": "{.data['database-password']}" + } + }, + "stringData" : { + "database-password" : "${REDIS_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "redis://{.spec.clusterIP}:{.spec.ports[?(.name==\"redis\")].port}" + } + }, + "spec": { + "ports": [ + { + "name": "redis", + "protocol": "TCP", + "port": 6379, + "targetPort": 6379, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "redis" + ], + "from": { + "kind": "ImageStreamTag", + "name": "redis:${REDIS_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "redis", + "image": " ", + "ports": [ + { + "containerPort": 6379, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "test \"$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)\" == \"PONG\""] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 6379 + } + }, + "env": [ + { + "name": "REDIS_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/redis/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "redis", + "required": true + }, + { + "name": "REDIS_PASSWORD", + "displayName": "Redis Connection Password", + "description": "Password for the Redis connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "REDIS_VERSION", + "displayName": "Version of Redis Image", + "description": "Version of Redis image to be used (3.2 or latest).", + "value": "3.2", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/db-templates/redis-persistent-template.json b/roles/openshift_examples/files/examples/v3.8/db-templates/redis-persistent-template.json new file mode 100644 index 000000000..e0e0a88d5 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/db-templates/redis-persistent-template.json @@ -0,0 +1,240 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "redis-persistent", + "annotations": { + "openshift.io/display-name": "Redis (Persistent)", + "description": "Redis in-memory data structure store, with persistent storage. For more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.\n\nNOTE: You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-redis", + "tags": "database,redis", + "openshift.io/long-description": "This template provides a standalone Redis server. The data is stored on persistent storage.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/sclorg/redis-container/tree/master/3.2", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${DATABASE_SERVICE_NAME}.\n\n Password: ${REDIS_PASSWORD}\n Connection URL: redis://${DATABASE_SERVICE_NAME}:6379/\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/sclorg/redis-container/blob/master/3.2.", + "labels": { + "template": "redis-persistent-template" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-password": "{.data['database-password']}" + } + }, + "stringData" : { + "database-password" : "${REDIS_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "redis://{.spec.clusterIP}:{.spec.ports[?(.name==\"redis\")].port}" + } + }, + "spec": { + "ports": [ + { + "name": "redis", + "protocol": "TCP", + "port": 6379, + "targetPort": 6379, + "nodePort": 0 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "redis" + ], + "from": { + "kind": "ImageStreamTag", + "name": "redis:${REDIS_VERSION}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "redis", + "image": " ", + "ports": [ + { + "containerPort": 6379, + "protocol": "TCP" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "test \"$(redis-cli -h 127.0.0.1 -a $REDIS_PASSWORD ping)\" == \"PONG\""] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 6379 + } + }, + "env": [ + { + "name": "REDIS_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${DATABASE_SERVICE_NAME}", + "key" : "database-password" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/redis/data" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + }, + "status": {} + } + ], + "parameters": [ + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "description": "The name of the OpenShift Service exposed for the database.", + "value": "redis", + "required": true + }, + { + "name": "REDIS_PASSWORD", + "displayName": "Redis Connection Password", + "description": "Password for the Redis connection user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}", + "required": true + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "REDIS_VERSION", + "displayName": "Version of Redis Image", + "description": "Version of Redis image to be used (3.2 or latest).", + "value": "3.2", + "required": true + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/image-streams/OWNERS b/roles/openshift_examples/files/examples/v3.8/image-streams/OWNERS new file mode 100644 index 000000000..6ddf77f12 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/image-streams/OWNERS @@ -0,0 +1,14 @@ +reviewers: + - bparees + - sspeiche + - mfojtik + - liggitt + - jcantrill + - hhorak + - csrwng +approvers: + - bparees + - mfojtik + - liggitt + - jcantrill + - csrwng diff --git a/roles/openshift_examples/files/examples/v3.8/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v3.8/image-streams/dotnet_imagestreams.json new file mode 100644 index 000000000..ee753966f --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/image-streams/dotnet_imagestreams.json @@ -0,0 +1,140 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .NET Core on RHEL" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core Builder Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0", + "description": "Build and run .NET Core 2.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnet20", + "supports":"dotnet:2.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnet-20-rhel7:2.0" + } + }, + { + "name": "1.1", + "annotations": { + "openshift.io/display-name": ".NET Core 1.1", + "description": "Build and run .NET Core 1.1 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.1/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore11", + "supports":"dotnet:1.1,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-1.1", + "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnetcore-11-rhel7:1.1" + } + }, + { + "name": "1.0", + "annotations": { + "openshift.io/display-name": ".NET Core 1.0", + "description": "Build and run .NET Core 1.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/1.0/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "supports":"dotnet:1.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-1.0", + "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7:1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-runtime", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime (Latest)", + "description": "Run .NET Core applications on RHEL 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core Runtime available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0 Runtime", + "description": "Run .NET Core applications on RHEL 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/dotnet/dotnet-20-runtime-rhel7:2.0" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/image-streams/dotnet_imagestreams_centos.json b/roles/openshift_examples/files/examples/v3.8/image-streams/dotnet_imagestreams_centos.json new file mode 100644 index 000000000..79afc355b --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/image-streams/dotnet_imagestreams_centos.json @@ -0,0 +1,104 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .NET Core on CentOS" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet", + "annotations": { + "openshift.io/display-name": ".NET Core Builder Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core (Latest)", + "description": "Build and run .NET Core applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore", + "supports":"dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0", + "description": "Build and run .NET Core 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/build/README.md.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnet20", + "supports":"dotnet:2.0,dotnet", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-2.0", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-runtime", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime Images" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime (Latest)", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of .NET Core Runtime available on OpenShift, including major versions updates.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.0" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": ".NET Core 2.0 Runtime", + "description": "Run .NET Core applications on CentOS 7. For more information about using this image, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore/tree/master/2.0/runtime/README.md.", + "iconClass": "icon-dotnet", + "tags": "runtime,.net-runtime,dotnet-runtime,dotnetcore-runtime", + "supports":"dotnet-runtime", + "version": "2.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.centos.org/dotnet/dotnet-20-runtime-centos7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/image-streams/image-streams-centos7.json b/roles/openshift_examples/files/examples/v3.8/image-streams/image-streams-centos7.json new file mode 100644 index 000000000..e7af160d9 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/image-streams/image-streams-centos7.json @@ -0,0 +1,954 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": {}, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "httpd", + "annotations": { + "openshift.io/display-name": "Apache HTTP Server (httpd)" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Apache HTTP Server (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Httpd available on OpenShift, including major versions updates.", + "iconClass": "icon-apache", + "tags": "builder,httpd", + "supports":"httpd", + "sampleRepo": "https://github.com/openshift/httpd-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.4" + } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "Apache HTTP Server 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) 2.4 on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.", + "iconClass": "icon-apache", + "tags": "builder,httpd", + "supports":"httpd", + "version": "2.4", + "sampleRepo": "https://github.com/openshift/httpd-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/httpd-24-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "ruby", + "annotations": { + "openshift.io/display-name": "Ruby" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Ruby (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.3/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.4" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": "Ruby 2.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", + "iconClass": "icon-ruby", + "tags": "hidden,builder,ruby", + "supports": "ruby:2.0,ruby", + "version": "2.0", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/ruby-20-centos7:latest" + } + }, + { + "name": "2.2", + "annotations": { + "openshift.io/display-name": "Ruby 2.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.2 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.2/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.2,ruby", + "version": "2.2", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/ruby-22-centos7:latest" + } + }, + { + "name": "2.3", + "annotations": { + "openshift.io/display-name": "Ruby 2.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.3/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.3,ruby", + "version": "2.3", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/ruby-23-centos7:latest" + } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "Ruby 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.4/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.4,ruby", + "version": "2.4", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/ruby-24-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "nodejs", + "annotations": { + "openshift.io/display-name": "Node.js" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Node.js (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Node.js applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "6" + } + }, + { + "name": "0.10", + "annotations": { + "openshift.io/display-name": "Node.js 0.10", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "DEPRECATED: Build and run Node.js 0.10 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", + "iconClass": "icon-nodejs", + "tags": "hidden,nodejs", + "supports":"nodejs:0.10,nodejs:0.1,nodejs", + "version": "0.10", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/nodejs-010-centos7:latest" + } + }, + { + "name": "4", + "annotations": { + "openshift.io/display-name": "Node.js 4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Node.js 4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs:4,nodejs", + "version": "4", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/nodejs-4-centos7:latest" + } + }, + { + "name": "6", + "annotations": { + "openshift.io/display-name": "Node.js 6", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Node.js 6 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/6/README.md.", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs:6,nodejs", + "version": "6", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/nodejs-6-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "perl", + "annotations": { + "openshift.io/display-name": "Perl" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Perl (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Perl applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "5.24" + } + }, + { + "name": "5.16", + "annotations": { + "openshift.io/display-name": "Perl 5.16", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Perl 5.16 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", + "iconClass": "icon-perl", + "tags": "hidden,builder,perl", + "supports":"perl:5.16,perl", + "version": "5.16", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/perl-516-centos7:latest" + } + }, + { + "name": "5.20", + "annotations": { + "openshift.io/display-name": "Perl 5.20", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Perl 5.20 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.20,perl", + "version": "5.20", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/perl-520-centos7:latest" + } + }, + { + "name": "5.24", + "annotations": { + "openshift.io/display-name": "Perl 5.24", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Perl 5.24 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.24,perl", + "version": "5.24", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/perl-524-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "php", + "annotations": { + "openshift.io/display-name": "PHP" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "PHP (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run PHP applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "7.0" + } + }, + { + "name": "5.5", + "annotations": { + "openshift.io/display-name": "PHP 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run PHP 5.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", + "iconClass": "icon-php", + "tags": "hidden,builder,php", + "supports":"php:5.5,php", + "version": "5.5", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/php-55-centos7:latest" + } + }, + { + "name": "5.6", + "annotations": { + "openshift.io/display-name": "PHP 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run PHP 5.6 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:5.6,php", + "version": "5.6", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/php-56-centos7:latest" + } + }, + { + "name": "7.0", + "annotations": { + "openshift.io/display-name": "PHP 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run PHP 7.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:7.0,php", + "version": "7.0", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/php-70-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "python", + "annotations": { + "openshift.io/display-name": "Python" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Python (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Python applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.5" + } + }, + { + "name": "3.3", + "annotations": { + "openshift.io/display-name": "Python 3.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Python 3.3 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", + "iconClass": "icon-python", + "tags": "hidden,builder,python", + "supports":"python:3.3,python", + "version": "3.3", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/python-33-centos7:latest" + } + }, + { + "name": "2.7", + "annotations": { + "openshift.io/display-name": "Python 2.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Python 2.7 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:2.7,python", + "version": "2.7", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/python-27-centos7:latest" + } + }, + { + "name": "3.4", + "annotations": { + "openshift.io/display-name": "Python 3.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Python 3.4 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.4/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:3.4,python", + "version": "3.4", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/python-34-centos7:latest" + } + }, + { + "name": "3.5", + "annotations": { + "openshift.io/display-name": "Python 3.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Python 3.5 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:3.5,python", + "version": "3.5", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "centos/python-35-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "wildfly", + "annotations": { + "openshift.io/display-name": "WildFly" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "WildFly (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run WildFly applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of WildFly available on OpenShift, including major versions updates.", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"jee,java", + "sampleRepo": "https://github.com/openshift/openshift-jee-sample.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "10.1" + } + }, + { + "name": "8.1", + "annotations": { + "openshift.io/display-name": "WildFly 8.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run WildFly 8.1 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"wildfly:8.1,jee,java", + "version": "8.1", + "sampleRepo": "https://github.com/openshift/openshift-jee-sample.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/wildfly-81-centos7:latest" + } + }, + { + "name": "9.0", + "annotations": { + "openshift.io/display-name": "WildFly 9.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run WildFly 9.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"wildfly:9.0,jee,java", + "version": "9.0", + "sampleRepo": "https://github.com/openshift/openshift-jee-sample.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/wildfly-90-centos7:latest" + } + }, + { + "name": "10.0", + "annotations": { + "openshift.io/display-name": "WildFly 10.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run WildFly 10.0 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"wildfly:10.0,jee,java", + "version": "10.0", + "sampleRepo": "https://github.com/openshift/openshift-jee-sample.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/wildfly-100-centos7:latest" + } + }, + { + "name": "10.1", + "annotations": { + "openshift.io/display-name": "WildFly 10.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run WildFly 10.1 applications on CentOS 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/openshift-s2i/s2i-wildfly/blob/master/README.md.", + "iconClass": "icon-wildfly", + "tags": "builder,wildfly,java", + "supports":"wildfly:10.1,jee,java", + "version": "10.1", + "sampleRepo": "https://github.com/openshift/openshift-jee-sample.git" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/wildfly-101-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mysql", + "annotations": { + "openshift.io/display-name": "MySQL" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MySQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MySQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", + "iconClass": "icon-mysql-database", + "tags": "mysql" + }, + "from": { + "kind": "ImageStreamTag", + "name": "5.7" + } + }, + { + "name": "5.5", + "annotations": { + "openshift.io/display-name": "MySQL 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MySQL 5.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", + "iconClass": "icon-mysql-database", + "tags": "hidden,mysql", + "version": "5.5" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/mysql-55-centos7:latest" + } + }, + { + "name": "5.6", + "annotations": { + "openshift.io/display-name": "MySQL 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MySQL 5.6 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.6" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mysql-56-centos7:latest" + } + }, + { + "name": "5.7", + "annotations": { + "openshift.io/display-name": "MySQL 5.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MySQL 5.7 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.7" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mysql-57-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mariadb", + "annotations": { + "openshift.io/display-name": "MariaDB" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MariaDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MariaDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", + "iconClass": "icon-mariadb", + "tags": "mariadb" + }, + "from": { + "kind": "ImageStreamTag", + "name": "10.1" + } + }, + { + "name": "10.1", + "annotations": { + "openshift.io/display-name": "MariaDB 10.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MariaDB 10.1 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.", + "iconClass": "icon-mariadb", + "tags": "mariadb", + "version": "10.1" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mariadb-101-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "postgresql", + "annotations": { + "openshift.io/display-name": "PostgreSQL" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "PostgreSQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a PostgreSQL database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", + "iconClass": "icon-postgresql", + "tags": "postgresql" + }, + "from": { + "kind": "ImageStreamTag", + "name": "9.5" + } + }, + { + "name": "9.2", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a PostgreSQL 9.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", + "iconClass": "icon-postgresql", + "tags": "hidden,postgresql", + "version": "9.2" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/postgresql-92-centos7:latest" + } + }, + { + "name": "9.4", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a PostgreSQL 9.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.4.", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.4" + }, + "from": { + "kind": "DockerImage", + "name": "centos/postgresql-94-centos7:latest" + } + }, + { + "name": "9.5", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a PostgreSQL 9.5 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.5" + }, + "from": { + "kind": "DockerImage", + "name": "centos/postgresql-95-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mongodb", + "annotations": { + "openshift.io/display-name": "MongoDB" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MongoDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MongoDB database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", + "iconClass": "icon-mongodb", + "tags": "mongodb" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "MongoDB 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MongoDB 2.4 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", + "iconClass": "icon-mongodb", + "tags": "hidden,mongodb", + "version": "2.4" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/mongodb-24-centos7:latest" + } + }, + { + "name": "2.6", + "annotations": { + "openshift.io/display-name": "MongoDB 2.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MongoDB 2.6 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.6/README.md.", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "2.6" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mongodb-26-centos7:latest" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "MongoDB 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MongoDB 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "centos/mongodb-32-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "redis", + "annotations": { + "openshift.io/display-name": "Redis" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Redis (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a Redis database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", + "iconClass": "icon-redis", + "tags": "redis" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "Redis 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a Redis 3.2 database on CentOS 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", + "iconClass": "icon-redis", + "tags": "redis", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "centos/redis-32-centos7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jenkins", + "annotations": { + "openshift.io/display-name": "Jenkins" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Jenkins (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a Jenkins server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", + "iconClass": "icon-jenkins", + "tags": "jenkins" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2" + } + }, + { + "name": "1", + "annotations": { + "openshift.io/display-name": "Jenkins 1.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a Jenkins 1.X server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", + "iconClass": "icon-jenkins", + "tags": "hidden,jenkins", + "version": "1.x" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/jenkins-1-centos7:latest" + } + }, + { + "name": "2", + "annotations": { + "openshift.io/display-name": "Jenkins 2.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a Jenkins v2.x server on CentOS 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", + "iconClass": "icon-jenkins", + "tags": "jenkins", + "version": "2.x" + }, + "from": { + "kind": "DockerImage", + "name": "openshift/jenkins-2-centos7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/image-streams/image-streams-rhel7.json b/roles/openshift_examples/files/examples/v3.8/image-streams/image-streams-rhel7.json new file mode 100644 index 000000000..2b082fc75 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/image-streams/image-streams-rhel7.json @@ -0,0 +1,856 @@ +{ + "kind": "ImageStreamList", + "apiVersion": "v1", + "metadata": {}, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "httpd", + "annotations": { + "openshift.io/display-name": "Apache HTTP Server (httpd)" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Apache HTTP Server (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Httpd available on OpenShift, including major versions updates.", + "iconClass": "icon-apache", + "tags": "builder,httpd", + "supports":"httpd", + "sampleRepo": "https://github.com/openshift/httpd-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.4" + } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "Apache HTTP Server 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and serve static content via Apache HTTP Server (httpd) 2.4 on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/httpd-container/blob/master/2.4/README.md.", + "iconClass": "icon-apache", + "tags": "builder,httpd", + "supports":"httpd", + "version": "2.4", + "sampleRepo": "https://github.com/openshift/httpd-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/httpd-24-rhel7" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "ruby", + "annotations": { + "openshift.io/display-name": "Ruby" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Ruby (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.3/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Ruby available on OpenShift, including major versions updates.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2.4" + } + }, + { + "name": "2.0", + "annotations": { + "openshift.io/display-name": "Ruby 2.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.0/README.md.", + "iconClass": "icon-ruby", + "tags": "hidden,builder,ruby", + "supports": "ruby:2.0,ruby", + "version": "2.0", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/ruby-20-rhel7:latest" + } + }, + { + "name": "2.2", + "annotations": { + "openshift.io/display-name": "Ruby 2.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.2 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/tree/master/2.2/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.2,ruby", + "version": "2.2", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/ruby-22-rhel7:latest" + } + }, + { + "name": "2.3", + "annotations": { + "openshift.io/display-name": "Ruby 2.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.3/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.3,ruby", + "version": "2.3", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/ruby-23-rhel7:latest" + } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "Ruby 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Ruby 2.4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-ruby-container/blob/master/2.4/README.md.", + "iconClass": "icon-ruby", + "tags": "builder,ruby", + "supports": "ruby:2.4,ruby", + "version": "2.4", + "sampleRepo": "https://github.com/openshift/ruby-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/ruby-24-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "nodejs", + "annotations": { + "openshift.io/display-name": "Node.js" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Node.js (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Node.js applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates.", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "6" + } + }, + { + "name": "0.10", + "annotations": { + "openshift.io/display-name": "Node.js 0.10", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "DEPRECATED: Build and run Node.js 0.10 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/0.10/README.md.", + "iconClass": "icon-nodejs", + "tags": "hidden,nodejs", + "supports":"nodejs:0.10,nodejs:0.1,nodejs", + "version": "0.10", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/nodejs-010-rhel7:latest" + } + }, + { + "name": "4", + "annotations": { + "openshift.io/display-name": "Node.js 4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Node.js 4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md.", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs:4,nodejs", + "version": "4", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/nodejs-4-rhel7:latest" + } + }, + { + "name": "6", + "annotations": { + "openshift.io/display-name": "Node.js 6", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Node.js 6 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container.", + "iconClass": "icon-nodejs", + "tags": "builder,nodejs", + "supports":"nodejs:6,nodejs", + "version": "6", + "sampleRepo": "https://github.com/openshift/nodejs-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/nodejs-6-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "perl", + "annotations": { + "openshift.io/display-name": "Perl" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Perl (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Perl applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Perl available on OpenShift, including major versions updates.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "5.24" + } + }, + { + "name": "5.16", + "annotations": { + "openshift.io/display-name": "Perl 5.16", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Perl 5.16 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.16/README.md.", + "iconClass": "icon-perl", + "tags": "hidden,builder,perl", + "supports":"perl:5.16,perl", + "version": "5.16", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/perl-516-rhel7:latest" + } + }, + { + "name": "5.20", + "annotations": { + "openshift.io/display-name": "Perl 5.20", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Perl 5.20 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.20/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.20,perl", + "version": "5.20", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/perl-520-rhel7:latest" + } + }, + { + "name": "5.24", + "annotations": { + "openshift.io/display-name": "Perl 5.24", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Perl 5.24 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-perl-container/blob/master/5.24/README.md.", + "iconClass": "icon-perl", + "tags": "builder,perl", + "supports":"perl:5.24,perl", + "version": "5.24", + "sampleRepo": "https://github.com/openshift/dancer-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/perl-524-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "php", + "annotations": { + "openshift.io/display-name": "PHP" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "PHP (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run PHP applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PHP available on OpenShift, including major versions updates.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "7.0" + } + }, + { + "name": "5.5", + "annotations": { + "openshift.io/display-name": "PHP 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run PHP 5.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.5/README.md.", + "iconClass": "icon-php", + "tags": "hidden,builder,php", + "supports":"php:5.5,php", + "version": "5.5", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/php-55-rhel7:latest" + } + }, + { + "name": "5.6", + "annotations": { + "openshift.io/display-name": "PHP 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run PHP 5.6 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/5.6/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:5.6,php", + "version": "5.6", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/php-56-rhel7:latest" + } + }, + { + "name": "7.0", + "annotations": { + "openshift.io/display-name": "PHP 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run PHP 7.0 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-php-container/blob/master/7.0/README.md.", + "iconClass": "icon-php", + "tags": "builder,php", + "supports":"php:7.0,php", + "version": "7.0", + "sampleRepo": "https://github.com/openshift/cakephp-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/php-70-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "python", + "annotations": { + "openshift.io/display-name": "Python" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Python (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Python applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Python available on OpenShift, including major versions updates.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.5" + } + }, + { + "name": "3.3", + "annotations": { + "openshift.io/display-name": "Python 3.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Python 3.3 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.3/README.md.", + "iconClass": "icon-python", + "tags": "hidden,builder,python", + "supports":"python:3.3,python", + "version": "3.3", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/python-33-rhel7:latest" + } + }, + { + "name": "2.7", + "annotations": { + "openshift.io/display-name": "Python 2.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Python 2.7 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/2.7/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:2.7,python", + "version": "2.7", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/python-27-rhel7:latest" + } + }, + { + "name": "3.4", + "annotations": { + "openshift.io/display-name": "Python 3.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Python 3.4 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.4/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:3.4,python", + "version": "3.4", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/python-34-rhel7:latest" + } + }, + { + "name": "3.5", + "annotations": { + "openshift.io/display-name": "Python 3.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Build and run Python 3.5 applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-python-container/blob/master/3.5/README.md.", + "iconClass": "icon-python", + "tags": "builder,python", + "supports":"python:3.5,python", + "version": "3.5", + "sampleRepo": "https://github.com/openshift/django-ex.git" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/python-35-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mysql", + "annotations": { + "openshift.io/display-name": "MySQL" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MySQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MySQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MySQL available on OpenShift, including major versions updates.", + "iconClass": "icon-mysql-database", + "tags": "mysql" + }, + "from": { + "kind": "ImageStreamTag", + "name": "5.7" + } + }, + { + "name": "5.5", + "annotations": { + "openshift.io/display-name": "MySQL 5.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MySQL 5.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.5/README.md.", + "iconClass": "icon-mysql-database", + "tags": "hidden,mysql", + "version": "5.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/mysql-55-rhel7:latest" + } + }, + { + "name": "5.6", + "annotations": { + "openshift.io/display-name": "MySQL 5.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MySQL 5.6 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.6/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.6" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mysql-56-rhel7:latest" + } + }, + { + "name": "5.7", + "annotations": { + "openshift.io/display-name": "MySQL 5.7", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MySQL 5.7 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mysql-container/tree/master/5.7/README.md.", + "iconClass": "icon-mysql-database", + "tags": "mysql", + "version": "5.7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mysql-57-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mariadb", + "annotations": { + "openshift.io/display-name": "MariaDB" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MariaDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MariaDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MariaDB available on OpenShift, including major versions updates.", + "iconClass": "icon-mariadb", + "tags": "mariadb" + }, + "from": { + "kind": "ImageStreamTag", + "name": "10.1" + } + }, + { + "name": "10.1", + "annotations": { + "openshift.io/display-name": "MariaDB 10.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MariaDB 10.1 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mariadb-container/tree/master/10.1/README.md.", + "iconClass": "icon-mariadb", + "tags": "mariadb", + "version": "10.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mariadb-101-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "postgresql", + "annotations": { + "openshift.io/display-name": "PostgreSQL" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "PostgreSQL (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a PostgreSQL database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of PostgreSQL available on OpenShift, including major versions updates.", + "iconClass": "icon-postgresql", + "tags": "postgresql" + }, + "from": { + "kind": "ImageStreamTag", + "name": "9.5" + } + }, + { + "name": "9.2", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a PostgreSQL 9.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.2.", + "iconClass": "icon-postgresql", + "tags": "hidden,postgresql", + "version": "9.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/postgresql-92-rhel7:latest" + } + }, + { + "name": "9.4", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a PostgreSQL 9.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.4.", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/postgresql-94-rhel7:latest" + } + }, + { + "name": "9.5", + "annotations": { + "openshift.io/display-name": "PostgreSQL 9.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a PostgreSQL 9.5 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/postgresql-container/tree/master/9.5.", + "iconClass": "icon-postgresql", + "tags": "postgresql", + "version": "9.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/postgresql-95-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "mongodb", + "annotations": { + "openshift.io/display-name": "MongoDB" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "MongoDB (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MongoDB database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of MongoDB available on OpenShift, including major versions updates.", + "iconClass": "icon-mongodb", + "tags": "mongodb" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "2.4", + "annotations": { + "openshift.io/display-name": "MongoDB 2.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MongoDB 2.4 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.4/README.md.", + "iconClass": "icon-mongodb", + "tags": "hidden,mongodb", + "version": "2.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/mongodb-24-rhel7:latest" + } + }, + { + "name": "2.6", + "annotations": { + "openshift.io/display-name": "MongoDB 2.6", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MongoDB 2.6 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/2.6/README.md.", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "2.6" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mongodb-26-rhel7:latest" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "MongoDB 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a MongoDB 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/mongodb-container/tree/master/3.2/README.md.", + "iconClass": "icon-mongodb", + "tags": "mongodb", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/mongodb-32-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "redis", + "annotations": { + "openshift.io/display-name": "Redis" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Redis (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a Redis database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Redis available on OpenShift, including major versions updates.", + "iconClass": "icon-redis", + "tags": "redis" + }, + "from": { + "kind": "ImageStreamTag", + "name": "3.2" + } + }, + { + "name": "3.2", + "annotations": { + "openshift.io/display-name": "Redis 3.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a Redis 3.2 database on RHEL 7. For more information about using this database image, including OpenShift considerations, see https://github.com/sclorg/redis-container/tree/master/3.2/README.md.", + "iconClass": "icon-redis", + "tags": "redis", + "version": "3.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/rhscl/redis-32-rhel7:latest" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jenkins", + "annotations": { + "openshift.io/display-name": "Jenkins" + } + }, + "spec": { + "tags": [ + { + "name": "latest", + "annotations": { + "openshift.io/display-name": "Jenkins (Latest)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a Jenkins server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.\n\nWARNING: By selecting this tag, your application will automatically update to use the latest version of Jenkins available on OpenShift, including major versions updates.", + "iconClass": "icon-jenkins", + "tags": "jenkins" + }, + "from": { + "kind": "ImageStreamTag", + "name": "2" + } + }, + { + "name": "1", + "annotations": { + "openshift.io/display-name": "Jenkins 1.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a Jenkins 1.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", + "iconClass": "icon-jenkins", + "tags": "hidden,jenkins", + "version": "1.x" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/jenkins-1-rhel7:latest" + } + }, + { + "name": "2", + "annotations": { + "openshift.io/display-name": "Jenkins 2.X", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "Provides a Jenkins 2.X server on RHEL 7. For more information about using this container image, including OpenShift considerations, see https://github.com/openshift/jenkins/blob/master/README.md.", + "iconClass": "icon-jenkins", + "tags": "jenkins", + "version": "2.x" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/openshift3/jenkins-2-rhel7:latest" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/OWNERS b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/OWNERS new file mode 100644 index 000000000..a26e484d6 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/OWNERS @@ -0,0 +1,12 @@ +reviewers: + - bparees + - gabemontero + - coreydaley + - dinhxuanvu + - sspeiche + - mfojtik + - jupierce +approvers: + - bparees + - mfojtik + - jupierce diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/README.md b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/README.md new file mode 100644 index 000000000..6d2ccbf7f --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/README.md @@ -0,0 +1,28 @@ +QuickStarts +=========== + +QuickStarts provide the basic skeleton of an application. Generally they +reference a repository containing very simple source code that implements a +trivial application using a particular framework. In addition they define any +components needed for the application including a Build configuration, +supporting services such as Databases, etc. + +You can instantiate these templates as is, or fork the source repository they +reference and supply your forked repository as the source-repository when +instantiating them. + +* [CakePHP](https://raw.githubusercontent.com/openshift/cakephp-ex/master/openshift/templates/cakephp-mysql.json) - Provides a basic CakePHP application with a MySQL database. For more information see the [source repository](https://github.com/openshift/cakephp-ex). +* [CakePHP persistent](https://raw.githubusercontent.com/openshift/cakephp-ex/master/openshift/templates/cakephp-mysql-persistent.json) - Provides a basic CakePHP application with a persistent MySQL database. Note: requires available persistent volumes. For more information see the [source repository](https://github.com/openshift/cakephp-ex). +* [Dancer](https://raw.githubusercontent.com/openshift/dancer-ex/master/openshift/templates/dancer-mysql.json) - Provides a basic Dancer (Perl) application with a MySQL database. For more information see the [source repository](https://github.com/openshift/dancer-ex). +* [Dancer persistent](https://raw.githubusercontent.com/openshift/dancer-ex/master/openshift/templates/dancer-mysql-persistent.json) - Provides a basic Dancer (Perl) application with a persistent MySQL database. Note: requires available persistent volumes. For more information see the [source repository](https://github.com/openshift/dancer-ex). +* [Django](https://raw.githubusercontent.com/openshift/django-ex/master/openshift/templates/django-postgresql.json) - Provides a basic Django (Python) application with a PostgreSQL database. For more information see the [source repository](https://github.com/openshift/django-ex). +* [Django persistent](https://raw.githubusercontent.com/openshift/django-ex/master/openshift/templates/django-postgresql-persistent.json) - Provides a basic Django (Python) application with a persistent PostgreSQL database. Note: requires available persistent volumes. For more information see the [source repository](https://github.com/openshift/django-ex). +* [Httpd](https://raw.githubusercontent.com/openshift/httpd-ex/master/openshift/templates/httpd.json) - Provides a basic Httpd static content application. For more information see the [source repository](https://github.com/openshift/httpd-ex). +* [NodeJS](https://raw.githubusercontent.com/openshift/nodejs-ex/master/openshift/templates/nodejs-mongodb.json) - Provides a basic NodeJS application with a MongoDB database. For more information see the [source repository](https://github.com/openshift/nodejs-ex). +* [NodeJS persistent](https://raw.githubusercontent.com/openshift/nodejs-ex/master/openshift/templates/nodejs-mongodb-persistent.json) - Provides a basic NodeJS application with a persistent MongoDB database. Note: requires available persistent volumes. For more information see the [source repository](https://github.com/openshift/nodejs-ex). +* [Rails](https://raw.githubusercontent.com/openshift/rails-ex/master/openshift/templates/rails-postgresql.json) - Provides a basic Rails (Ruby) application with a PostgreSQL database. For more information see the [source repository](https://github.com/openshift/rails-ex). +* [Rails persistent](https://raw.githubusercontent.com/openshift/rails-ex/master/openshift/templates/rails-postgresql-persistent.json) - Provides a basic Rails (Ruby) application with a persistent PostgreSQL database. Note: requires available persistent volumes. For more information see the [source repository](https://github.com/openshift/rails-ex). + +Note: This file is processed by `hack/update-external-examples.sh`. New examples +must follow the exact syntax of the existing entries. Files in this directory +are automatically pulled down, do not modify/add files to this directory. diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/amp.yml b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/amp.yml new file mode 100644 index 000000000..4e469f6e8 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/amp.yml @@ -0,0 +1,1261 @@ +base_env: &base_env +- name: RAILS_ENV + value: "production" +- name: DATABASE_URL + value: "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" +- name: FORCE_SSL + value: "true" +- name: THREESCALE_SUPERDOMAIN + value: "${WILDCARD_DOMAIN}" +- name: TENANT_NAME + value: "${TENANT_NAME}" +- name: APICAST_ACCESS_TOKEN + value: "${APICAST_ACCESS_TOKEN}" +- name: ADMIN_ACCESS_TOKEN + value: "${ADMIN_ACCESS_TOKEN}" +- name: PROVIDER_PLAN + value: 'enterprise' +- name: USER_LOGIN + value: "${ADMIN_USERNAME}" +- name: USER_PASSWORD + value: "${ADMIN_PASSWORD}" +- name: RAILS_LOG_TO_STDOUT + value: "true" +- name: RAILS_LOG_LEVEL + value: "info" +- name: THINKING_SPHINX_ADDRESS + value: "system-sphinx" +- name: THINKING_SPHINX_PORT + value: "9306" +- name: THINKING_SPHINX_CONFIGURATION_FILE + value: "/tmp/sphinx.conf" +- name: EVENTS_SHARED_SECRET + value: "${SYSTEM_BACKEND_SHARED_SECRET}" +- name: THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE + value: "VERIFY_NONE" +- name: APICAST_BACKEND_ROOT_ENDPOINT + value: "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" +- name: CONFIG_INTERNAL_API_USER + value: "${SYSTEM_BACKEND_USERNAME}" +- name: CONFIG_INTERNAL_API_PASSWORD + value: "${SYSTEM_BACKEND_PASSWORD}" +- name: SECRET_KEY_BASE + value: "${SYSTEM_APP_SECRET_KEY_BASE}" +- name: AMP_RELEASE + value: "${AMP_RELEASE}" +- name: SMTP_ADDRESS + valueFrom: + configMapKeyRef: + name: smtp + key: address +- name: SMTP_USER_NAME + valueFrom: + configMapKeyRef: + name: smtp + key: username +- name: SMTP_PASSWORD + valueFrom: + configMapKeyRef: + name: smtp + key: password +- name: SMTP_DOMAIN + valueFrom: + configMapKeyRef: + name: smtp + key: domain +- name: SMTP_PORT + valueFrom: + configMapKeyRef: + name: smtp + key: port +- name: SMTP_AUTHENTICATION + valueFrom: + configMapKeyRef: + name: smtp + key: authentication +- name: SMTP_OPENSSL_VERIFY_MODE + valueFrom: + configMapKeyRef: + name: smtp + key: openssl.verify.mode +- name: BACKEND_ROUTE + value: "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + +apiVersion: v1 +kind: Template +metadata: + name: "system" +message: "Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD}" +objects: + +- apiVersion: "v1" + kind: "PersistentVolumeClaim" + metadata: + name: "system-storage" + spec: + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "100Mi" + +- apiVersion: "v1" + kind: "PersistentVolumeClaim" + metadata: + name: "mysql-storage" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + +- apiVersion: "v1" + kind: "PersistentVolumeClaim" + metadata: + name: "system-redis-storage" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + +- apiVersion: "v1" + kind: "PersistentVolumeClaim" + metadata: + name: "backend-redis-storage" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: backend-cron + spec: + replicas: 1 + selector: + name: backend-cron + strategy: + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + name: backend-cron + spec: + containers: + - args: + - backend-cron + env: + - name: CONFIG_REDIS_PROXY + value: "backend-redis:6379" + - name: CONFIG_QUEUES_MASTER_NAME + value: "backend-redis:6379/1" + - name: RACK_ENV + value: "production" + image: 3scale-amp20/backend:1.0-2 + imagePullPolicy: IfNotPresent + name: backend-cron + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: backend-redis + spec: + replicas: 1 + selector: + name: backend-redis + strategy: + type: Recreate + template: + metadata: + labels: + name: backend-redis + spec: + containers: + - image: ${REDIS_IMAGE} + imagePullPolicy: IfNotPresent + name: backend-redis + readinessProbe: + exec: + command: + - "container-entrypoint" + - "bash" + - "-c" + - "redis-cli set liveness-probe \"`date`\" | grep OK" + initialDelaySeconds: 10 + periodSeconds: 30 + timeoutSeconds: 1 + livenessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 10 + periodSeconds: 10 + volumeMounts: + - name: backend-redis-storage + mountPath: "/var/lib/redis/data" + - name: redis-config + mountPath: /etc/redis.conf + subPath: redis.conf + volumes: + - name: backend-redis-storage + persistentVolumeClaim: + claimName: backend-redis-storage + - name: redis-config + configMap: + name: redis-config + items: + - key: redis.conf + path: redis.conf + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: backend-listener + spec: + replicas: 1 + selector: + name: backend-listener + strategy: + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + name: backend-listener + spec: + containers: + - args: + - 3scale_backend + - start + - "-e" + - production + - "-p" + - '3000' + - "-x" + - "/dev/stdout" + env: + - name: CONFIG_REDIS_PROXY + value: "backend-redis:6379" + - name: CONFIG_QUEUES_MASTER_NAME + value: "backend-redis:6379/1" + - name: RACK_ENV + value: "production" + - name: CONFIG_INTERNAL_API_USER + value: "${SYSTEM_BACKEND_USERNAME}" + - name: CONFIG_INTERNAL_API_PASSWORD + value: "${SYSTEM_BACKEND_PASSWORD}" + image: 3scale-amp20/backend:1.0-2 + imagePullPolicy: IfNotPresent + name: backend-listener + livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + tcpSocket: + port: 3000 + readinessProbe: + httpGet: + path: "/status" + port: 3000 + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 3000 + protocol: TCP + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: Service + metadata: + name: backend-redis + spec: + ports: + - port: 6379 + protocol: TCP + targetPort: 6379 + selector: + name: backend-redis + +- apiVersion: v1 + kind: Service + metadata: + name: backend-listener + spec: + ports: + - port: 3000 + protocol: TCP + targetPort: 3000 + name: http + selector: + name: backend-listener + +- apiVersion: v1 + kind: Service + metadata: + name: system-provider + spec: + ports: + - port: 3000 + protocol: TCP + targetPort: provider + name: http + selector: + name: system-app + +- apiVersion: v1 + kind: Service + metadata: + name: system-developer + spec: + ports: + - port: 3000 + protocol: TCP + targetPort: developer + name: http + selector: + name: system-app + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: backend-worker + spec: + replicas: 1 + selector: + name: backend-worker + strategy: + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + name: backend-worker + spec: + containers: + - args: + - 3scale_backend_worker + - run + env: + - name: CONFIG_REDIS_PROXY + value: "backend-redis:6379" + - name: CONFIG_QUEUES_MASTER_NAME + value: "backend-redis:6379/1" + - name: RACK_ENV + value: "production" + - name: CONFIG_EVENTS_HOOK + value: http://system-provider:3000/master/events/import + - name: CONFIG_EVENTS_HOOK_SHARED_SECRET + value: ${SYSTEM_BACKEND_SHARED_SECRET} + image: 3scale-amp20/backend:1.0-2 + imagePullPolicy: IfNotPresent + name: backend-worker + triggers: + - type: ConfigChange + +- kind: Service + apiVersion: v1 + metadata: + name: 'system-mysql' + spec: + ports: + - name: system-mysql + protocol: TCP + port: 3306 + targetPort: 3306 + nodePort: 0 + selector: + name: 'system-mysql' +- apiVersion: v1 + kind: Service + metadata: + name: system-redis + spec: + ports: + - port: 6379 + protocol: TCP + targetPort: 6379 + name: redis + selector: + name: system-redis + + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: system-redis + spec: + replicas: 1 + selector: + name: system-redis + strategy: + type: Recreate + template: + metadata: + labels: + name: system-redis + spec: + containers: + - args: + image: ${REDIS_IMAGE} + imagePullPolicy: IfNotPresent + name: system-redis + terminationMessagePath: /dev/termination-log + volumeMounts: + - name: system-redis-storage + mountPath: "/var/lib/redis/data" + - name: redis-config + mountPath: /etc/redis.conf + subPath: redis.conf + readinessProbe: + exec: + command: + - "container-entrypoint" + - "bash" + - "-c" + - "redis-cli set liveness-probe \"`date`\" | grep OK" + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + livenessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 10 + periodSeconds: 5 + volumes: + - name: system-redis-storage + persistentVolumeClaim: + claimName: system-redis-storage + - name: redis-config + configMap: + name: redis-config + items: + - key: redis.conf + path: redis.conf + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: Service + metadata: + name: system-sphinx + spec: + ports: + - port: 9306 + protocol: TCP + targetPort: 9306 + name: sphinx + selector: + name: system-sphinx + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: system-sphinx + spec: + replicas: 1 + selector: + name: system-sphinx + strategy: + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + name: system-sphinx + spec: + volumes: + - name: system-sphinx-database + emptyDir: {} + containers: + - args: + - rake + - 'openshift:thinking_sphinx:start' + volumeMounts: + - name: system-sphinx-database + mountPath: "/opt/system/db/sphinx" + env: + - name: RAILS_ENV + value: production + - name: DATABASE_URL + value: "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" + - name: THINKING_SPHINX_ADDRESS + value: 0.0.0.0 + - name: THINKING_SPHINX_CONFIGURATION_FILE + value: "db/sphinx/production.conf" + - name: THINKING_SPHINX_PID_FILE + value: db/sphinx/searchd.pid + - name: DELTA_INDEX_INTERVAL + value: '5' + - name: FULL_REINDEX_INTERVAL + value: '60' + image: 3scale-amp20/system:1.0-2 + imagePullPolicy: IfNotPresent + name: system-sphinx + livenessProbe: + tcpSocket: + port: 9306 + initialDelaySeconds: 60 + periodSeconds: 10 + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: Service + metadata: + name: system-memcache + spec: + ports: + - port: 11211 + protocol: TCP + targetPort: 11211 + name: memcache + selector: + name: system-memcache +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: system-memcache + spec: + replicas: 1 + selector: + name: system-memcache + strategy: + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + name: system-memcache + spec: + containers: + - args: + env: + image: 3scale-amp20/memcached:1.4.15-7 + imagePullPolicy: IfNotPresent + name: memcache + readinessProbe: + exec: + command: + - "sh" + - "-c" + - "echo version | nc $HOSTNAME 11211 | grep VERSION" + initialDelaySeconds: 10 + periodSeconds: 30 + timeoutSeconds: 5 + livenessProbe: + tcpSocket: + port: 11211 + initialDelaySeconds: 10 + periodSeconds: 10 + command: + - "memcached" + - "-m" + - "64" + ports: + - containerPort: 6379 + protocol: TCP + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: Route + metadata: + name: system-provider-admin-route + labels: + app: system-route + spec: + host: ${TENANT_NAME}-admin.${WILDCARD_DOMAIN} + to: + kind: Service + name: system-provider + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + +- apiVersion: v1 + kind: Route + metadata: + name: backend-route + labels: + app: system-route + spec: + host: backend-${TENANT_NAME}.${WILDCARD_DOMAIN} + to: + kind: Service + name: backend-listener + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + +- apiVersion: v1 + kind: Route + metadata: + name: system-developer-route + labels: + app: system-route + spec: + host: ${TENANT_NAME}.${WILDCARD_DOMAIN} + to: + kind: Service + name: system-developer + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: apicast-staging + spec: + replicas: 1 + selector: + deploymentconfig: apicast-staging + strategy: + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 1800 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + deploymentconfig: apicast-staging + spec: + containers: + - env: + - name: THREESCALE_PORTAL_ENDPOINT + value: http://${APICAST_ACCESS_TOKEN}@system-provider:3000 + - name: APICAST_CONFIGURATION_LOADER + value: "lazy" + - name: APICAST_CONFIGURATION_CACHE + value: "0" + - name: THREESCALE_DEPLOYMENT_ENV + value: "sandbox" + - name: APICAST_MANAGEMENT_API + value: "${APICAST_MANAGEMENT_API}" + - name: BACKEND_ENDPOINT_OVERRIDE + value: http://backend-listener:3000 + - name: OPENSSL_VERIFY + value: '${APICAST_OPENSSL_VERIFY}' + - name: APICAST_RESPONSE_CODES + value: '${APICAST_RESPONSE_CODES}' + - name: REDIS_URL + value: "redis://system-redis:6379/2" + image: 3scale-amp20/apicast-gateway:1.0-3 + imagePullPolicy: IfNotPresent + name: apicast-staging + livenessProbe: + httpGet: + path: /status/live + port: 8090 + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /status/ready + port: 8090 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 30 + ports: + - containerPort: 8080 + protocol: TCP + - containerPort: 8090 + protocol: TCP + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: Service + metadata: + name: apicast-staging + spec: + ports: + - name: gateway + port: 8080 + protocol: TCP + targetPort: 8080 + - name: management + port: 8090 + protocol: TCP + targetPort: 8090 + selector: + deploymentconfig: apicast-staging + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: apicast-production + spec: + replicas: 1 + selector: + deploymentconfig: apicast-production + strategy: + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 1800 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + deploymentconfig: apicast-production + spec: + containers: + - env: + - name: THREESCALE_PORTAL_ENDPOINT + value: "http://${APICAST_ACCESS_TOKEN}@system-provider:3000" + - name: APICAST_CONFIGURATION_LOADER + value: "boot" + - name: APICAST_CONFIGURATION_CACHE + value: "300" + - name: THREESCALE_DEPLOYMENT_ENV + value: "production" + - name: APICAST_MANAGEMENT_API + value: "${APICAST_MANAGEMENT_API}" + - name: BACKEND_ENDPOINT_OVERRIDE + value: http://backend-listener:3000 + - name: OPENSSL_VERIFY + value: '${APICAST_OPENSSL_VERIFY}' + - name: APICAST_RESPONSE_CODES + value: '${APICAST_RESPONSE_CODES}' + - name: REDIS_URL + value: "redis://system-redis:6379/1" + image: 3scale-amp20/apicast-gateway:1.0-3 + imagePullPolicy: IfNotPresent + name: apicast-production + livenessProbe: + httpGet: + path: /status/live + port: 8090 + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /status/ready + port: 8090 + initialDelaySeconds: 15 + timeoutSeconds: 5 + periodSeconds: 30 + ports: + - containerPort: 8080 + protocol: TCP + - containerPort: 8090 + protocol: TCP + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: Service + metadata: + name: apicast-production + spec: + ports: + - name: gateway + port: 8080 + protocol: TCP + targetPort: 8080 + - name: management + port: 8090 + protocol: TCP + targetPort: 8090 + selector: + deploymentconfig: apicast-production + +- apiVersion: v1 + kind: Route + metadata: + name: api-apicast-staging-route + labels: + app: apicast-staging + spec: + host: api-${TENANT_NAME}-apicast-staging.${WILDCARD_DOMAIN} + to: + kind: Service + name: apicast-staging + port: + targetPort: gateway + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + +- apiVersion: v1 + kind: Route + metadata: + name: api-apicast-production-route + labels: + app: apicast-production + spec: + host: api-${TENANT_NAME}-apicast-production.${WILDCARD_DOMAIN} + to: + kind: Service + name: apicast-production + port: + targetPort: gateway + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: system-app + spec: + replicas: 1 + selector: + name: system-app + strategy: + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + pre: + failurePolicy: Retry + execNewPod: + containerName: system-provider + command: + - bash + - -c + - bundle exec rake boot openshift:deploy + env: *base_env + volumes: + - system-storage + post: + failurePolicy: Abort + execNewPod: + containerName: system-provider + command: + - bash + - -c + - bundle exec rake boot openshift:post_deploy + type: Rolling + template: + metadata: + labels: + name: system-app + spec: + containers: + - args: + env: *base_env + image: 3scale-amp20/system:1.0-2 + imagePullPolicy: IfNotPresent + command: ['env', 'TENANT_MODE=provider', 'PORT=3000', 'container-entrypoint', 'bundle', 'exec', 'unicorn', '-c', 'config/unicorn.rb'] + name: system-provider + livenessProbe: + timeoutSeconds: 10 + initialDelaySeconds: 20 + tcpSocket: + port: provider + periodSeconds: 10 + readinessProbe: + httpGet: + path: /check.txt + port: provider + scheme: HTTP + httpHeaders: + - name: X-Forwarded-Proto + value: https + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + ports: + - containerPort: 3000 + protocol: TCP + name: provider + volumeMounts: + - name: system-storage + mountPath: /opt/system/public/system + - args: + env: *base_env + image: 3scale-amp20/system:1.0-2 + command: ['env', 'TENANT_MODE=developer', 'PORT=3001', 'container-entrypoint', 'bundle', 'exec', 'unicorn', '-c', 'config/unicorn.rb'] + imagePullPolicy: IfNotPresent + name: system-developer + livenessProbe: + timeoutSeconds: 10 + initialDelaySeconds: 20 + tcpSocket: + port: developer + periodSeconds: 10 + readinessProbe: + httpGet: + path: /check.txt + port: developer + scheme: HTTP + httpHeaders: + - name: X-Forwarded-Proto + value: https + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + ports: + - containerPort: 3001 + protocol: TCP + name: developer + volumeMounts: + - name: system-storage + mountPath: /opt/system/public/system + readOnly: true + volumes: + - name: system-storage + persistentVolumeClaim: + claimName: system-storage + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: system-resque + spec: + replicas: 1 + selector: + name: system-resque + strategy: + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + name: system-resque + spec: + containers: + - args: + - 'rake' + - 'resque:work' + - 'QUEUE=*' + env: *base_env + image: 3scale-amp20/system:1.0-2 + imagePullPolicy: IfNotPresent + name: system-resque + volumeMounts: + - name: system-storage + mountPath: /opt/system/public/system + - args: + - 'rake' + - 'resque:scheduler' + - 'QUEUE=*' + env: *base_env + image: 3scale-amp20/system:1.0-2 + imagePullPolicy: IfNotPresent + name: system-scheduler + volumes: + - name: system-storage + persistentVolumeClaim: + claimName: system-storage + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: system-sidekiq + spec: + replicas: 1 + selector: + name: system-sidekiq + strategy: + rollingParams: + intervalSeconds: 1 + maxSurge: 25% + maxUnavailable: 25% + timeoutSeconds: 600 + updatePeriodSeconds: 1 + type: Rolling + template: + metadata: + labels: + name: system-sidekiq + spec: + containers: + - args: + - rake + - sidekiq:worker + env: *base_env + image: 3scale-amp20/system:1.0-2 + imagePullPolicy: IfNotPresent + name: system-sidekiq + volumeMounts: + - name: system-storage + mountPath: /opt/system/public/system + volumes: + - name: system-storage + persistentVolumeClaim: + claimName: system-storage + triggers: + - type: ConfigChange + + +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: 'system-mysql' + spec: + strategy: + type: Recreate + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: 'system-mysql' + template: + metadata: + labels: + name: 'system-mysql' + spec: + containers: + - name: system-mysql + image: ${MYSQL_IMAGE} + ports: + - containerPort: 3306 + protocol: TCP + resources: + limits: + memory: 2Gi + requests: + cpu: '1' + memory: 1Gi + readinessProbe: + timeoutSeconds: 5 + initialDelaySeconds: 10 + periodSeconds: 30 + exec: + command: + - /bin/sh + - '-i' + - '-c' + - MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' + livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 10 + tcpSocket: + port: 3306 + env: + - name: MYSQL_USER + value: ${MYSQL_USER} + - name: MYSQL_PASSWORD + value: ${MYSQL_PASSWORD} + - name: MYSQL_DATABASE + value: ${MYSQL_DATABASE} + - name: MYSQL_ROOT_PASSWORD + value: ${MYSQL_ROOT_PASSWORD} + - name: MYSQL_LOWER_CASE_TABLE_NAMES + value: "1" + volumeMounts: + - name: 'mysql-storage' + mountPath: /var/lib/mysql/data + imagePullPolicy: IfNotPresent + volumes: + - name: 'mysql-storage' + persistentVolumeClaim: + claimName: 'mysql-storage' +- kind: ConfigMap + apiVersion: v1 + metadata: + name: redis-config + data: + redis.conf: | + protected-mode no + + port 6379 + + timeout 0 + tcp-keepalive 300 + + daemonize no + supervised no + + loglevel notice + + databases 16 + + save 900 1 + save 300 10 + save 60 10000 + + stop-writes-on-bgsave-error yes + + rdbcompression yes + rdbchecksum yes + + dbfilename dump.rdb + + slave-serve-stale-data yes + slave-read-only yes + + repl-diskless-sync no + repl-disable-tcp-nodelay no + + appendonly yes + appendfilename "appendonly.aof" + appendfsync everysec + no-appendfsync-on-rewrite no + auto-aof-rewrite-percentage 100 + auto-aof-rewrite-min-size 64mb + aof-load-truncated yes + + lua-time-limit 5000 + + activerehashing no + + aof-rewrite-incremental-fsync yes + dir /var/lib/redis/data + +- kind: ConfigMap + + apiVersion: v1 + metadata: + name: smtp + data: + address: "" + username: "" + password: "" + domain: "" + port: "" + authentication: "" + openssl.verify.mode: "" + +parameters: +- name: AMP_RELEASE + description: "AMP release tag." + value: 2.0.0-CR2-redhat-1 + required: true +- name: ADMIN_PASSWORD + required: true + generate: expression + from: "[a-z0-9]{8}" +- name: ADMIN_USERNAME + value: admin + required: true +- name: APICAST_ACCESS_TOKEN + required: true + generate: expression + from: "[a-z0-9]{8}" + description: "Read Only Access Token that is APIcast going to use to download its configuration." +- name: ADMIN_ACCESS_TOKEN + required: false + generate: expression + from: "[a-z0-9]{16}" + description: "Admin Access Token with all scopes and write permissions for API access." +- name: WILDCARD_DOMAIN + description: Root domain for the wildcard routes. Eg. example.com will generate 3scale-admin.example.com. + required: true +- name: TENANT_NAME + description: "Tenant name under the root that Admin UI will be available with -admin suffix." + required: true + value: "3scale" +- name: MYSQL_USER + displayName: MySQL User + description: Username for MySQL user that will be used for accessing the database. + value: "mysql" + required: true +- name: MYSQL_PASSWORD + displayName: MySQL Password + description: Password for the MySQL user. + generate: expression + from: "[a-z0-9]{8}" + required: true +- name: MYSQL_DATABASE + displayName: MySQL Database Name + description: Name of the MySQL database accessed. + value: "system" + required: true +- name: MYSQL_ROOT_PASSWORD + displayName: MySQL Root password. + description: Password for Root user. + generate: expression + from: "[a-z0-9]{8}" + required: true +- name: SYSTEM_BACKEND_USERNAME + description: Internal 3scale API username for internal 3scale api auth. + value: "3scale_api_user" + required: true +- name: SYSTEM_BACKEND_PASSWORD + description: Internal 3scale API password for internal 3scale api auth. + generate: expression + from: "[a-z0-9]{8}" + required: true +- name: REDIS_IMAGE + description: Redis image to use + required: true + value: rhscl/redis-32-rhel7:3.2-5.7 +- name: MYSQL_IMAGE + description: Mysql image to use + required: true + value: rhscl/mysql-56-rhel7:5.6-13.14 +- name: SYSTEM_BACKEND_SHARED_SECRET + description: Shared secret to import events from backend to system. + generate: expression + from: "[a-z0-9]{8}" + required: true +- name: SYSTEM_APP_SECRET_KEY_BASE + description: System application secret key base + generate: expression + from: "[a-f0-9]{128}" + required: true +- name: APICAST_MANAGEMENT_API + description: "Scope of the APIcast Management API. Can be disabled, status or debug. At least status required for health checks." + required: false + value: "status" +- name: APICAST_OPENSSL_VERIFY + description: "Turn on/off the OpenSSL peer verification when downloading the configuration. Can be set to true/false." + required: false + value: "false" +- name: APICAST_RESPONSE_CODES + description: "Enable logging response codes in APIcast." + value: "true" + required: false diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/apicast-gateway-template.yml b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/apicast-gateway-template.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/apicast-gateway-template.yml diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/apicast.yml b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/apicast.yml new file mode 100644 index 000000000..8e8051c0b --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/apicast.yml @@ -0,0 +1,157 @@ +apiVersion: v1 +kind: Template +metadata: + name: 3scale-gateway + annotations: + description: "3scale API Gateway" + iconClass: "icon-load-balancer" + tags: "api,gateway,3scale" +objects: + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${APICAST_NAME}" + spec: + replicas: 2 + selector: + deploymentconfig: "${APICAST_NAME}" + strategy: + type: Rolling + template: + metadata: + labels: + deploymentconfig: "${APICAST_NAME}" + spec: + containers: + - env: + - name: THREESCALE_PORTAL_ENDPOINT + valueFrom: + secretKeyRef: + name: "${CONFIGURATION_URL_SECRET}" + key: password + - name: THREESCALE_CONFIG_FILE + value: "${CONFIGURATION_FILE_PATH}" + - name: THREESCALE_DEPLOYMENT_ENV + value: "${DEPLOYMENT_ENVIRONMENT}" + - name: RESOLVER + value: "${RESOLVER}" + - name: APICAST_SERVICES + value: "${SERVICES_LIST}" + - name: APICAST_CONFIGURATION_LOADER + value: "${CONFIGURATION_LOADER}" + - name: APICAST_LOG_LEVEL + value: "${LOG_LEVEL}" + - name: APICAST_PATH_ROUTING_ENABLED + value: "${PATH_ROUTING}" + - name: APICAST_RESPONSE_CODES + value: "${RESPONSE_CODES}" + - name: APICAST_CONFIGURATION_CACHE + value: "${CONFIGURATION_CACHE}" + - name: REDIS_URL + value: "${REDIS_URL}" + - name: APICAST_MANAGEMENT_API + value: "${MANAGEMENT_API}" + - name: OPENSSL_VERIFY + value: "${OPENSSL_VERIFY}" + image: 3scale-amp20/apicast-gateway:1.0-3 + imagePullPolicy: IfNotPresent + name: "${APICAST_NAME}" + livenessProbe: + httpGet: + path: /status/live + port: management + initialDelaySeconds: 10 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: /status/ready + port: management + initialDelaySeconds: 15 + timeoutSeconds: 1 + ports: + - name: proxy + containerPort: 8080 + protocol: TCP + - name: management + containerPort: 8090 + protocol: TCP + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: Service + metadata: + name: "${APICAST_NAME}" + spec: + ports: + - name: proxy + port: 8080 + protocol: TCP + targetPort: 8080 + - name: management + port: 8090 + protocol: TCP + targetPort: 8090 + selector: + deploymentconfig: "${APICAST_NAME}" + +parameters: +- name: AMP_RELEASE + description: "AMP release tag." + value: 2.0.0-CR2-redhat-1 + required: true +- description: "Name of the secret containing the THREESCALE_PORTAL_ENDPOINT with the access-token or provider key" + value: apicast-configuration-url-secret + name: CONFIGURATION_URL_SECRET + required: true +- description: "Path to saved JSON file with configuration for the gateway. Has to be injected to the docker image as read only volume." + value: + name: CONFIGURATION_FILE_PATH + required: false +- description: "Deployment environment. Can be sandbox or production." + value: production + name: DEPLOYMENT_ENVIRONMENT + required: true +- description: "Name for the 3scale API Gateway" + value: apicast + name: APICAST_NAME + required: true +- description: "DNS Resolver for openresty, if empty it will be autodiscovered" + value: + name: RESOLVER + required: false +- description: "Subset of services to run. Use comma separated list of service ids (eg. 42,1337)" + value: + name: SERVICES_LIST + required: false +- name: CONFIGURATION_LOADER + description: "When to load configuration. If on gateway start or incoming request. Allowed values are: lazy, boot." + value: boot + required: false +- description: "Log level. One of the following: debug, info, notice, warn, error, crit, alert, or emerg." + name: LOG_LEVEL + required: false +- description: "Enable path routing. Experimental feature." + name: PATH_ROUTING + required: false + value: "false" +- description: "Enable logging response codes to 3scale." + value: "false" + name: RESPONSE_CODES + required: false +- name: CONFIGURATION_CACHE + description: "For how long to cache the downloaded configuration in seconds. Can be left empty, 0 or greater than 60." + value: "" + required: false +- description: "Redis URL. Required for OAuth2 integration. ex: redis://PASSWORD@127.0.0.1:6379/0" + name: REDIS_URL + required: false +- name: MANAGEMENT_API + description: "Scope of the Management API. Can be disabled, status or debug. At least status required for health checks." + required: false + value: "status" +- name: OPENSSL_VERIFY + description: "Turn on/off the OpenSSL peer verification. Can be set to true/false." + required: true + value: "false" diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/cakephp-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/cakephp-mysql-persistent.json new file mode 100644 index 000000000..86ddc184a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/cakephp-mysql-persistent.json @@ -0,0 +1,586 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "cakephp-mysql-persistent", + "annotations": { + "openshift.io/display-name": "CakePHP + MySQL (Persistent)", + "description": "An example CakePHP application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/cakephp-ex/blob/master/README.md.", + "tags": "quickstart,php,cakephp", + "iconClass": "icon-php", + "openshift.io/long-description": "This template defines resources needed to develop a CakePHP application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/cakephp-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/cake-ex/blob/master/README.md.", + "labels": { + "template": "cakephp-mysql-persistent" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "cakephp-secret-token" : "${CAKEPHP_SECRET_TOKEN}", + "cakephp-security-salt" : "${CAKEPHP_SECURITY_SALT}", + "cakephp-security-cipher-seed" : "${CAKEPHP_SECURITY_CIPHER_SEED}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "php:7.0" + }, + "env": [ + { + "name": "COMPOSER_MIRROR", + "value": "${COMPOSER_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "./lib/Cake/Console/cake test app AllTests" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate", + "recreateParams": { + "pre": { + "failurePolicy": "Retry", + "execNewPod": { + "command": [ + "./migrate-database.sh" + ], + "containerName": "cakephp-mysql-persistent" + } + } + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "cakephp-mysql-persistent" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "cakephp-mysql-persistent", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health.php", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/health.php", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "DATABASE_ENGINE", + "value": "${DATABASE_ENGINE}" + }, + { + "name": "DATABASE_NAME", + "value": "${DATABASE_NAME}" + }, + { + "name": "DATABASE_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "DATABASE_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "CAKEPHP_SECRET_TOKEN", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "cakephp-secret-token" + } + } + }, + { + "name": "CAKEPHP_SECURITY_SALT", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "cakephp-security-salt" + } + } + }, + { + "name": "CAKEPHP_SECURITY_CIPHER_SEED", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "cakephp-security-cipher-seed" + } + } + }, + { + "name": "OPCACHE_REVALIDATE_FREQ", + "value": "${OPCACHE_REVALIDATE_FREQ}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "mysql", + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "mysql:5.7" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "containers": [ + { + "name": "mysql", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "MYSQL_PWD='${DATABASE_PASSWORD}' mysql -h 127.0.0.1 -u ${DATABASE_USER} -D ${DATABASE_NAME} -e 'SELECT 1'" ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_MYSQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "cakephp-mysql-persistent" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the CakePHP container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "MEMORY_MYSQL_LIMIT", + "displayName": "Memory Limit (MySQL)", + "description": "Maximum amount of memory the MySQL container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "value": "1Gi", + "required": true + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/openshift/cakephp-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "mysql" + }, + { + "name": "DATABASE_ENGINE", + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default).", + "required": true, + "value": "mysql" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "default" + }, + { + "name": "DATABASE_USER", + "displayName": "Database User", + "required": true, + "value": "cakephp" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "CAKEPHP_SECRET_TOKEN", + "displayName": "CakePHP secret token", + "description": "Set this to a long random string.", + "generate": "expression", + "from": "[\\w]{50}" + }, + { + "name": "CAKEPHP_SECURITY_SALT", + "displayName": "CakePHP Security Salt", + "description": "Security salt for session hash.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CAKEPHP_SECURITY_CIPHER_SEED", + "displayName": "CakePHP Security Cipher Seed", + "description": "Security cipher seed for session hash.", + "generate": "expression", + "from": "[0-9]{30}" + }, + { + "name": "OPCACHE_REVALIDATE_FREQ", + "displayName": "OPcache Revalidation Frequency", + "description": "How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", + "value": "2" + }, + { + "name": "COMPOSER_MIRROR", + "displayName": "Custom Composer Mirror URL", + "description": "The custom Composer mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/cakephp-mysql.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/cakephp-mysql.json new file mode 100644 index 000000000..3c964bd6a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/cakephp-mysql.json @@ -0,0 +1,560 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "cakephp-mysql-example", + "annotations": { + "openshift.io/display-name": "CakePHP + MySQL (Ephemeral)", + "description": "An example CakePHP application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/cakephp-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,php,cakephp", + "iconClass": "icon-php", + "openshift.io/long-description": "This template defines resources needed to develop a CakePHP application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/cakephp-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/cake-ex/blob/master/README.md.", + "labels": { + "template": "cakephp-mysql-example" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "cakephp-secret-token" : "${CAKEPHP_SECRET_TOKEN}", + "cakephp-security-salt" : "${CAKEPHP_SECURITY_SALT}", + "cakephp-security-cipher-seed" : "${CAKEPHP_SECURITY_CIPHER_SEED}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "php:7.0" + }, + "env": [ + { + "name": "COMPOSER_MIRROR", + "value": "${COMPOSER_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "./lib/Cake/Console/cake test app AllTests" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate", + "recreateParams": { + "pre": { + "failurePolicy": "Retry", + "execNewPod": { + "command": [ + "./migrate-database.sh" + ], + "containerName": "cakephp-mysql-example" + } + } + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "cakephp-mysql-example" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "cakephp-mysql-example", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health.php", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/health.php", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "DATABASE_ENGINE", + "value": "${DATABASE_ENGINE}" + }, + { + "name": "DATABASE_NAME", + "value": "${DATABASE_NAME}" + }, + { + "name": "DATABASE_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "DATABASE_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "CAKEPHP_SECRET_TOKEN", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "cakephp-secret-token" + } + } + }, + { + "name": "CAKEPHP_SECURITY_SALT", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "cakephp-security-salt" + } + } + }, + { + "name": "CAKEPHP_SECURITY_CIPHER_SEED", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "cakephp-security-cipher-seed" + } + } + }, + { + "name": "OPCACHE_REVALIDATE_FREQ", + "value": "${OPCACHE_REVALIDATE_FREQ}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "mysql", + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "mysql:5.7" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], + "containers": [ + { + "name": "mysql", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/mysql/data" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "MYSQL_PWD='${DATABASE_PASSWORD}' mysql -h 127.0.0.1 -u ${DATABASE_USER} -D ${DATABASE_NAME} -e 'SELECT 1'" ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_MYSQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "cakephp-mysql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the CakePHP container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "MEMORY_MYSQL_LIMIT", + "displayName": "Memory Limit (MySQL)", + "description": "Maximum amount of memory the MySQL container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/openshift/cakephp-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the CakePHP service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "mysql" + }, + { + "name": "DATABASE_ENGINE", + "displayName": "Database Engine", + "description": "Database engine: postgresql, mysql or sqlite (default).", + "required": true, + "value": "mysql" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "default" + }, + { + "name": "DATABASE_USER", + "displayName": "Database User", + "required": true, + "value": "cakephp" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "CAKEPHP_SECRET_TOKEN", + "displayName": "CakePHP secret token", + "description": "Set this to a long random string.", + "generate": "expression", + "from": "[\\w]{50}" + }, + { + "name": "CAKEPHP_SECURITY_SALT", + "displayName": "CakePHP Security Salt", + "description": "Security salt for session hash.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CAKEPHP_SECURITY_CIPHER_SEED", + "displayName": "CakePHP Security Cipher Seed", + "description": "Security cipher seed for session hash.", + "generate": "expression", + "from": "[0-9]{30}" + }, + { + "name": "OPCACHE_REVALIDATE_FREQ", + "displayName": "OPcache Revalidation Frequency", + "description": "How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.", + "value": "2" + }, + { + "name": "COMPOSER_MIRROR", + "displayName": "Custom Composer Mirror URL", + "description": "The custom Composer mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dancer-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dancer-mysql-persistent.json new file mode 100644 index 000000000..0a10c5fbc --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dancer-mysql-persistent.json @@ -0,0 +1,530 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "dancer-mysql-persistent", + "annotations": { + "openshift.io/display-name": "Dancer + MySQL (Persistent)", + "description": "An example Dancer application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", + "tags": "quickstart,perl,dancer", + "iconClass": "icon-perl", + "openshift.io/long-description": "This template defines resources needed to develop a Dancer based application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/dancer-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", + "labels": { + "template": "dancer-mysql-persistent" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "keybase" : "${SECRET_KEY_BASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "perl:5.24" + }, + "env": [ + { + "name": "CPAN_MIRROR", + "value": "${CPAN_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "perl -I extlib/lib/perl5 -I lib t/*" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "dancer-mysql-persistent" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "dancer-mysql-persistent", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "SECRET_KEY_BASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "keybase" + } + } + }, + { + "name": "PERL_APACHE2_RELOAD", + "value": "${PERL_APACHE2_RELOAD}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "mysql", + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "mysql:5.7" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "containers": [ + { + "name": "mysql", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mysql/data" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "MYSQL_PWD='${DATABASE_PASSWORD}' mysql -h 127.0.0.1 -u ${DATABASE_USER} -D ${DATABASE_NAME} -e 'SELECT 1'" ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_MYSQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "dancer-mysql-persistent" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Perl Dancer container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "MEMORY_MYSQL_LIMIT", + "displayName": "Memory Limit (MySQL)", + "description": "Maximum amount of memory the MySQL container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "value": "1Gi", + "required": true + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/openshift/dancer-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "database" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{8}" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "sampledb" + }, + { + "name": "PERL_APACHE2_RELOAD", + "displayName": "Perl Module Reload", + "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules.", + "value": "" + }, + { + "name": "SECRET_KEY_BASE", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", + "generate": "expression", + "from": "[a-z0-9]{127}" + }, + { + "name": "CPAN_MIRROR", + "displayName": "Custom CPAN Mirror URL", + "description": "The custom CPAN mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dancer-mysql.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dancer-mysql.json new file mode 100644 index 000000000..6122d5436 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dancer-mysql.json @@ -0,0 +1,504 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "dancer-mysql-example", + "annotations": { + "openshift.io/display-name": "Dancer + MySQL (Ephemeral)", + "description": "An example Dancer application with a MySQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,perl,dancer", + "iconClass": "icon-perl", + "openshift.io/long-description": "This template defines resources needed to develop a Dancer based application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/dancer-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/dancer-ex/blob/master/README.md.", + "labels": { + "template": "dancer-mysql-example" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "keybase" : "${SECRET_KEY_BASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "perl:5.24" + }, + "env": [ + { + "name": "CPAN_MIRROR", + "value": "${CPAN_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "perl -I extlib/lib/perl5 -I lib t/*" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "dancer-mysql-example" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "dancer-mysql-example", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "SECRET_KEY_BASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "keybase" + } + } + }, + { + "name": "PERL_APACHE2_RELOAD", + "value": "${PERL_APACHE2_RELOAD}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "mysql", + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "mysql:5.7" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], + "containers": [ + { + "name": "mysql", + "image": " ", + "ports": [ + { + "containerPort": 3306 + } + ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/mysql/data" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "MYSQL_PWD='${DATABASE_PASSWORD}' mysql -h 127.0.0.1 -u ${DATABASE_USER} -D ${DATABASE_NAME} -e 'SELECT 1'" ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MYSQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MYSQL_DATABASE", + "value": "${DATABASE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_MYSQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "dancer-mysql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Perl Dancer container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "MEMORY_MYSQL_LIMIT", + "displayName": "Memory Limit (MySQL)", + "description": "Maximum amount of memory the MySQL container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/openshift/dancer-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Dancer service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "database" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{8}" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "sampledb" + }, + { + "name": "PERL_APACHE2_RELOAD", + "displayName": "Perl Module Reload", + "description": "Set this to \"true\" to enable automatic reloading of modified Perl modules.", + "value": "" + }, + { + "name": "SECRET_KEY_BASE", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", + "generate": "expression", + "from": "[a-z0-9]{127}" + }, + { + "name": "CPAN_MIRROR", + "displayName": "Custom CPAN Mirror URL", + "description": "The custom CPAN mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/django-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/django-postgresql-persistent.json new file mode 100644 index 000000000..f3b5838fa --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/django-postgresql-persistent.json @@ -0,0 +1,540 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "django-psql-persistent", + "annotations": { + "openshift.io/display-name": "Django + PostgreSQL (Persistent)", + "description": "An example Django application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", + "tags": "quickstart,python,django", + "iconClass": "icon-python", + "openshift.io/long-description": "This template defines resources needed to develop a Django based application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/django-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", + "labels": { + "template": "django-psql-persistent" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "django-secret-key" : "${DJANGO_SECRET_KEY}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "python:3.5" + }, + "env": [ + { + "name": "PIP_INDEX_URL", + "value": "${PIP_INDEX_URL}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "./manage.py test" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "django-psql-persistent" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "django-psql-persistent", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "DATABASE_ENGINE", + "value": "${DATABASE_ENGINE}" + }, + { + "name": "DATABASE_NAME", + "value": "${DATABASE_NAME}" + }, + { + "name": "DATABASE_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "DATABASE_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "APP_CONFIG", + "value": "${APP_CONFIG}" + }, + { + "name": "DJANGO_SECRET_KEY", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "django-secret-key" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "postgresql:9.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432 + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + } + ], + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "django-psql-persistent" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "required": true, + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "required": true, + "description": "Maximum amount of memory the Django container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_POSTGRESQL_LIMIT", + "displayName": "Memory Limit (PostgreSQL)", + "required": true, + "description": "Maximum amount of memory the PostgreSQL container can use.", + "value": "512Mi" + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "value": "1Gi", + "required": true + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "required": true, + "description": "The URL of the repository with your application source code.", + "value": "https://github.com/openshift/django-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "postgresql" + }, + { + "name": "DATABASE_ENGINE", + "displayName": "Database Engine", + "required": true, + "description": "Database engine: postgresql, mysql or sqlite (default).", + "value": "postgresql" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "default" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "required": true, + "value": "django" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database User Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "APP_CONFIG", + "displayName": "Application Configuration File Path", + "description": "Relative path to Gunicorn configuration file (optional)." + }, + { + "name": "DJANGO_SECRET_KEY", + "displayName": "Django Secret Key", + "description": "Set this to a long random string.", + "generate": "expression", + "from": "[\\w]{50}" + }, + { + "name": "PIP_INDEX_URL", + "displayName": "Custom PyPi Index URL", + "description": "The custom PyPi index URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/django-postgresql.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/django-postgresql.json new file mode 100644 index 000000000..b21295df2 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/django-postgresql.json @@ -0,0 +1,514 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "django-psql-example", + "annotations": { + "openshift.io/display-name": "Django + PostgreSQL (Ephemeral)", + "description": "An example Django application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,python,django", + "iconClass": "icon-python", + "openshift.io/long-description": "This template defines resources needed to develop a Django based application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/django-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/django-ex/blob/master/README.md.", + "labels": { + "template": "django-psql-example" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "django-secret-key" : "${DJANGO_SECRET_KEY}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "python:3.5" + }, + "env": [ + { + "name": "PIP_INDEX_URL", + "value": "${PIP_INDEX_URL}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "./manage.py test" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "django-psql-example" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "django-psql-example", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/health", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "DATABASE_ENGINE", + "value": "${DATABASE_ENGINE}" + }, + { + "name": "DATABASE_NAME", + "value": "${DATABASE_NAME}" + }, + { + "name": "DATABASE_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "DATABASE_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "APP_CONFIG", + "value": "${APP_CONFIG}" + }, + { + "name": "DJANGO_SECRET_KEY", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "django-secret-key" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "postgresql:9.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432 + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + } + ], + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "django-psql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "required": true, + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "required": true, + "description": "Maximum amount of memory the Django container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_POSTGRESQL_LIMIT", + "displayName": "Memory Limit (PostgreSQL)", + "required": true, + "description": "Maximum amount of memory the PostgreSQL container can use.", + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "required": true, + "description": "The URL of the repository with your application source code.", + "value": "https://github.com/openshift/django-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Django service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "postgresql" + }, + { + "name": "DATABASE_ENGINE", + "displayName": "Database Engine", + "required": true, + "description": "Database engine: postgresql, mysql or sqlite (default).", + "value": "postgresql" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "default" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "required": true, + "value": "django" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database User Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "APP_CONFIG", + "displayName": "Application Configuration File Path", + "description": "Relative path to Gunicorn configuration file (optional)." + }, + { + "name": "DJANGO_SECRET_KEY", + "displayName": "Django Secret Key", + "description": "Set this to a long random string.", + "generate": "expression", + "from": "[\\w]{50}" + }, + { + "name": "PIP_INDEX_URL", + "displayName": "Custom PyPi Index URL", + "description": "The custom PyPi index URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dotnet-example.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dotnet-example.json new file mode 100644 index 000000000..f1fef3093 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dotnet-example.json @@ -0,0 +1,333 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-example", + "annotations": { + "openshift.io/display-name": ".NET Core Example", + "description": "An example .NET Core application.", + "tags": "quickstart,dotnet,.net", + "iconClass": "icon-dotnet", + "template.openshift.io/provider-display-name": "Red Hat, Inc.", + "template.openshift.io/documentation-url": "https://github.com/redhat-developer/s2i-dotnetcore", + "template.openshift.io/support-url": "https://access.redhat.com" + } + }, + "objects": [ + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "${DOTNET_IMAGE_STREAM_TAG}" + }, + "env": [ + { + "name": "DOTNET_STARTUP_PROJECT", + "value": "${DOTNET_STARTUP_PROJECT}" + }, + { + "name": "DOTNET_ASSEMBLY_NAME", + "value": "${DOTNET_ASSEMBLY_NAME}" + }, + { + "name": "DOTNET_NPM_TOOLS", + "value": "${DOTNET_NPM_TOOLS}" + }, + { + "name": "DOTNET_TEST_PROJECTS", + "value": "${DOTNET_TEST_PROJECTS}" + }, + { + "name": "DOTNET_CONFIGURATION", + "value": "${DOTNET_CONFIGURATION}" + }, + { + "name": "DOTNET_PUBLISH", + "value": "true" + }, + { + "name": "DOTNET_RESTORE_SOURCES", + "value": "${DOTNET_RESTORE_SOURCES}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server" + } + }, + "spec": { + "strategy": { + "type": "Rolling" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "dotnet-app" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "dotnet-app", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "livenessProbe": { + "httpGet": { + "path": "/", + "port": 8080, + "scheme": "HTTP" + }, + "initialDelaySeconds": 40, + "timeoutSeconds": 15 + }, + "readinessProbe": { + "httpGet": { + "path": "/", + "port": 8080, + "scheme": "HTTP" + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 30 + }, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "env": [] + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "dotnet-example" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "DOTNET_IMAGE_STREAM_TAG", + "displayName": ".NET builder", + "required": true, + "description": "The image stream tag which is used to build the code.", + "value": "dotnet:2.0" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "value": "dotnetcore-2.0" + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to use a subdirectory of the source code repository" + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the .NET Core service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "GENERIC_WEBHOOK_SECRET", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DOTNET_STARTUP_PROJECT", + "displayName": "Startup Project", + "description": "Set this to a project file (e.g. csproj) or a folder containing a single project file.", + "value": "app" + }, + { + "name": "DOTNET_ASSEMBLY_NAME", + "displayName": "Startup Assembly", + "description": "Set this when the assembly name is overridden in the project file." + }, + { + "name": "DOTNET_NPM_TOOLS", + "displayName": "Npm Tools", + "description": "Set this to a space separated list of npm tools needed to publish.", + "value": "bower gulp" + }, + { + "name": "DOTNET_TEST_PROJECTS", + "displayName": "Test projects", + "description": "Set this to a space separated list of test projects to run before publishing." + }, + { + "name": "DOTNET_CONFIGURATION", + "displayName": "Configuration", + "description": "Set this to configuration (Release/Debug).", + "value": "Release" + }, + { + "name": "DOTNET_RESTORE_SOURCES", + "displayName": "NuGet package sources", + "description": "Set this to override the NuGet.config sources." + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dotnet-pgsql-persistent.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dotnet-pgsql-persistent.json new file mode 100644 index 000000000..c83132152 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dotnet-pgsql-persistent.json @@ -0,0 +1,565 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-pgsql-persistent", + "annotations": { + "openshift.io/display-name": ".NET Core + PostgreSQL (Persistent)", + "description": "An example .NET Core application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore.", + "tags": "quickstart,dotnet", + "iconClass": "icon-dotnet", + "template.openshift.io/provider-display-name": "Red Hat, Inc.", + "template.openshift.io/documentation-url": "https://github.com/redhat-developer/s2i-dotnetcore", + "template.openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore.", + "labels": { + "template": "dotnet-pgsql-persistent" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData": { + "database-password": "${DATABASE_PASSWORD}", + "connect-string": "Host=${DATABASE_SERVICE_NAME};Database=${DATABASE_NAME};Username=${DATABASE_USER};Password=${DATABASE_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "${DOTNET_IMAGE_STREAM_TAG}" + }, + "env": [ + { + "name": "DOTNET_STARTUP_PROJECT", + "value": "${DOTNET_STARTUP_PROJECT}" + }, + { + "name": "DOTNET_ASSEMBLY_NAME", + "value": "${DOTNET_ASSEMBLY_NAME}" + }, + { + "name": "DOTNET_NPM_TOOLS", + "value": "${DOTNET_NPM_TOOLS}" + }, + { + "name": "DOTNET_TEST_PROJECTS", + "value": "${DOTNET_TEST_PROJECTS}" + }, + { + "name": "DOTNET_CONFIGURATION", + "value": "${DOTNET_CONFIGURATION}" + }, + { + "name": "DOTNET_PUBLISH", + "value": "true" + }, + { + "name": "DOTNET_RESTORE_SOURCES", + "value": "${DOTNET_RESTORE_SOURCES}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "updatePeriodSeconds": 1, + "intervalSeconds": 1, + "timeoutSeconds": 600, + "maxUnavailable": "25%", + "maxSurge": "25%" + }, + "resources": {} + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "dotnet-pgsql-persistent" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "dotnet-pgsql-persistent", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "env": [ + { + "name": "ConnectionString", + "valueFrom": { + "secretKeyRef": { + "name": "${NAME}", + "key": "connect-string" + } + } + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "livenessProbe": { + "httpGet": { + "path": "/", + "port": 8080, + "scheme": "HTTP" + }, + "initialDelaySeconds": 40, + "timeoutSeconds": 10 + }, + "readinessProbe": { + "httpGet": { + "path": "/", + "port": 8080, + "scheme": "HTTP" + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 30 + } + } + ] + } + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "openshift", + "name": "postgresql:9.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ + "/bin/sh", + "-i", + "-c", + "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'" + ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DATABASE_USER}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef": { + "name": "${NAME}", + "key": "database-password" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "musicstore" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "required": true, + "description": "Maximum amount of memory the .NET Core container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_POSTGRESQL_LIMIT", + "displayName": "Memory Limit (PostgreSQL)", + "required": true, + "description": "Maximum amount of memory the PostgreSQL container can use.", + "value": "512Mi" + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "value": "1Gi", + "required": true + }, + { + "name": "DOTNET_IMAGE_STREAM_TAG", + "displayName": ".NET builder", + "required": true, + "description": "The image stream tag which is used to build the code.", + "value": "dotnet:2.0" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "required": true, + "description": "The OpenShift Namespace where the .NET builder ImageStream resides.", + "value": "openshift" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "required": true, + "description": "The URL of the repository with your application source code.", + "value": "https://github.com/redhat-developer/s2i-aspnet-musicstore-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "value": "rel/2.0-example" + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "DOTNET_STARTUP_PROJECT", + "displayName": "Startup Project", + "description": "Set this to a project file (e.g. csproj) or a folder containing a single project file.", + "value": "samples/MusicStore" + }, + { + "name": "DOTNET_ASSEMBLY_NAME", + "displayName": "Startup Assembly", + "description": "Set this when the assembly name is overridden in the project file." + }, + { + "name": "DOTNET_NPM_TOOLS", + "displayName": "Npm Tools", + "description": "Set this to a space separated list of npm tools needed to publish." + }, + { + "name": "DOTNET_TEST_PROJECTS", + "displayName": "Test projects", + "description": "Set this to a space separated list of test projects to run before publishing." + }, + { + "name": "DOTNET_CONFIGURATION", + "displayName": "Configuration", + "description": "Set this to configuration (Release/Debug).", + "value": "Release" + }, + { + "name": "DOTNET_RESTORE_SOURCES", + "displayName": "NuGet package sources", + "description": "Set this to override the NuGet.config sources." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the .NET Core service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "required": true, + "displayName": "Database Service Name", + "value": "postgresql" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{8}" + }, + { + "name": "DATABASE_NAME", + "required": true, + "displayName": "Database Name", + "value": "musicstore" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "displayName": "Maximum Database Connections", + "value": "100" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "displayName": "Shared Buffer Amount", + "value": "12MB" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dotnet-runtime-example.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dotnet-runtime-example.json new file mode 100644 index 000000000..e1dccf290 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/dotnet-runtime-example.json @@ -0,0 +1,412 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-runtime-example", + "annotations": { + "openshift.io/display-name": ".NET Core Runtime Example", + "description": "An example .NET Core Runtime example application.", + "tags": "quickstart,dotnet,.net", + "iconClass": "icon-dotnet", + "template.openshift.io/provider-display-name": "Red Hat, Inc.", + "template.openshift.io/documentation-url": "https://github.com/redhat-developer/s2i-dotnetcore", + "template.openshift.io/support-url": "https://access.redhat.com" + } + }, + "objects": [ + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application runtime image" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}-build", + "annotations": { + "description": "Keeps track of changes in the application builder image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}-build", + "annotations": { + "description": "Defines how to build the application" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "${DOTNET_BUILD_IMAGE_STREAM_TAG}" + }, + "env": [ + { + "name": "DOTNET_STARTUP_PROJECT", + "value": "${DOTNET_STARTUP_PROJECT}" + }, + { + "name": "DOTNET_ASSEMBLY_NAME", + "value": "${DOTNET_ASSEMBLY_NAME}" + }, + { + "name": "DOTNET_NPM_TOOLS", + "value": "${DOTNET_NPM_TOOLS}" + }, + { + "name": "DOTNET_TEST_PROJECTS", + "value": "${DOTNET_TEST_PROJECTS}" + }, + { + "name": "DOTNET_CONFIGURATION", + "value": "${DOTNET_CONFIGURATION}" + }, + { + "name": "DOTNET_RESTORE_SOURCES", + "value": "${DOTNET_RESTORE_SOURCES}" + }, + { + "name": "DOTNET_PACK", + "value": "true" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}-build:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + } + ] + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}-runtime", + "annotations": { + "description": "Defines how to chain the runtime image from the source build image" + } + }, + "spec": { + "source": { + "dockerfile": "FROM ${DOTNET_RUNTIME_IMAGE_STREAM_TAG}\nADD app.tar.gz .", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}-build:latest" + }, + "paths": [ + { + "sourcePath": "/opt/app-root/app.tar.gz", + "destinationDir": "." + } + ] + } + ] + }, + "strategy": { + "type": "Docker", + "dockerStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "${DOTNET_RUNTIME_IMAGE_STREAM_TAG}" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}-build:latest" + } + } + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}-runtime", + "annotations": { + "description": "Defines how to deploy the application server" + } + }, + "spec": { + "strategy": { + "type": "Rolling" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "dotnet-runtime-app" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "dotnet-runtime-app", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "livenessProbe": { + "httpGet": { + "path": "/", + "port": 8080, + "scheme": "HTTP" + }, + "initialDelaySeconds": 40, + "timeoutSeconds": 15 + }, + "readinessProbe": { + "httpGet": { + "path": "/", + "port": 8080, + "scheme": "HTTP" + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 30 + }, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "env": [] + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "dotnet-runtime-example" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "DOTNET_RUNTIME_IMAGE_STREAM_TAG", + "displayName": ".NET Runtime Imagestream Tag", + "description": "The image stream tag which is used to run the application.", + "required": true, + "value": "dotnet-runtime:2.0" + }, + { + "name": "DOTNET_BUILD_IMAGE_STREAM_TAG", + "displayName": ".NET builder", + "required": true, + "description": "The image stream tag which is used to build the application.", + "value": "dotnet:2.0" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the .NET Core service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "value": "dotnetcore-2.0" + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to use a subdirectory of the source code repository" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "GENERIC_WEBHOOK_SECRET", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DOTNET_STARTUP_PROJECT", + "displayName": "Startup Project", + "description": "Set this to the folder containing your startup project.", + "value": "app" + }, + { + "name": "DOTNET_ASSEMBLY_NAME", + "displayName": "Startup Assembly", + "description": "Set this when the assembly name is overridden in the project file." + }, + { + "name": "DOTNET_NPM_TOOLS", + "displayName": "Npm Tools", + "description": "Set this to a space separated list of npm tools needed to publish.", + "value": "bower gulp" + }, + { + "name": "DOTNET_TEST_PROJECTS", + "displayName": "Test projects", + "description": "Set this to a space separated list of test projects to run before publishing." + }, + { + "name": "DOTNET_CONFIGURATION", + "displayName": "Configuration", + "description": "Set this to configuration (Release/Debug).", + "value": "Release" + }, + { + "name": "DOTNET_RESTORE_SOURCES", + "displayName": "NuGet package sources", + "description": "Set this to override the NuGet.config sources." + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/httpd.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/httpd.json new file mode 100644 index 000000000..3771280bf --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/httpd.json @@ -0,0 +1,274 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "httpd-example", + "annotations": { + "openshift.io/display-name": "Apache HTTP Server", + "description": "An example Apache HTTP Server (httpd) application that serves static content. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/httpd-ex/blob/master/README.md.", + "tags": "quickstart,httpd", + "iconClass": "icon-apache", + "openshift.io/long-description": "This template defines resources needed to develop a static application served by Apache HTTP Server (httpd), including a build configuration and application deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/httpd-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/httpd-ex/blob/master/README.md.", + "labels": { + "template": "httpd-example" + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "httpd:2.4" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Rolling" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "httpd-example" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "httpd-example", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/", + "port": 8080 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "env": [ + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "httpd-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/openshift/httpd-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the httpd service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "GENERIC_WEBHOOK_SECRET", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/jenkins-ephemeral-template.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/jenkins-ephemeral-template.json new file mode 100644 index 000000000..28b4b9d81 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/jenkins-ephemeral-template.json @@ -0,0 +1,284 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "jenkins-ephemeral", + "annotations": { + "openshift.io/display-name": "Jenkins (Ephemeral)", + "description": "Jenkins service, without persistent storage.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "iconClass": "icon-jenkins", + "tags": "instant-app,jenkins", + "openshift.io/long-description": "This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login. The Jenkins configuration is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/other_images/jenkins.html", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", + "objects": [ + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" + } + }, + "spec": { + "to": { + "kind": "Service", + "name": "${JENKINS_SERVICE_NAME}" + }, + "tls": { + "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "jenkins" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${JENKINS_IMAGE_STREAM_TAG}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", + "containers": [ + { + "name": "jenkins", + "image": " ", + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 420, + "failureThreshold" : 30, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "env": [ + { + "name": "OPENSHIFT_ENABLE_OAUTH", + "value": "${ENABLE_OAUTH}" + }, + { + "name": "OPENSHIFT_ENABLE_REDIRECT_PROMPT", + "value": "true" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JENKINS_SERVICE_NAME", + "value": "${JENKINS_SERVICE_NAME}" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "mountPath": "/var/lib/jenkins" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + } + }, + { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "serviceaccounts.openshift.io/oauth-redirectreference.jenkins": "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"${JENKINS_SERVICE_NAME}\"}}" + } + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JNLP_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "agent", + "protocol": "TCP", + "port": 50000, + "targetPort": 50000, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + } + } + ], + "parameters": [ + { + "name": "JENKINS_SERVICE_NAME", + "displayName": "Jenkins Service Name", + "description": "The name of the OpenShift Service exposed for the Jenkins container.", + "value": "jenkins" + }, + { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { + "name": "ENABLE_OAUTH", + "displayName": "Enable OAuth in Jenkins", + "description": "Whether to enable OAuth OpenShift integration. If false, the static account 'admin' will be initialized with the password 'password'.", + "value": "true" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" + } + ], + "labels": { + "template": "jenkins-ephemeral-template" + } +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/jenkins-persistent-template.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/jenkins-persistent-template.json new file mode 100644 index 000000000..4915bb12c --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/jenkins-persistent-template.json @@ -0,0 +1,308 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "jenkins-persistent", + "annotations": { + "openshift.io/display-name": "Jenkins (Persistent)", + "description": "Jenkins service, with persistent storage.\n\nNOTE: You must have persistent volumes available in your cluster to use this template.", + "iconClass": "icon-jenkins", + "tags": "instant-app,jenkins", + "openshift.io/long-description": "This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://docs.openshift.org/latest/using_images/other_images/jenkins.html", + "openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template.", + "objects": [ + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "template.openshift.io/expose-uri": "http://{.spec.host}{.spec.path}" + } + }, + "spec": { + "to": { + "kind": "Service", + "name": "${JENKINS_SERVICE_NAME}" + }, + "tls": { + "termination": "edge", + "insecureEdgeTerminationPolicy": "Redirect" + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "jenkins" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${JENKINS_IMAGE_STREAM_TAG}", + "namespace": "${NAMESPACE}" + }, + "lastTriggeredImage": "" + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "template": { + "metadata": { + "labels": { + "name": "${JENKINS_SERVICE_NAME}" + } + }, + "spec": { + "serviceAccountName": "${JENKINS_SERVICE_NAME}", + "containers": [ + { + "name": "jenkins", + "image": " ", + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 420, + "failureThreshold" : 30, + "httpGet": { + "path": "/login", + "port": 8080 + } + }, + "env": [ + { + "name": "OPENSHIFT_ENABLE_OAUTH", + "value": "${ENABLE_OAUTH}" + }, + { + "name": "OPENSHIFT_ENABLE_REDIRECT_PROMPT", + "value": "true" + }, + { + "name": "KUBERNETES_MASTER", + "value": "https://kubernetes.default:443" + }, + { + "name": "KUBERNETES_TRUST_CERTIFICATES", + "value": "true" + }, + { + "name": "JENKINS_SERVICE_NAME", + "value": "${JENKINS_SERVICE_NAME}" + }, + { + "name": "JNLP_SERVICE_NAME", + "value": "${JNLP_SERVICE_NAME}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "mountPath": "/var/lib/jenkins" + } + ], + "terminationMessagePath": "/dev/termination-log", + "imagePullPolicy": "IfNotPresent", + "capabilities": {}, + "securityContext": { + "capabilities": {}, + "privileged": false + } + } + ], + "volumes": [ + { + "name": "${JENKINS_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${JENKINS_SERVICE_NAME}" + } + } + ], + "restartPolicy": "Always", + "dnsPolicy": "ClusterFirst" + } + } + } + }, + { + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "serviceaccounts.openshift.io/oauth-redirectreference.jenkins": "{\"kind\":\"OAuthRedirectReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"Route\",\"name\":\"${JENKINS_SERVICE_NAME}\"}}" + } + } + }, + { + "kind": "RoleBinding", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}_edit" + }, + "groupNames": null, + "subjects": [ + { + "kind": "ServiceAccount", + "name": "${JENKINS_SERVICE_NAME}" + } + ], + "roleRef": { + "name": "edit" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JNLP_SERVICE_NAME}" + }, + "spec": { + "ports": [ + { + "name": "agent", + "protocol": "TCP", + "port": 50000, + "targetPort": 50000, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${JENKINS_SERVICE_NAME}", + "annotations": { + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${JNLP_SERVICE_NAME}\", \"namespace\": \"\", \"kind\": \"Service\"}]", + "service.openshift.io/infrastructure": "true" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "protocol": "TCP", + "port": 80, + "targetPort": 8080, + "nodePort": 0 + } + ], + "selector": { + "name": "${JENKINS_SERVICE_NAME}" + }, + "type": "ClusterIP", + "sessionAffinity": "None" + } + } + ], + "parameters": [ + { + "name": "JENKINS_SERVICE_NAME", + "displayName": "Jenkins Service Name", + "description": "The name of the OpenShift Service exposed for the Jenkins container.", + "value": "jenkins" + }, + { + "name": "JNLP_SERVICE_NAME", + "displayName": "Jenkins JNLP Service Name", + "description": "The name of the service used for master/slave communication.", + "value": "jenkins-jnlp" + }, + { + "name": "ENABLE_OAUTH", + "displayName": "Enable OAuth in Jenkins", + "description": "Whether to enable OAuth OpenShift integration. If false, the static account 'admin' will be initialized with the password 'password'.", + "value": "true" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "value": "512Mi" + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi.", + "value": "1Gi", + "required": true + }, + { + "name": "NAMESPACE", + "displayName": "Jenkins ImageStream Namespace", + "description": "The OpenShift Namespace where the Jenkins ImageStream resides.", + "value": "openshift" + }, + { + "name": "JENKINS_IMAGE_STREAM_TAG", + "displayName": "Jenkins ImageStreamTag", + "description": "Name of the ImageStreamTag to be used for the Jenkins image.", + "value": "jenkins:latest" + } + ], + "labels": { + "template": "jenkins-persistent-template" + } +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/nodejs-mongodb-persistent.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/nodejs-mongodb-persistent.json new file mode 100644 index 000000000..7f2a5d804 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/nodejs-mongodb-persistent.json @@ -0,0 +1,549 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "nodejs-mongo-persistent", + "annotations": { + "openshift.io/display-name": "Node.js + MongoDB (Persistent)", + "description": "An example Node.js application with a MongoDB database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", + "tags": "quickstart,nodejs", + "iconClass": "icon-nodejs", + "openshift.io/long-description": "This template defines resources needed to develop a NodeJS application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/nodejs-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", + "labels": { + "template": "nodejs-mongo-persistent" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData": { + "database-user": "${DATABASE_USER}", + "database-password": "${DATABASE_PASSWORD}", + "database-admin-password" : "${DATABASE_ADMIN_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "nodejs:6" + }, + "env": [ + { + "name": "NPM_MIRROR", + "value": "${NPM_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "npm test" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "nodejs-mongo-persistent" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "nodejs-mongo-persistent", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "MONGODB_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MONGODB_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MONGODB_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-admin-password" + } + } + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "mongodb", + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "mongodb:3.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mongodb", + "image": " ", + "ports": [ + { + "containerPort": 27017 + } + ], + "env": [ + { + "name": "MONGODB_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MONGODB_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MONGODB_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-admin-password" + } + } + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 3, + "exec": { + "command": [ + "/bin/sh", + "-i", + "-c", + "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\"" + ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 27017 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_MONGODB_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mongodb/data" + } + ] + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "nodejs-mongo-persistent" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Node.js container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "MEMORY_MONGODB_LIMIT", + "displayName": "Memory Limit (MongoDB)", + "description": "Maximum amount of memory the MongoDB container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "value": "1Gi", + "required": true + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/openshift/nodejs-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "GENERIC_WEBHOOK_SECRET", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "mongodb" + }, + { + "name": "DATABASE_USER", + "displayName": "MongoDB Username", + "description": "Username for MongoDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "sampledb" + }, + { + "name": "DATABASE_ADMIN_PASSWORD", + "displayName": "Database Administrator Password", + "description": "Password for the database admin user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "NPM_MIRROR", + "displayName": "Custom NPM Mirror URL", + "description": "The custom NPM mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/nodejs-mongodb.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/nodejs-mongodb.json new file mode 100644 index 000000000..b3afae46e --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/nodejs-mongodb.json @@ -0,0 +1,525 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "nodejs-mongodb-example", + "annotations": { + "openshift.io/display-name": "Node.js + MongoDB (Ephemeral)", + "description": "An example Node.js application with a MongoDB database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,nodejs", + "iconClass": "icon-nodejs", + "openshift.io/long-description": "This template defines resources needed to develop a NodeJS application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/nodejs-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/nodejs-ex/blob/master/README.md.", + "labels": { + "template": "nodejs-mongodb-example" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData": { + "database-user": "${DATABASE_USER}", + "database-password": "${DATABASE_PASSWORD}", + "database-admin-password" : "${DATABASE_ADMIN_PASSWORD}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "nodejs:6" + }, + "env": [ + { + "name": "NPM_MIRROR", + "value": "${NPM_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "npm test" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "nodejs-mongodb-example" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "nodejs-mongodb-example", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "MONGODB_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MONGODB_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MONGODB_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-admin-password" + } + } + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 3, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 30, + "httpGet": { + "path": "/pagecount", + "port": 8080 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "mongodb", + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "mongodb:3.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "mongodb", + "image": " ", + "ports": [ + { + "containerPort": 27017 + } + ], + "env": [ + { + "name": "MONGODB_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "MONGODB_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "MONGODB_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-admin-password" + } + } + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 3, + "exec": { + "command": [ + "/bin/sh", + "-i", + "-c", + "mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p $MONGODB_PASSWORD --eval=\"quit()\"" + ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 27017 + } + }, + "resources": { + "limits": { + "memory": "${MEMORY_MONGODB_LIMIT}" + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/mongodb/data" + } + ] + } + ], + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "emptyDir": { + "medium": "" + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "nodejs-mongodb-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the Node.js container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "MEMORY_MONGODB_LIMIT", + "displayName": "Memory Limit (MongoDB)", + "description": "Maximum amount of memory the MongoDB container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/openshift/nodejs-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Node.js service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "GENERIC_WEBHOOK_SECRET", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "displayName": "Database Service Name", + "required": true, + "value": "mongodb" + }, + { + "name": "DATABASE_USER", + "displayName": "MongoDB Username", + "description": "Username for MongoDB user that will be used for accessing the database.", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "MongoDB Password", + "description": "Password for the MongoDB user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "DATABASE_NAME", + "displayName": "Database Name", + "required": true, + "value": "sampledb" + }, + { + "name": "DATABASE_ADMIN_PASSWORD", + "displayName": "Database Administrator Password", + "description": "Password for the database admin user.", + "generate": "expression", + "from": "[a-zA-Z0-9]{16}" + }, + { + "name": "NPM_MIRROR", + "displayName": "Custom NPM Mirror URL", + "description": "The custom NPM mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/pvc.yml b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/pvc.yml new file mode 100644 index 000000000..0bbb8e625 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/pvc.yml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Template +metadata: + name: "amp-pvc" +objects: + +- apiVersion: "v1" + kind: "PersistentVolumeClaim" + metadata: + name: "system-storage" + spec: + accessModes: + - "ReadWriteMany" + resources: + requests: + storage: "100Mi" + +- apiVersion: "v1" + kind: "PersistentVolumeClaim" + metadata: + name: "mysql-storage" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + +- apiVersion: "v1" + kind: "PersistentVolumeClaim" + metadata: + name: "system-redis-storage" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" + +- apiVersion: "v1" + kind: "PersistentVolumeClaim" + metadata: + name: "backend-redis-storage" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "1Gi" diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/rails-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/rails-postgresql-persistent.json new file mode 100644 index 000000000..1c03be28a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/rails-postgresql-persistent.json @@ -0,0 +1,606 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "rails-pgsql-persistent", + "annotations": { + "openshift.io/display-name": "Rails + PostgreSQL (Persistent)", + "description": "An example Rails application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", + "tags": "quickstart,ruby,rails", + "iconClass": "icon-ruby", + "openshift.io/long-description": "This template defines resources needed to develop a Rails application, including a build configuration, application deployment configuration, and database deployment configuration.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/rails-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", + "labels": { + "template": "rails-pgsql-persistent" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "application-user" : "${APPLICATION_USER}", + "application-password" : "${APPLICATION_PASSWORD}", + "keybase" : "${SECRET_KEY_BASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "ruby:2.3" + }, + "env": [ + { + "name": "RUBYGEM_MIRROR", + "value": "${RUBYGEM_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "bundle exec rake test" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate", + "recreateParams": { + "pre": { + "failurePolicy": "Abort", + "execNewPod": { + "command": [ + "./migrate-database.sh" + ], + "containerName": "${NAME}" + } + } + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${NAME}", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 5, + "httpGet": { + "path": "/articles", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 10, + "httpGet": { + "path": "/articles", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "SECRET_KEY_BASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "keybase" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + }, + { + "name": "APPLICATION_DOMAIN", + "value": "${APPLICATION_DOMAIN}" + }, + { + "name": "APPLICATION_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "application-user" + } + } + }, + { + "name": "APPLICATION_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "application-password" + } + } + }, + { + "name": "RAILS_ENV", + "value": "${RAILS_ENV}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "postgresql:9.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "rails-pgsql-persistent" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "required": true, + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "required": true, + "description": "Maximum amount of memory the Rails container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_POSTGRESQL_LIMIT", + "displayName": "Memory Limit (PostgreSQL)", + "required": true, + "description": "Maximum amount of memory the PostgreSQL container can use.", + "value": "512Mi" + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "value": "1Gi", + "required": true + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "required": true, + "description": "The URL of the repository with your application source code.", + "value": "https://github.com/openshift/rails-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Rails service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "SECRET_KEY_BASE", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", + "generate": "expression", + "from": "[a-z0-9]{127}" + }, + { + "name": "APPLICATION_USER", + "displayName": "Application Username", + "required": true, + "description": "The application user that is used within the sample application to authorize access on pages.", + "value": "openshift" + }, + { + "name": "APPLICATION_PASSWORD", + "displayName": "Application Password", + "required": true, + "description": "The application password that is used within the sample application to authorize access on pages.", + "value": "secret" + }, + { + "name": "RAILS_ENV", + "displayName": "Rails Environment", + "required": true, + "description": "Environment under which the sample application will run. Could be set to production, development or test.", + "value": "production" + }, + { + "name": "DATABASE_SERVICE_NAME", + "required": true, + "displayName": "Database Service Name", + "value": "postgresql" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{8}" + }, + { + "name": "DATABASE_NAME", + "required": true, + "displayName": "Database Name", + "value": "root" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "displayName": "Maximum Database Connections", + "value": "100" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "displayName": "Shared Buffer Amount", + "value": "12MB" + }, + { + "name": "RUBYGEM_MIRROR", + "displayName": "Custom RubyGems Mirror URL", + "description": "The custom RubyGems mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/rails-postgresql.json b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/rails-postgresql.json new file mode 100644 index 000000000..240289d33 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/rails-postgresql.json @@ -0,0 +1,580 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "rails-postgresql-example", + "annotations": { + "openshift.io/display-name": "Rails + PostgreSQL (Ephemeral)", + "description": "An example Rails application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.\n\nWARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.", + "tags": "quickstart,ruby,rails", + "iconClass": "icon-ruby", + "openshift.io/long-description": "This template defines resources needed to develop a Rails application, including a build configuration, application deployment configuration, and database deployment configuration. The database is stored in non-persistent storage, so this configuration should be used for experimental purposes only.", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/documentation-url": "https://github.com/openshift/rails-ex", + "openshift.io/support-url": "https://access.redhat.com", + "template.openshift.io/bindable": "false" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/openshift/rails-ex/blob/master/README.md.", + "labels": { + "template": "rails-postgresql-example" + }, + "objects": [ + { + "kind": "Secret", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "stringData" : { + "database-user" : "${DATABASE_USER}", + "database-password" : "${DATABASE_PASSWORD}", + "application-user" : "${APPLICATION_USER}", + "application-password" : "${APPLICATION_PASSWORD}", + "keybase" : "${SECRET_KEY_BASE}" + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "ruby:2.3" + }, + "env": [ + { + "name": "RUBYGEM_MIRROR", + "value": "${RUBYGEM_MIRROR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": { + "script": "bundle exec rake test" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate", + "recreateParams": { + "pre": { + "failurePolicy": "Abort", + "execNewPod": { + "command": [ + "./migrate-database.sh" + ], + "containerName": "${NAME}" + } + } + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${NAME}", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "readinessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 5, + "httpGet": { + "path": "/articles", + "port": 8080 + } + }, + "livenessProbe": { + "timeoutSeconds": 3, + "initialDelaySeconds": 10, + "httpGet": { + "path": "/articles", + "port": 8080 + } + }, + "env": [ + { + "name": "DATABASE_SERVICE_NAME", + "value": "${DATABASE_SERVICE_NAME}" + }, + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "SECRET_KEY_BASE", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "keybase" + } + } + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + }, + { + "name": "APPLICATION_DOMAIN", + "value": "${APPLICATION_DOMAIN}" + }, + { + "name": "APPLICATION_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "application-user" + } + } + }, + { + "name": "APPLICATION_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "application-password" + } + } + }, + { + "name": "RAILS_ENV", + "value": "${RAILS_ENV}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database", + "template.alpha.openshift.io/wait-for-ready": "true" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "postgresql:9.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "data", + "emptyDir": {} + } + ], + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ "/bin/sh", "-i", "-c", "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'"] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "volumeMounts": [ + { + "name": "data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-user" + } + } + }, + { + "name": "POSTGRESQL_PASSWORD", + "valueFrom": { + "secretKeyRef" : { + "name" : "${NAME}", + "key" : "database-password" + } + } + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "rails-postgresql-example" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "required": true, + "description": "The OpenShift Namespace where the ImageStream resides.", + "value": "openshift" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "required": true, + "description": "Maximum amount of memory the Rails container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_POSTGRESQL_LIMIT", + "displayName": "Memory Limit (PostgreSQL)", + "required": true, + "description": "Maximum amount of memory the PostgreSQL container can use.", + "value": "512Mi" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "required": true, + "description": "The URL of the repository with your application source code.", + "value": "https://github.com/openshift/rails-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the Rails service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "Github trigger secret. A difficult to guess string encoded as part of the webhook URL. Not encrypted.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "SECRET_KEY_BASE", + "displayName": "Secret Key", + "description": "Your secret key for verifying the integrity of signed cookies.", + "generate": "expression", + "from": "[a-z0-9]{127}" + }, + { + "name": "APPLICATION_USER", + "displayName": "Application Username", + "required": true, + "description": "The application user that is used within the sample application to authorize access on pages.", + "value": "openshift" + }, + { + "name": "APPLICATION_PASSWORD", + "displayName": "Application Password", + "required": true, + "description": "The application password that is used within the sample application to authorize access on pages.", + "value": "secret" + }, + { + "name": "RAILS_ENV", + "displayName": "Rails Environment", + "required": true, + "description": "Environment under which the sample application will run. Could be set to production, development or test.", + "value": "production" + }, + { + "name": "DATABASE_SERVICE_NAME", + "required": true, + "displayName": "Database Service Name", + "value": "postgresql" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{8}" + }, + { + "name": "DATABASE_NAME", + "required": true, + "displayName": "Database Name", + "value": "root" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "displayName": "Maximum Database Connections", + "value": "100" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "displayName": "Shared Buffer Amount", + "value": "12MB" + }, + { + "name": "RUBYGEM_MIRROR", + "displayName": "Custom RubyGems Mirror URL", + "description": "The custom RubyGems mirror URL", + "value": "" + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/quickstart-templates/wildcard.yml b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/wildcard.yml new file mode 100644 index 000000000..00dedecd5 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/quickstart-templates/wildcard.yml @@ -0,0 +1,158 @@ +apiVersion: v1 +kind: Template +metadata: + name: "amp-apicast-wildcard-router" +objects: + +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: apicast-router + spec: + replicas: 1 + selector: + deploymentconfig: apicast-router + strategy: + type: Rolling + template: + metadata: + labels: + deploymentconfig: apicast-router + spec: + volumes: + - name: apicast-router-config + configMap: + name: apicast-router-config + items: + - key: router.conf + path: router.conf + containers: + - env: + - name: APICAST_CONFIGURATION_LOADER + value: "lazy" + - name: APICAST_CONFIGURATION_CACHE + value: "0" + image: 3scale-amp20/apicast-gateway:1.0-3 + imagePullPolicy: IfNotPresent + name: apicast-router + command: ['bin/apicast'] + livenessProbe: + tcpSocket: + port: router + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /status/ready + port: management + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 30 + volumeMounts: + - name: apicast-router-config + mountPath: /opt/app-root/src/sites.d/ + readOnly: true + ports: + - containerPort: 8082 + name: router + protocol: TCP + - containerPort: 8090 + name: management + protocol: TCP + triggers: + - type: ConfigChange + +- apiVersion: v1 + kind: Service + metadata: + name: apicast-router + spec: + ports: + - name: router + port: 80 + protocol: TCP + targetPort: router + selector: + deploymentconfig: apicast-router + +- apiVersion: v1 + kind: ConfigMap + metadata: + name: apicast-router-config + data: + router.conf: |- + upstream wildcard { + server 0.0.0.1:1; + + balancer_by_lua_block { + local round_robin = require 'resty.balancer.round_robin' + local balancer = round_robin.new() + local peers = balancer:peers(ngx.ctx.apicast) + + local peer, err = balancer:set_peer(peers) + + if not peer then + ngx.status = ngx.HTTP_SERVICE_UNAVAILABLE + ngx.log(ngx.ERR, "failed to set current backend peer: ", err) + ngx.exit(ngx.status) + end + } + + keepalive 1024; + } + + server { + listen 8082; + server_name ~-(?<apicast>apicast-(staging|production))\.; + access_log /dev/stdout combined; + + location / { + access_by_lua_block { + local resolver = require('resty.resolver'):instance() + local servers = resolver:get_servers(ngx.var.apicast, { port = 8080 }) + + if #servers == 0 then + ngx.status = ngx.HTTP_BAD_GATEWAY + ngx.exit(ngx.HTTP_OK) + end + + ngx.ctx.apicast = servers + } + proxy_http_version 1.1; + proxy_pass $scheme://wildcard; + proxy_set_header Host $host; + proxy_set_header Connection ""; + } + } + +- apiVersion: v1 + kind: Route + metadata: + name: apicast-wildcard-router + labels: + app: apicast-wildcard-router + spec: + host: apicast-${TENANT_NAME}.${WILDCARD_DOMAIN} + to: + kind: Service + name: apicast-router + port: + targetPort: router + wildcardPolicy: Subdomain + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + +parameters: +- name: AMP_RELEASE + description: "AMP release tag." + value: 2.0.0-CR2-redhat-1 + required: true +- name: WILDCARD_DOMAIN + description: Root domain for the wildcard routes. Eg. example.com will generate 3scale-admin.example.com. + required: true +- name: TENANT_NAME + description: "Domain name under the root that Admin UI will be available with -admin suffix." + required: true + value: "3scale" diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-streams/fis-image-streams.json b/roles/openshift_examples/files/examples/v3.8/xpaas-streams/fis-image-streams.json new file mode 100644 index 000000000..9d99973be --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-streams/fis-image-streams.json @@ -0,0 +1,76 @@ +{ + "kind": "List", + "apiVersion": "v1", + "metadata": { + "name": "fis-image-streams", + "annotations": { + "description": "ImageStream definitions for JBoss Fuse Integration Services." + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "fis-java-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-fuse-6/fis-java-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Fuse Integration Services 1.0 Java S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,xpaas", + "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", + "version": "1.0" + } + }, + { + "name": "2.0", + "annotations": { + "description": "JBoss Fuse Integration Services 2.0 Java S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,xpaas", + "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", + "version": "2.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "fis-karaf-openshift" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/jboss-fuse-6/fis-karaf-openshift", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Fuse Integration Services 1.0 Karaf S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,karaf,xpaas", + "supports":"jboss-fuse:6.2.1,java:8,xpaas:1.2", + "version": "1.0" + } + }, + { + "name": "2.0", + "annotations": { + "description": "JBoss Fuse Integration Services 2.0 Karaf S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,jboss-fuse,java,karaf,xpaas", + "supports":"jboss-fuse:6.3.0,java:8,xpaas:1.2", + "version": "2.0" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v3.8/xpaas-streams/jboss-image-streams.json new file mode 100644 index 000000000..ed2dbf572 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-streams/jboss-image-streams.json @@ -0,0 +1,1480 @@ +{ + "kind": "List", + "apiVersion": "v1", + "metadata": { + "name": "jboss-image-streams", + "annotations": { + "description": "ImageStream definitions for JBoss Middleware products.", + "openshift.io/provider-display-name": "Red Hat, Inc." + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-webserver30-tomcat7-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 7", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.1", + "annotations": { + "description": "JBoss Web Server 3.0 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.0,tomcat:7,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss Web Server 3.0 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.0,tomcat:7,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.2" + } + }, + { + "name": "1.3", + "annotations": { + "description": "JBoss Web Server 3.0 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.0,tomcat:7,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 ApacheTomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat7-openshift:1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-webserver30-tomcat8-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.1", + "annotations": { + "description": "JBoss Web Server 3.0 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.0,tomcat:8,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss Web Server 3.0 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.0,tomcat:8,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.2" + } + }, + { + "name": "1.3", + "annotations": { + "description": "JBoss Web Server 3.0 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.0,tomcat:8,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver30-tomcat8-openshift:1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-webserver31-tomcat7-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Web Server 3.1 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.1,tomcat:7,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Web Server 3.1 Apache Tomcat 7 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat7,java,jboss,hidden", + "supports": "tomcat7:3.1,tomcat:7,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift:1.1" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-webserver31-tomcat8-openshift", + "annotations": { + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Web Server 3.1 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.1,tomcat:8,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.0", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Web Server 3.1 Apache Tomcat 8 S2I images.", + "iconClass": "icon-rh-tomcat", + "tags": "builder,tomcat,tomcat8,java,jboss,hidden", + "supports": "tomcat8:3.1,tomcat:8,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "tomcat-websocket-chat", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 8" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift:1.1" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-eap64-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss EAP 6.4", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.1", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.2" + } + }, + { + "name": "1.3", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.3" + } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.4" + } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.5" + } + }, + { + "name": "1.6", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:6.4,javaee:6,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.6", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-6/eap64-openshift:1.6" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-eap70-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss EAP 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.3" + } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.4" + } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.5" + } + }, + { + "name": "1.6", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.0,javaee:7,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.6", + "openshift.io/display-name": "Red Hat JBoss EAP 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7/eap70-openshift:1.6" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-eap71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss EAP 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "TP", + "annotations": { + "description": "JBoss EAP 7.1 Tech Preview.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.1,javaee:7,java:8,xpass:1.0", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "TP", + "openshift.io/display-name": "Red Hat JBoss EAP 7.1 (Tech Preview)" + }, + "from": { + "kind": "ImageStreamTag", + "name": "1.0-TP" + } + }, + { + "name": "1.0-TP", + "annotations": { + "description": "JBoss EAP 7.1 Tech Preview.", + "iconClass": "icon-eap", + "tags": "builder,eap,javaee,java,jboss,hidden", + "supports": "eap:7.1,javaee:7,java:8", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss EAP 7.1 (Tech Preview)" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-eap-7-tech-preview/eap71-openshift:1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-decisionserver62-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.2", + "annotations": { + "description": "Red Hat JBoss BRMS 6.2 decision server S2I images.", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,hidden", + "supports": "decisionserver:6.2", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.2", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver62-openshift:1.2" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-decisionserver63-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,hidden", + "supports": "decisionserver:6.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.3" + } + }, + { + "name": "1.4", + "annotations": { + "description": "Red Hat JBoss BRMS 6.3 decision server S2I images.", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,java,hidden", + "supports": "decisionserver:6.3,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver63-openshift:1.4" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-decisionserver64-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "Red Hat JBoss BRMS 6.4 decision server S2I images.", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,java,hidden", + "supports": "decisionserver:6.4,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "Red Hat JBoss BRMS 6.4 decision server S2I images.", + "iconClass": "icon-decisionserver", + "tags": "builder,decisionserver,java,hidden", + "supports": "decisionserver:6.4,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "decisionserver/hellorules", + "sampleRef": "1.3", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift:1.1" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-processserver63-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", + "iconClass": "icon-processserver", + "tags": "builder,processserver,hidden", + "supports": "processserver:6.3", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.3" + } + }, + { + "name": "1.4", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.3 intelligent process server S2I images.", + "iconClass": "icon-processserver", + "tags": "builder,processserver,java,hidden", + "supports": "processserver:6.3,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver63-openshift:1.4" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-processserver64-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.4 intelligent process server S2I images.", + "iconClass": "icon-processserver", + "tags": "builder,processserver,java,hidden", + "supports": "processserver:6.4,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "Red Hat JBoss BPM Suite 6.4 intelligent process server S2I images.", + "iconClass": "icon-processserver", + "tags": "builder,processserver,java,hidden", + "supports": "processserver:6.4,java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "sampleContextDir": "processserver/library", + "sampleRef": "1.3", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.4 intelligent process server" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-processserver-6/processserver64-openshift:1.1" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid65-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.2", + "annotations": { + "description": "JBoss Data Grid 6.5 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.2" + } + }, + { + "name": "1.3", + "annotations": { + "description": "JBoss Data Grid 6.5 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.3" + } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss Data Grid 6.5 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.4" + } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss Data Grid 6.5 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:6.5", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-openshift:1.5" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:7.1", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Data Grid 7.1 S2I images.", + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "supports": "datagrid:7.1", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift:1.1" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid65-client-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 6.5 Client Modules for EAP.", + "iconClass": "icon-datagrid", + "tags": "client,jboss,hidden", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Data Grid 6.5 Client Modules for EAP.", + "iconClass": "icon-datagrid", + "tags": "client,jboss,hidden", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Data Grid 6.5 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-6/datagrid65-client-openshift:1.1" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datagrid71-client-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Grid 7.1 Client Modules for EAP.", + "iconClass": "icon-datagrid", + "tags": "client,jboss,hidden", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Grid 7.1 Client Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift:1.0" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datavirt63-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports": "datavirt:6.3", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports": "datavirt:6.3", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports": "datavirt:6.3", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.2" + } + }, + { + "name": "1.3", + "annotations": { + "description": "Red Hat JBoss Data Virtualization 6.3 S2I images.", + "iconClass": "icon-datavirt", + "tags": "datavirt,jboss,hidden", + "supports":"datavirt:6.3", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift:1.3" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-datavirt63-driver-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP.", + "iconClass": "icon-datavirt", + "tags": "client,jboss,hidden", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP.", + "iconClass": "icon-datavirt", + "tags": "client,jboss,hidden", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss Data Virtualization 6.5 JDBC Driver Modules for EAP" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift:1.1" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-amq-62", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.1", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.2" + } + }, + { + "name": "1.3", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", + "version": "1.3", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.3" + } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", + "version": "1.4", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.4" + } + }, + { + "name": "1.5", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.2,messaging", + "version": "1.5", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.5" + } + }, + { + "name": "1.6", + "annotations": { + "description": "JBoss A-MQ 6.2 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports":"amq:6.2,messaging", + "version": "1.6", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq62-openshift:1.6" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "jboss-amq-63", + "annotations": { + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "JBoss A-MQ 6.3 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.3,messaging", + "version": "1.0", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "JBoss A-MQ 6.3 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.3,messaging", + "version": "1.1", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "JBoss A-MQ 6.3 broker image.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "supports": "amq:6.3,messaging", + "version": "1.2", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/jboss-amq-6/amq63-openshift:1.2" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "redhat-sso70-openshift", + "annotations": { + "description": "Red Hat SSO 7.0", + "openshift.io/display-name": "Red Hat Single Sign-On 7.0", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.3", + "annotations": { + "description": "Red Hat SSO 7.0", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.0", + "version": "1.3", + "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.3" + } + }, + { + "name": "1.4", + "annotations": { + "description": "Red Hat SSO 7.0", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.0", + "version": "1.4", + "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso70-openshift:1.4" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "redhat-sso71-openshift", + "annotations": { + "description": "Red Hat SSO 7.1", + "openshift.io/display-name": "Red Hat Single Sign-On 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "description": "Red Hat SSO 7.1", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.1", + "version": "1.0", + "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "description": "Red Hat SSO 7.1", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.1", + "version": "1.1", + "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "description": "Red Hat SSO 7.1", + "iconClass": "icon-sso", + "tags": "sso,keycloak,redhat,hidden", + "supports": "sso:7.1", + "version": "1.2", + "openshift.io/display-name": "Red Hat Single Sign-On 7.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.2" + } + } + ] + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "redhat-openjdk18-openshift", + "annotations": { + "openshift.io/display-name": "Red Hat OpenJDK 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "version": "1.4.7" + } + }, + "labels": { + "xpaas": "1.4.7" + }, + "spec": { + "tags": [ + { + "name": "1.0", + "annotations": { + "openshift.io/display-name": "Red Hat OpenJDK 8", + "description": "Build and run Java applications using Maven and OpenJDK 8.", + "iconClass": "icon-rh-openjdk", + "tags": "builder,java,openjdk,hidden", + "supports": "java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", + "sampleContextDir": "undertow-servlet", + "version": "1.0" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.0" + } + }, + { + "name": "1.1", + "annotations": { + "openshift.io/display-name": "Red Hat OpenJDK 8", + "description": "Build and run Java applications using Maven and OpenJDK 8.", + "iconClass": "icon-rh-openjdk", + "tags": "builder,java,openjdk", + "supports": "java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", + "sampleContextDir": "undertow-servlet", + "version": "1.1" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.1" + } + }, + { + "name": "1.2", + "annotations": { + "openshift.io/display-name": "Red Hat OpenJDK 8", + "description": "Build and run Java applications using Maven and OpenJDK 8.", + "iconClass": "icon-rh-openjdk", + "tags": "builder,java,openjdk", + "supports": "java:8", + "sampleRepo": "https://github.com/jboss-openshift/openshift-quickstarts", + "sampleContextDir": "undertow-servlet", + "version": "1.2" + }, + "from": { + "kind": "DockerImage", + "name": "registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift:1.2" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-basic.json new file mode 100644 index 000000000..8f8e14cb6 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-basic.json @@ -0,0 +1,346 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template doesn't feature SSL support.", + "iconClass": "icon-amq", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (Ephemeral, no SSL)" + }, + "name": "amq62-basic" + }, + "labels": { + "template": "amq62-basic", + "xpaas": "1.4.7" + }, + "message": "A new messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "displayName": "A-MQ Protocols", + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-amqp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-persistent-ssl.json new file mode 100644 index 000000000..96f9d616f --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-persistent-ssl.json @@ -0,0 +1,693 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.2 based application, including a deployment configuration, using persistence and secure communication using SSL.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" + + }, + "name": "amq62-persistent-ssl" + }, + "labels": { + "template": "amq62-persistent-ssl", + "xpaas": "1.4.7" + }, + "message": "A new persistent messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", + "name": "AMQ_SPLIT", + "value": "true", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Volume Size", + "description": "Size of the volume used by A-MQ for persisting messages.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "Secret Name", + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "displayName": "Trust Store Filename", + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "displayName": "Trust Store Password", + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "displayName": "A-MQ Keystore Filename", + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "displayName": "A-MQ Keystore Password", + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5671, + "targetPort": 5671 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8883, + "targetPort": 8883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61612, + "targetPort": 61612 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-amqp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-amqp-ssl\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt-ssl\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp-ssl\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "amq-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + }, + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "mqtt-ssl", + "containerPort": 8883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + }, + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-62", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-persistent.json new file mode 100644 index 000000000..67c812fb4 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-persistent.json @@ -0,0 +1,506 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone and use persistent storage for saving messages, including message migration when the number of pods are reduced. This template doesn't feature SSL support.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." + }, + "name": "amq62-persistent" + }, + "labels": { + "template": "amq62-persistent", + "xpaas": "1.4.7" + }, + "message": "A new persistent messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", + "name": "AMQ_SPLIT", + "value": "true", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Volume Size", + "description": "Size of the volume used by A-MQ for persisting messages.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-amqp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-62", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-ssl.json new file mode 100644 index 000000000..9f488820c --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq62-ssl.json @@ -0,0 +1,533 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template supports SSL and requires usage of OpenShift secrets.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.2 (Ephemeral with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." + }, + "name": "amq62-ssl" + }, + "labels": { + "template": "amq62-ssl", + "xpaas": "1.4.7" + }, + "message": "A new messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "displayName": "A-MQ Protocols", + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. SSL variants of these protocols will be configured automaticaly.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "Secret Name", + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "displayName": "Trust Store Filename", + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "displayName": "Trust Store Password", + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "displayName": "A-MQ Keystore Filename", + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "displayName": "A-MQ Keystore Password", + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5671, + "targetPort": 5671 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8883, + "targetPort": 8883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61612, + "targetPort": 61612 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-amqp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-amqp-ssl\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt-ssl\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp-ssl\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "amq-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "mqtt-ssl", + "containerPort": 8883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-basic.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-basic.json new file mode 100644 index 000000000..e13530764 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-basic.json @@ -0,0 +1,346 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "description": "Application template for JBoss A-MQ brokers. These can be deployed as standalone or in a mesh. This template doesn't feature SSL support.", + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss A-MQ 6.3 (Ephemeral, no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." + }, + "name": "amq63-basic" + }, + "labels": { + "template": "amq63-basic", + "xpaas": "1.4.7" + }, + "message": "A new messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "displayName": "A-MQ Protocols", + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-amqp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-63:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-63", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-persistent-ssl.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-persistent-ssl.json new file mode 100644 index 000000000..3eedee933 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-persistent-ssl.json @@ -0,0 +1,692 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.3 (with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.3 based application, including a deployment configuration, using persistence and secure communication using SSL.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "amq63-persistent-ssl" + }, + "labels": { + "template": "amq63-persistent-ssl", + "xpaas": "1.4.7" + }, + "message": "A new persistent messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", + "name": "AMQ_SPLIT", + "value": "true", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Volume Size", + "description": "Size of the volume used by A-MQ for persisting messages.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "Secret Name", + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "displayName": "Trust Store Filename", + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "displayName": "Trust Store Password", + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "displayName": "A-MQ Keystore Filename", + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "displayName": "A-MQ Keystore Password", + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5671, + "targetPort": 5671 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8883, + "targetPort": 8883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61612, + "targetPort": 61612 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-amqp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-amqp-ssl\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt-ssl\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp-ssl\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-63:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "amq-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-63", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + }, + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "mqtt-ssl", + "containerPort": 8883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + }, + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-63:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-63", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-persistent.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-persistent.json new file mode 100644 index 000000000..7c0aec61a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-persistent.json @@ -0,0 +1,509 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.3 (no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.3 based application, including a deployment configuration and using persistence.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "amq63-persistent" + }, + "labels": { + "template": "amq63-persistent", + "xpaas": "1.4.7" + }, + "message": "A new persistent messaging service has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", + "name": "AMQ_SPLIT", + "value": "true", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Volume Size", + "description": "Size of the volume used by A-MQ for persisting messages.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-amqp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-63:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-63", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-drainer" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-63:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-drainer" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-drainer", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-drainer", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-drainer", + "image": "jboss-amq-63", + "command": [ + "/opt/amq/bin/drain.sh" + ], + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/amq/data", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-ssl.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-ssl.json new file mode 100644 index 000000000..a55403c79 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/amq63-ssl.json @@ -0,0 +1,536 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-amq", + "tags": "messaging,amq,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss A-MQ 6.3 (Ephemeral with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss A-MQ 6.2 based application, including a deployment configuration, using ephemeral (temporary) storage and secure communication using SSL. These can be deployed as standalone or in a mesh.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-amq/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "amq63-ssl" + }, + "labels": { + "template": "amq63-ssl", + "xpaas": "1.4.7" + }, + "message": "A new messaging service with SSL support has been created in your project. It will handle the protocol(s) \"${MQ_PROTOCOL}\". The username/password for accessing the service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"amq-service-account\" service account and a secret named \"${AMQ_SECRET}\" containing the trust store and key store files (\"${AMQ_TRUSTSTORE}\" and \"${AMQ_KEYSTORE}\") used for serving secure content.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "broker", + "required": true + }, + { + "displayName": "A-MQ Protocols", + "description": "Protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. SSL variants of these protocols will be configured automaticaly.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. If left empty, queues will be still created dynamically.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. If left empty, topics will be still created dynamically.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "Secret Name", + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret", + "required": true + }, + { + "displayName": "Trust Store Filename", + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts", + "required": true + }, + { + "displayName": "Trust Store Password", + "description": "SSL trust store password", + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "displayName": "A-MQ Keystore Filename", + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks", + "required": true + }, + { + "displayName": "A-MQ Keystore Password", + "description": "Password for accessing SSL keystore", + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "", + "required": true + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Queue Memory Limit", + "description": "The queue memory limit (default is 1mb)", + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5672, + "targetPort": 5672 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5671, + "targetPort": 5671 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-amqp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's AMQP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 1883, + "targetPort": 1883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8883, + "targetPort": 8883 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-mqtt-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's MQTT SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61613, + "targetPort": 61613 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61612, + "targetPort": 61612 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-stomp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's STOMP SSL port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61617, + "targetPort": 61617 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp-ssl", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire (SSL) port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-amqp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-amqp-ssl\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-mqtt-ssl\", \"kind\": \"Service\"},{\"name\": \"${APPLICATION_NAME}-amq-stomp-ssl\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-63:1.2" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "amq-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-63", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "mqtt-ssl", + "containerPort": 8883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_TRUSTSTORE_PASSWORD", + "value": "${AMQ_TRUSTSTORE_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" + }, + { + "name": "AMQ_KEYSTORE_PASSWORD", + "value": "${AMQ_KEYSTORE_PASSWORD}" + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + }, + { + "name": "AMQ_QUEUE_MEMORY_LIMIT", + "value": "${AMQ_QUEUE_MEMORY_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-basic.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-basic.json new file mode 100644 index 000000000..af390c13d --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-basic.json @@ -0,0 +1,373 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "description": "Application template for JDG 6.5 applications.", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 (Ephemeral, no https)", + "openshift.io/provider-display-name": "Red Hat, Inc." + }, + "name": "datagrid65-basic" + }, + "labels": { + "template": "datagrid65-basic", + "xpaas": "1.4.7" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\".", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-https.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-https.json new file mode 100644 index 000000000..97d02c788 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-https.json @@ -0,0 +1,555 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "description": "Application template for JDG 6.5 applications.", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc." + }, + "name": "datagrid65-https" + }, + "labels": { + "template": "datagrid65-https", + "xpaas": "1.4.7" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-mysql-persistent.json new file mode 100644 index 000000000..018132668 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-mysql-persistent.json @@ -0,0 +1,860 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 6.5 based application, including a deployment configuration, using MySQL databased using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid65-mysql-persistent" + }, + "labels": { + "template": "datagrid65-mysql-persistent", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using MySQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-mysql.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-mysql.json new file mode 100644 index 000000000..1e8ca1b51 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-mysql.json @@ -0,0 +1,816 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "description": "Application template for JDG 6.5 and MySQL applications.", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc." + }, + "name": "datagrid65-mysql" + }, + "labels": { + "template": "datagrid65-mysql", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using MySQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-postgresql-persistent.json new file mode 100644 index 000000000..4a1d818c9 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-postgresql-persistent.json @@ -0,0 +1,833 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 6.5 based application, including a deployment configuration, using PostgreSQL database using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid65-postgresql-persistent" + }, + "labels": { + "template": "datagrid65-postgresql-persistent", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using PostgreSQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-postgresql.json new file mode 100644 index 000000000..d97bdfa75 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid65-postgresql.json @@ -0,0 +1,788 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 6.5 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc." + }, + "name": "datagrid65-postgresql" + }, + "labels": { + "template": "datagrid65-postgresql", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using PostgreSQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configurd for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-openshift:1.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid65-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-basic.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-basic.json new file mode 100644 index 000000000..d4b83da34 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-basic.json @@ -0,0 +1,420 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 (Ephemeral, no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using using ephemeral (temporary) storage and communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-basic" + }, + "labels": { + "template": "datagrid71-basic", + "xpaas": "1.4.7" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\".", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-https.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-https.json new file mode 100644 index 000000000..2a46bd3a2 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-https.json @@ -0,0 +1,602 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-https" + }, + "labels": { + "template": "datagrid71-https", + "xpaas": "1.4.7" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-mysql-persistent.json new file mode 100644 index 000000000..72bdf2037 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-mysql-persistent.json @@ -0,0 +1,904 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using MySQL databased using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-mysql-persistent" + }, + "labels": { + "template": "datagrid71-mysql-persistent", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using MySQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-mysql.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-mysql.json new file mode 100644 index 000000000..99f97a7c7 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-mysql.json @@ -0,0 +1,863 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using MySQL databased using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-mysql" + }, + "labels": { + "template": "datagrid71-mysql", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using MySQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:/jboss/datasources/mysql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-partition.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-partition.json new file mode 100644 index 000000000..baf17dbbb --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-partition.json @@ -0,0 +1,501 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 (Ephemeral, no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using using ephemeral (temporary) storage and communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-partition" + }, + "labels": { + "template": "datagrid71-partition", + "xpaas": "1.4.0" + }, + "message": "A new data grid service has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\".", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "ADMIN_GROUP", + "description": "Comma delimited list of groups/roles for the Application Realm User", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "HOTROD_AUTHENTICATION", + "description": "True/False for HotRod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "CONTAINER_SECURITY_ROLE_MAPPER", + "description": "Container Role Mapper", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "CONTAINER_SECURITY_ROLES", + "description": "Comma Delimited List of Container Roles", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datagrid Volume Size", + "description": "Size of the volume used by Datagrid for persisting metadata.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh, this is now the default behaviour.", + "name": "DATAGRID_SPLIT", + "value": "true", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8787, + "targetPort": 8787 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-debug", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "mountPath": "/opt/datagrid/standalone/partitioned_data", + "name": "${APPLICATION_NAME}-datagrid-pvol" + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + }, + { + "name": "debug", + "containerPort": 8787, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "DATAGRID_SPLIT", + "value": "${DATAGRID_SPLIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-datagrid-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-datagrid-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-datagrid-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-postgresql-persistent.json new file mode 100644 index 000000000..5cd6e854a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-postgresql-persistent.json @@ -0,0 +1,876 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using PostgreSQL database using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-postgresql-persistent" + }, + "labels": { + "template": "datagrid71-postgresql-persistent", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using PostgreSQL with persistent storage) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configured for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-postgresql.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-postgresql.json new file mode 100644 index 000000000..505d67750 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datagrid71-postgresql.json @@ -0,0 +1,835 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datagrid", + "tags": "datagrid,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Grid 7.1 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Grid application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Data Grid 7.1 based application, including a deployment configuration, using PostgreSQL database using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-grid/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datagrid71-postgresql" + }, + "labels": { + "template": "datagrid71-postgresql", + "xpaas": "1.4.7" + }, + "message": "A new data grid service (using PostgreSQL) has been created in your project. It supports connector type(s) \"${INFINISPAN_CONNECTORS}\". The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"datagrid-service-account\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "datagrid-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Username", + "description": "User name for JDG user.", + "name": "USERNAME", + "value": "", + "required": false + }, + { + "displayName": "Password", + "description": "The password to access the JDG Caches. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s). (optional)", + "name": "PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JDG User Roles/Groups", + "description": "Comma delimited list of roles/groups associated with the JDG user", + "name": "ADMIN_GROUP", + "value": "", + "required": false + }, + { + "displayName": "Hotrod Authentication", + "description": "Enable Hotrod Authentication", + "name": "HOTROD_AUTHENTICATION", + "value": "", + "required": false + }, + { + "displayName": "Container Security Role Mapper", + "description": "Defines which role mapper to use for cache authentication", + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "", + "required": false + }, + { + "displayName": "Container Security Roles", + "description": "Comma delimited list of role names and assigned permissions", + "name": "CONTAINER_SECURITY_ROLES", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "datagrid-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/postgresql", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Infinispan Connectors", + "description": "Comma-separated list of connector types that should be configured (defaults to 'memcached,hotrod,rest')", + "name": "INFINISPAN_CONNECTORS", + "value": "hotrod,memcached,rest", + "required": false + }, + { + "displayName": "Cache Names", + "description": "Comma-separated list of caches to configure. By default, a distributed-cache, with a mode of SYNC will be configurd for each entry.", + "name": "CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Datavirt Cache Names", + "description": "Comma-separated list of caches to configure for use by Red Hat JBoss Data Virtualization for materialization of views. Three caches will be created for each named cache: <name>, <name>_staging and <name>_alias.", + "name": "DATAVIRT_CACHE_NAMES", + "value": "", + "required": false + }, + { + "displayName": "Default Cache Type", + "description": "Default cache type for all caches. If empty then distributed will be the default", + "name": "CACHE_TYPE_DEFAULT", + "value": "", + "required": false + }, + { + "displayName": "Encryption Requires SSL Client Authentication?", + "description": "", + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "", + "required": false + }, + { + "displayName": "Memcached Cache Name", + "description": "The name of the cache to expose through this memcached connector (defaults to 'default')", + "name": "MEMCACHED_CACHE", + "value": "default", + "required": false + }, + { + "displayName": "REST Security Domain", + "description": "The domain, declared in the security subsystem, that should be used to authenticate access to the REST endpoint", + "name": "REST_SECURITY_DOMAIN", + "value": "", + "required": false + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datagrid-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11211, + "targetPort": 11211 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-memcached", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Memcached service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 11333, + "targetPort": 11333 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-hotrod", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Hot Rod service for clustered applications." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid71-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "datagrid-service-account", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "jboss-datagrid71-openshift", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "datagrid-keystore-volume", + "mountPath": "/etc/datagrid-secret-volume", + "readOnly": true + }, + { + "name": "datagrid-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/datagrid/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + }, + { + "name": "memcached", + "containerPort": 11211, + "protocol": "TCP" + }, + { + "name": "hotrod-internal", + "containerPort": 11222, + "protocol": "TCP" + }, + { + "name": "hotrod", + "containerPort": 11333, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "USERNAME", + "value": "${USERNAME}" + }, + { + "name": "PASSWORD", + "value": "${PASSWORD}" + }, + { + "name": "ADMIN_GROUP", + "value": "${ADMIN_GROUP}" + }, + { + "name": "HOTROD_AUTHENTICATION", + "value": "${HOTROD_AUTHENTICATION}" + }, + { + "name": "CONTAINER_SECURITY_ROLE_MAPPER", + "value": "${CONTAINER_SECURITY_ROLE_MAPPER}" + }, + { + "name": "CONTAINER_SECURITY_ROLES", + "value": "${CONTAINER_SECURITY_ROLES}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datagrid-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "DEFAULT_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "DEFAULT_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "MEMCACHED_JDBC_STORE_TYPE", + "value": "string" + }, + { + "name": "MEMCACHED_JDBC_STORE_DATASOURCE", + "value": "${DB_JNDI}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "INFINISPAN_CONNECTORS", + "value": "${INFINISPAN_CONNECTORS}" + }, + { + "name": "CACHE_NAMES", + "value": "${CACHE_NAMES}" + }, + { + "name": "DATAVIRT_CACHE_NAMES", + "value": "${DATAVIRT_CACHE_NAMES}" + }, + { + "name": "CACHE_TYPE_DEFAULT", + "value": "${CACHE_TYPE_DEFAULT}" + }, + { + "name": "ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH", + "value": "${ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH}" + }, + { + "name": "HOTROD_SERVICE_NAME", + "value": "${APPLICATION_NAME}-hotrod" + }, + { + "name": "HOTROD_ENCRYPTION", + "value": "${HTTPS_NAME}" + }, + { + "name": "MEMCACHED_CACHE", + "value": "${MEMCACHED_CACHE}" + }, + { + "name": "REST_SECURITY_DOMAIN", + "value": "${REST_SECURITY_DOMAIN}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "datagrid-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datagrid-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datavirt63-basic-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datavirt63-basic-s2i.json new file mode 100644 index 000000000..b6885d6f6 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datavirt63-basic-s2i.json @@ -0,0 +1,491 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datavirt", + "description": "Application template for JBoss Data Virtualization 6.3 services built using S2I.", + "tags": "jdv,datavirt,database,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Virtualization 6.3 (no SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc." + }, + "name": "datavirt63-basic-s2i" + }, + "labels": { + "template": "datavirt63-basic-s2i", + "xpaas": "1.4.7" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the secret named ${CONFIGURATION_NAME} containing the datasource configuration details required by the deployed VDB(s).", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret specified by CONFIGURATION_NAME.", + "displayName": "Service Account Name", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "Comma delimited list of source directories containing VDBs for deployment", + "displayName": "VDB Deployment Directories", + "name": "VDB_DIRS", + "value": "", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "displayName": "Artifact Directories", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + }, + { + "name": "odbc", + "port": 35432, + "targetPort": "odbc" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-client-openshift:1.1" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/datagrid65", + "sourcePath": "/extensions/." + } + ] + } + ] + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.3" + }, + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + }, + { + "name": "VDB_DIRS", + "value": "${VDB_DIRS}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "name": "jboss-datagrid65-client-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "odbc", + "containerPort": 35432, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datavirt63-extensions-support-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datavirt63-extensions-support-s2i.json new file mode 100644 index 000000000..a06f714a7 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datavirt63-extensions-support-s2i.json @@ -0,0 +1,844 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datavirt", + "tags": "jdv,datavirt,database,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Virtualization 6.3 (with SSL and Extensions)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Virtualization application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Data Virtualization based application, including a build configuration, application deployment configuration, support for installing extensions (e.g. third-party DB drivers) and the ability to configure certificates for serving secure content.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-virtualization/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datavirt63-extensions-support-s2i" + }, + "labels": { + "template": "datavirt63-extensions-support-s2i", + "xpaas": "1.4.7" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the https route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom https Route Hostname", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the JDBC route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom JDBC Route Hostname", + "name": "HOSTNAME_JDBC", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The URL of the repository with source code for the extensions image. The image should have all modules, etc., placed in the \"/extensions/\" directory in the image. If the contents are in a different directory, the sourcePath for the ImageSource in the BuildConfig must be modified.", + "displayName": "Extensions Git Repository URL", + "name": "EXTENSIONS_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your extensions repository if you are not using the default branch.", + "displayName": "Extensions Git Reference", + "name": "EXTENSIONS_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your extensions repository.", + "displayName": "Extensions Context Directory", + "name": "EXTENSIONS_DIR", + "value": "datavirt/derby-driver-image", + "required": false + }, + { + "description": "Set this to the relative path to the Dockerfile in your extensions directory.", + "displayName": "Extensions Dockerfile", + "name": "EXTENSIONS_DOCKERFILE", + "value": "Dockerfile", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret(s) specified by CONFIGURATION_NAME, HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "displayName": "Service Account Name", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for serving secure content.", + "displayName": "Server Keystore Secret Name", + "name": "HTTPS_SECRET", + "value": "datavirt-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret.", + "displayName": "Server Keystore Filename", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS).", + "displayName": "Server Keystore Type", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate.", + "displayName": "Server Certificate Name", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "Server Keystore Password", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "displayName": "JGroups Secret Name", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datavirt-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the JGroups secret.", + "displayName": "JGroups Keystore Filename", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the JGroups server certificate", + "displayName": "JGroups Certificate Name", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "JGroups Keystore Password", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "Comma delimited list of source directories containing VDBs for deployment", + "displayName": "VDB Deployment Directories", + "name": "VDB_DIRS", + "value": "", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "displayName": "Artifact Directories", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + }, + { + "name": "jdbcs", + "port": 31443, + "targetPort": "jdbcs" + }, + { + "name": "odbc", + "port": 35432, + "targetPort": "odbc" + }, + { + "name": "odbcs", + "port": 35443, + "targetPort": "odbcs" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "port": { + "targetPort": "https" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-jdbc", + "metadata": { + "name": "jdbc-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's JDBC service." + } + }, + "spec": { + "host": "${HOSTNAME_JDBC}", + "port": { + "targetPort": "jdbcs" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-ext", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-ext", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${EXTENSIONS_REPOSITORY_URL}", + "ref": "${EXTENSIONS_REPOSITORY_REF}" + }, + "contextDir": "${EXTENSIONS_DIR}" + }, + "strategy": { + "type": "Docker", + "dockerStrategy": { + "dockerfilePath": "${EXTENSIONS_DOCKERFILE}" + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-client-openshift:1.1" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/datagrid65", + "sourcePath": "/extensions/." + } + ] + }, + { + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/extras", + "sourcePath": "/extensions/." + } + ] + } + ] + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.3" + }, + "env": [ + { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + }, + { + "name": "VDB_DIRS", + "value": "${VDB_DIRS}" + }, + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}-ext:latest" + } + } + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "name": "jboss-datagrid65-client-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + }, + { + "name": "datavirt-keystore-volume", + "mountPath": "/etc/datavirt-secret-volume", + "readOnly": true + }, + { + "name": "datavirt-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "jdbcs", + "containerPort": 31443, + "protocol": "TCP" + }, + { + "name": "odbc", + "containerPort": 35432, + "protocol": "TCP" + }, + { + "name": "odbcs", + "containerPort": 35443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datavirt-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEY_ALIAS", + "value": "${HTTPS_NAME}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "QS_DB_TYPE", + "value": "derby", + "description": "Used soley by the quickstart and set here to ensure the template can be instatiated with its default parameter values, i.e. so itworks ootb." + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "datavirt-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datavirt-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datavirt63-secure-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datavirt63-secure-s2i.json new file mode 100644 index 000000000..1758b1be0 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/datavirt63-secure-s2i.json @@ -0,0 +1,964 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-datavirt", + "tags": "jdv,datavirt,database,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Data Virtualization 6.3 (with SSL)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Data Virtualization application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Data Virtualization based application, including a build configuration, application deployment configuration and ability to configure certificates for serving secure content.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-data-virtualization/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "datavirt63-secure-s2i" + }, + "labels": { + "template": "datavirt63-secure-s2i", + "xpaas": "1.4.7" + }, + "message": "A new data service has been created in your project. The username/password for accessing the service is ${TEIID_USERNAME}/${TEIID_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed VDB(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "datavirt-app", + "required": true + }, + { + "description": "The name of the secret containing configuration properties for the data sources.", + "displayName": "Configuration Secret Name", + "name": "CONFIGURATION_NAME", + "value": "datavirt-app-config", + "required": true + }, + { + "description": "Specify a custom hostname for the http route. Leave blank to use default hostname, e.g.: <service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the https route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom https Route Hostname", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "description": "Specify a custom hostname for the JDBC route. Leave blank to use default hostname, e.g.: secure-<service-name>-<project>.<default-domain-suffix>", + "displayName": "Custom JDBC Route Hostname", + "name": "HOSTNAME_JDBC", + "value": "", + "required": false + }, + { + "description": "The URL of the repository with your application source code.", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Set this to the relative path to your project if it is not in the root of your repository.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "datavirt/dynamicvdb-datafederation/app", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow usage of the secret(s) specified by CONFIGURATION_NAME, HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "displayName": "Service Account Name", + "name": "SERVICE_ACCOUNT_NAME", + "value": "datavirt-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for serving secure content.", + "displayName": "Server Keystore Secret Name", + "name": "HTTPS_SECRET", + "value": "datavirt-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret.", + "displayName": "Server Keystore Filename", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS).", + "displayName": "Server Keystore Type", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate.", + "displayName": "Server Certificate Name", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "Server Keystore Password", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "Username associated with Teiid data service.", + "displayName": "Teiid Username", + "name": "TEIID_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for Teiid user.", + "displayName": "Teiid User Password", + "name": "TEIID_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "Username associated with ModeShape.", + "displayName": "ModeShape Username", + "name": "MODESHAPE_USERNAME", + "from": "[\\a]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Password for ModeShape user.", + "displayName": "ModeShape User Password", + "name": "MODESHAPE_PASSWORD", + "from": "[\\a\\A]{8}[\\d]{1}[\\A]{1}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the GitHub webhook.", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "A secret string used to configure the Generic webhook.", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "displayName": "JGroups Secret Name", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "datavirt-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the JGroups secret.", + "displayName": "JGroups Keystore Filename", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the JGroups server certificate", + "displayName": "JGroups Certificate Name", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "displayName": "JGroups Keystore Password", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "displayName": "JGroups Cluster Password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "displayName": "Deploy Exploded Archives", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "Comma delimited list of source directories containing VDBs for deployment", + "displayName": "VDB Deployment Directories", + "name": "VDB_DIRS", + "value": "", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "displayName": "SSO Server URL", + "name": "SSO_URL", + "value": "", + "required": false + }, + { + "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "displayName": "SSO Server Service URL", + "name": "SSO_SERVICE_URL", + "value": "", + "required": false + }, + { + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "displayName": "SSO Realm", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "displayName": "SSO Username", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "displayName": "SSO User's Password", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "description": "SSO Realm Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.", + "displayName": "SSO Realm Public Key", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "description": "SSO Client Access Type. true or false", + "displayName": "SSO Bearer Only", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "displayName": "SSO SAML Keystore Secret", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "datavirt-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "displayName": "SSO SAML Keystore File", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "displayName": "SSO SAML Certificate Alias", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "displayName": "SSO SAML Keystore Password", + "value": "", + "required": false + }, + { + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "displayName": "SSO Client Secret", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "description": "Enable CORS for SSO applications. true or false", + "name": "SSO_ENABLE_CORS", + "displayName": "SSO Enable CORS", + "value": "false", + "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "displayName": "SSO SAML Logout Page", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "displayName": "SSO Disable SSL Certificate Validation", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "displayName": "SSO Truststore File", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "displayName": "SSO Truststore Password", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "displayName": "SSO Truststore Secret", + "value": "datavirt-app-secret", + "required": false + }, + { + "description": "Comma delimited list of deployments that shoulds be exploded and enabled for SSO OpenIDConnect via auth-method", + "name": "SSO_OPENIDCONNECT_DEPLOYMENTS", + "displayName": "SSO OpenIDConnect Deployments", + "value": "", + "required": false + }, + { + "description": "Comma delimited list of deployments that shoulds be exploded and enabled for SSO SAML via auth-method", + "name": "SSO_SAML_DEPLOYMENTS", + "displayName": "SSO SAML Deployments", + "value": "", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "displayName": "Artifact Directories", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "name": "http", + "port": 8080, + "targetPort": "http" + }, + { + "name": "https", + "port": 8443, + "targetPort": "https" + }, + { + "name": "jdbc", + "port": 31000, + "targetPort": "jdbc" + }, + { + "name": "jdbcs", + "port": 31443, + "targetPort": "jdbcs" + }, + { + "name": "odbc", + "port": 35432, + "targetPort": "odbc" + }, + { + "name": "odbcs", + "port": 35443, + "targetPort": "odbcs" + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The data virtualization services." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "port": { + "targetPort": "http" + }, + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https (REST) service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "port": { + "targetPort": "https" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-jdbc", + "metadata": { + "name": "jdbc-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's JDBC service." + } + }, + "spec": { + "host": "${HOSTNAME_JDBC}", + "port": { + "targetPort": "jdbcs" + }, + "to": { + "name": "${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datagrid65-client-openshift:1.1" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/datagrid65", + "sourcePath": "/extensions/." + } + ] + } + ] + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-datavirt63-openshift:1.3" + }, + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + }, + { + "name": "VDB_DIRS", + "value": "${VDB_DIRS}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "name": "jboss-datagrid65-client-openshift:1.1" + } + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/datavirt-environment", + "readOnly": true + }, + { + "name": "datavirt-keystore-volume", + "mountPath": "/etc/datavirt-secret-volume", + "readOnly": true + }, + { + "name": "datavirt-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "jdbc", + "containerPort": 31000, + "protocol": "TCP" + }, + { + "name": "jdbcs", + "containerPort": 31443, + "protocol": "TCP" + }, + { + "name": "odbc", + "containerPort": 35432, + "protocol": "TCP" + }, + { + "name": "odbcs", + "containerPort": 35443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/datavirt-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, + { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }, + { + "name": "MODESHAPE_USERNAME", + "value": "${MODESHAPE_USERNAME}" + }, + { + "name": "MODESHAPE_PASSWORD", + "value": "${MODESHAPE_PASSWORD}" + }, + { + "name": "ENV_FILES", + "value": "/etc/datavirt-environment/*" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEY_ALIAS", + "value": "${HTTPS_NAME}" + }, + { + "name": "DATAVIRT_TRANSPORT_KEYSTORE_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + }, + { + "name": "SSO_OPENIDCONNECT_DEPLOYMENTS", + "value": "${SSO_OPENIDCONNECT_DEPLOYMENTS}" + }, + { + "name": "SSO_SAML_DEPLOYMENTS", + "value": "${SSO_SAML_DEPLOYMENTS}" + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "datavirt-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "datavirt-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-amq-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/decisionserver64-amq-s2i.json index ecea54d94..3006a7265 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/decisionserver64-amq-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.3 decision server A-MQ applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server + A-MQ (with https)" - }, - "name": "decisionserver63-amq-s2i" + "iconClass": "icon-decisionserver", + "tags": "decisionserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BRMS 6.4 decision server + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BRMS decision server A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss BRMS 6.4 decision server with A-MQ application, including a build configuration and application deployment configuration.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-brms/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "decisionserver64-amq-s2i" }, "labels": { - "template": "decisionserver63-amq-s2i", - "xpaas": "1.4.0" + "template": "decisionserver64-amq-s2i", + "xpaas": "1.4.7" }, "message": "A new BRMS/A-MQ application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -392,7 +396,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver63-openshift:1.4" + "name": "jboss-decisionserver64-openshift:1.1" } } }, @@ -626,7 +630,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-63:1.2" } } }, @@ -651,7 +655,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "jboss-amq-62", + "image": "jboss-amq-63", "imagePullPolicy": "Always", "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/decisionserver64-basic-s2i.json index d655dbe94..eaee9c1a5 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/decisionserver64-basic-s2i.json @@ -3,17 +3,17 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.3 decision server applications built using S2I.", - "iconClass": "icon-jboss", + "description": "Application template for Red Hat JBoss BRMS 6.4 decision server applications built using S2I.", + "iconClass": "icon-decisionserver", "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server (no https)" + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss BRMS 6.4 decision server (no https)" }, - "name": "decisionserver63-basic-s2i" + "name": "decisionserver64-basic-s2i" }, "labels": { - "template": "decisionserver63-basic-s2i", - "xpaas": "1.4.0" + "template": "decisionserver64-basic-s2i", + "xpaas": "1.4.7" }, "message": "A new BRMS application has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}.", "parameters": [ @@ -227,7 +227,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver63-openshift:1.4" + "name": "jboss-decisionserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-https-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/decisionserver64-https-s2i.json index 78e79c0cf..cb6eb1706 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver63-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/decisionserver64-https-s2i.json @@ -3,17 +3,22 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.3 decision server HTTPS applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.3 decision server (with https)" + "description": "Application template for Red Hat JBoss BRMS 6.4 decision server HTTPS applications built using S2I.", + "iconClass": "icon-decisionserver", + "tags": "decisionserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BRMS 6.4 decision server (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BRMS decision server application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss BRMS 6.4 decision server, including a build configuration, application deployment configuration and secured using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-brms/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "decisionserver63-https-s2i" + "name": "decisionserver64-https-s2i" }, "labels": { - "template": "decisionserver63-https-s2i", - "xpaas": "1.4.0" + "template": "decisionserver64-https-s2i", + "xpaas": "1.4.7" }, "message": "A new BRMS application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -323,7 +328,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver63-openshift:1.4" + "name": "jboss-decisionserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-amq-persistent-s2i.json new file mode 100644 index 000000000..9ebbfd06c --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-amq-persistent-s2i.json @@ -0,0 +1,876 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ with persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap64-amq-persistent-s2i" + }, + "labels": { + "template": "eap64-amq-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 6 and A-MQ persistent based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "6.4.x", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "displayName": "A-MQ Volume Size", + "description": "Size of the volume used by A-MQ for persisting messages.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "JMS Connection Factory JNDI Name", + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/opt/amq/data/kahadb", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-amq-s2i.json new file mode 100644 index 000000000..6b0e1a30c --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-amq-s2i.json @@ -0,0 +1,821 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + A-MQ (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap64-amq-s2i" + }, + "labels": { + "template": "eap64-amq-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 6 and A-MQ based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "6.4.x", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "displayName": "JMS Connection Factory JNDI Name", + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-basic-s2i.json index 25b2c162c..17fdd2333 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-basic-s2i.json @@ -3,47 +3,29 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.2 decision server applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.3.3", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server (no https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "decisionserver62-basic-s2i" + "name": "eap64-basic-s2i" }, "labels": { - "template": "decisionserver62-basic-s2i", - "xpaas": "1.3.3" + "template": "eap64-basic-s2i", + "xpaas": "1.4.7" }, - "message": "A new BRMS application has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}.", + "message": "A new EAP 6 based application has been created in your project.", "parameters": [ { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "kie-app", + "value": "eap-app", "required": true }, { @@ -57,21 +39,21 @@ "displayName": "Git Repository URL", "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", "required": true }, { "displayName": "Git Reference", "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", + "value": "6.4.x", "required": false }, { "displayName": "Context Directory", "description": "Path within Git project to build; empty for root project directory.", "name": "CONTEXT_DIR", - "value": "decisionserver/hellorules", + "value": "kitchensink", "required": false }, { @@ -118,6 +100,34 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false } ], "objects": [ @@ -198,15 +208,19 @@ "sourceStrategy": { "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" } ], "forcePull": true, "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver62-openshift:1.2" + "name": "jboss-eap64-openshift:1.6" } } }, @@ -317,20 +331,25 @@ "name": "http", "containerPort": 8080, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" }, { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { "name": "HORNETQ_CLUSTER_PASSWORD", @@ -343,6 +362,14 @@ { "name": "HORNETQ_TOPICS", "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-https-s2i.json index 85605d642..8616ac04f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-https-s2i.json @@ -3,61 +3,29 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.2 decision server HTTPS applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.3.3", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server (with https)" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "decisionserver62-https-s2i" + "name": "eap64-https-s2i" }, "labels": { - "template": "decisionserver62-https-s2i", - "xpaas": "1.3.3" + "template": "eap64-https-s2i", + "xpaas": "1.4.7" }, - "message": "A new BRMS application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", + "message": "A new EAP 6 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", - "required": false - }, - { - "displayName": "KIE Server Protocol", - "description": "The protocol to access the KIE Server REST interface.", - "name": "KIE_SERVER_PROTOCOL", - "value": "https", - "required": false - }, - { - "displayName": "KIE Server Port", - "description": "The port to access the KIE Server REST interface.", - "name": "KIE_SERVER_PORT", - "value": "8443", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "kie-app", + "value": "eap-app", "required": true }, { @@ -78,21 +46,21 @@ "displayName": "Git Repository URL", "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", "required": true }, { "displayName": "Git Reference", "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", + "value": "6.4.x", "required": false }, { "displayName": "Context Directory", "description": "Path within Git project to build; empty for root project directory.", "name": "CONTEXT_DIR", - "value": "decisionserver/hellorules", + "value": "kitchensink", "required": false }, { @@ -110,10 +78,17 @@ "required": false }, { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "decisionserver-app-secret", + "value": "eap-app-secret", "required": true }, { @@ -124,17 +99,24 @@ "required": false }, { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "displayName": "Server Certificate Name", "description": "The name associated with the server certificate", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { "displayName": "Server Keystore Password", "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -167,6 +149,62 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false } ], "objects": [ @@ -294,15 +332,19 @@ "sourceStrategy": { "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" } ], "forcePull": true, "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver62-openshift:1.2" + "name": "jboss-eap64-openshift:1.6" } } }, @@ -379,7 +421,7 @@ } }, "spec": { - "serviceAccountName": "decisionserver-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -388,8 +430,13 @@ "imagePullPolicy": "Always", "volumeMounts": [ { - "name": "decisionserver-keystore-volume", - "mountPath": "/etc/decisionserver-secret-volume", + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true } ], @@ -426,38 +473,39 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" }, { - "name": "KIE_SERVER_PROTOCOL", - "value": "${KIE_SERVER_PROTOCOL}" - }, - { - "name": "KIE_SERVER_PORT", - "value": "${KIE_SERVER_PORT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/decisionserver-secret-volume" + "value": "/etc/eap-secret-volume" }, { "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -476,16 +524,50 @@ { "name": "HORNETQ_TOPICS", "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } ], "volumes": [ { - "name": "decisionserver-keystore-volume", + "name": "eap-keystore-volume", "secret": { "secretName": "${HTTPS_SECRET}" } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mongodb-persistent-s2i.json new file mode 100644 index 000000000..ea3b46d78 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -0,0 +1,855 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MongoDB (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap64-mongodb-persistent-s2i" + }, + "labels": { + "template": "eap64-mongodb-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 6 and MongoDB persistent based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MongoDB No Preallocation", + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "displayName": "MongoDB Small Files", + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "displayName": "MongoDB Quiet", + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "displayName": "HornetQ Password", + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database admin password", + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MongoDB Image Stream Tag", + "description": "The tag to use for the \"mongodb\" image stream. Typically, this aligns with the major.minor version of MongoDB.", + "name": "MONGODB_IMAGE_STREAM_TAG", + "value": "3.2", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:${MONGODB_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mongodb/data", + "name": "${APPLICATION_NAME}-mongodb-pvol" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mongodb-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mongodb-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mongodb-s2i.json new file mode 100644 index 000000000..4aa9be281 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mongodb-s2i.json @@ -0,0 +1,814 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MongoDB (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap64-mongodb-s2i" + }, + "labels": { + "template": "eap64-mongodb-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 6 and MongoDB based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MongoDB No Preallocation", + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "displayName": "MongoDB Small Files", + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "displayName": "MongoDB Quiet", + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "displayName": "HornetQ Password", + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database admin password", + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MongoDB Image Stream Tag", + "description": "The tag to use for the \"mongodb\" image stream. Typically, this aligns with the major.minor version of MongoDB.", + "name": "MONGODB_IMAGE_STREAM_TAG", + "value": "3.2", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:${MONGODB_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mysql-persistent-s2i.json new file mode 100644 index 000000000..304f11348 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -0,0 +1,867 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap64-mysql-persistent-s2i" + }, + "labels": { + "template": "eap64-mysql-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 6 and MySQL persistent based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "HornetQ Password", + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mysql-s2i.json new file mode 100644 index 000000000..bc1cdaca5 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-mysql-s2i.json @@ -0,0 +1,826 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap64-mysql-s2i" + }, + "labels": { + "template": "eap64-mysql-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 6 and MySQL based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "HornetQ Password", + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-postgresql-persistent-s2i.json new file mode 100644 index 000000000..d2e6ea25b --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -0,0 +1,841 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4 + PostgreSQL (Persistent with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap64-postgresql-persistent-s2i" + }, + "labels": { + "template": "eap64-postgresql-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 6 and PostgreSQL persistent based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "HornetQ Password", + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-postgresql-s2i.json new file mode 100644 index 000000000..7a2d4009e --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-postgresql-s2i.json @@ -0,0 +1,800 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap64-postgresql-s2i" + }, + "labels": { + "template": "eap64-postgresql-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 6 and PostgreSQL based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.2", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "HornetQ Password", + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-sso-s2i.json new file mode 100644 index 000000000..368f147f4 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-sso-s2i.json @@ -0,0 +1,816 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 6.4 + Single Sign-On (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 Single Sign-On application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration and integrated with Red Hat Single Sign-On.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap64-sso-s2i" + }, + "labels": { + "template": "eap64-sso-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 6 based application with SSL and SSO support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "displayName": "Custom https Route Hostname", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "HornetQ Password", + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "URL for SSO", + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "displayName": "URL for SSO (internal service)", + "description": "The URL for the internal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "displayName": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "displayName": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "displayName": "SSO Password", + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "SSO Public Key", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "displayName": "SSO Bearer Only?", + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "displayName": "Artifact Directories", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "displayName": "SSO SAML Keystore Secret", + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "SSO SAML Keystore", + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "SSO SAML Certificate Name", + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "displayName": "SSO SAML Keystore Password", + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "displayName": "SSO Client Secret", + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Enable CORS for SSO?", + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "displayName": "SSO SAML Logout Page", + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "displayName": "Disable SSL Validation in EAP->SSO communication", + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "displayName": "SSO Trust Store", + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "displayName": "SSO Trust Store Password", + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "SSO Trust Store Secret", + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.6" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + }, + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-third-party-db-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-third-party-db-s2i.json new file mode 100644 index 000000000..701f4eee6 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap64-third-party-db-s2i.json @@ -0,0 +1,650 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss EAP 6.4 (with https, DB drivers)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 6 DB application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 6.4 based application, including a build configuration, application deployment configuration, using third-party DB drivers and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap64-third-party-db-s2i" + }, + "labels": { + "template": "eap64-third-party-db-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 6 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets:\"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed application(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Configuration Secret Name", + "description": "The name of the secret containing configuration properties for the datasources.", + "name": "CONFIGURATION_NAME", + "value": "eap-app-config", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "datavirt/hibernate-webapp", + "required": false + }, + { + "displayName": "Drivers ImageStreamTag", + "description": "ImageStreamTag definition for the image containing the drivers and configuration, e.g. jboss-datavirt63-openshift:1.0-driver", + "name": "EXTENSIONS_IMAGE", + "value": "jboss-datavirt63-driver-openshift:1.1", + "required": true + }, + { + "displayName": "Drivers ImageStream Namespace", + "description": "Namespace within which the ImageStream definition for the image containing the drivers and configuration is located.", + "name": "EXTENSIONS_IMAGE_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Drivers Image Install Directory", + "description": "Full path to the directory within the extensions image where the extensions are located (e.g. install.sh, modules/, etc.)", + "name": "EXTENSIONS_INSTALL_DIR", + "value": "/extensions", + "required": true + }, + { + "displayName": "Queue Names", + "description": "Queue names to preconfigure within HornetQ subsystem.", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topic Names", + "description": "Topic names to preconfigure within HornetQ subsystem.", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "displayName": "HornetQ Cluster Admin Password", + "description": "Admin password for HornetQ cluster.", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the JGroups secret.", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the JGroups server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "namespace": "${EXTENSIONS_IMAGE_NAMESPACE}", + "name": "${EXTENSIONS_IMAGE}" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/extras", + "sourcePath": "${EXTENSIONS_INSTALL_DIR}/." + } + ] + } + ] + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap64-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${EXTENSIONS_IMAGE_NAMESPACE}", + "name": "${EXTENSIONS_IMAGE}" + } + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/eap-environment", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "ENV_FILES", + "value": "/etc/eap-environment/*" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-amq-persistent-s2i.json new file mode 100644 index 000000000..d16756bad --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-amq-persistent-s2i.json @@ -0,0 +1,876 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ with persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-amq-persistent-s2i" + }, + "labels": { + "template": "eap70-amq-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and A-MQ persistent based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "displayName": "A-MQ Volume Size", + "description": "Size of the volume used by A-MQ for persisting messages.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "JMS Connection Factory JNDI Name", + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/opt/amq/data/kahadb", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-amq-s2i.json index 1989036fa..70323214f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-amq-s2i.json @@ -3,61 +3,29 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BRMS 6.2 decision server A-MQ applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "decisionserver,jboss,xpaas", - "version": "1.3.3", - "openshift.io/display-name": "Red Hat JBoss BRMS 6.2 decision server + A-MQ (with https)" - }, - "name": "decisionserver62-amq-s2i" + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-amq-s2i" }, "labels": { - "template": "decisionserver62-amq-s2i", - "xpaas": "1.3.3" + "template": "eap70-amq-s2i", + "xpaas": "1.4.7" }, - "message": "A new BRMS/A-MQ application with SSL support has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"decisionserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", + "message": "A new EAP 7 and A-MQ based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", "parameters": [ { - "displayName": "KIE Container Deployment", - "description": "The KIE Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2", - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "HelloRulesContainer=org.openshift.quickstarts:decisionserver-hellorules:1.2.0.Final", - "required": false - }, - { - "displayName": "KIE Server Username", - "description": "The user name to access the KIE Server REST or JMS interface.", - "name": "KIE_SERVER_USER", - "value": "kieserver", - "required": false - }, - { - "displayName": "KIE Server Password", - "description": "The password to access the KIE Server REST or JMS interface. Must be different than username; must not be root, admin, or administrator; must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), and 1 non-alphanumeric symbol(s).", - "name": "KIE_SERVER_PASSWORD", - "from": "[a-zA-Z]{6}[0-9]{1}!", - "generate": "expression", - "required": false - }, - { - "displayName": "KIE Server Domain", - "description": "JAAS LoginContext domain that shall be used to authenticate users when using JMS.", - "name": "KIE_SERVER_DOMAIN", - "value": "other", - "required": false - }, - { - "displayName": "KIE Server JMS Queues Response", - "description": "JNDI name of response queue for JMS.", - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "queue/KIE.SERVER.RESPONSE", - "required": false - }, - { "displayName": "Application Name", "description": "The name for the application.", "name": "APPLICATION_NAME", - "value": "kie-app", + "value": "eap-app", "required": true }, { @@ -85,21 +53,21 @@ "displayName": "Git Reference", "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "1.2", + "value": "1.3", "required": false }, { "displayName": "Context Directory", "description": "Path within Git project to build; empty for root project directory.", "name": "CONTEXT_DIR", - "value": "decisionserver/hellorules", + "value": "helloworld-mdb", "required": false }, { "displayName": "JMS Connection Factory JNDI Name", - "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/JmsXA", + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", "name": "MQ_JNDI", - "value": "java:/JmsXA", + "value": "java:/ConnectionFactory", "required": false }, { @@ -113,22 +81,36 @@ "displayName": "Queues", "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", "name": "MQ_QUEUES", - "value": "KIE.SERVER.REQUEST,KIE.SERVER.RESPONSE", + "value": "HELLOWORLDMDBQueue", "required": false }, { "displayName": "Topics", "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", "value": "", "required": false }, { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "displayName": "Server Keystore Secret Name", "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "decisionserver-app-secret", - "required": false + "value": "eap7-app-secret", + "required": true }, { "displayName": "Server Keystore Filename", @@ -138,17 +120,24 @@ "required": false }, { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "displayName": "Server Certificate Name", "description": "The name associated with the server certificate", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { "displayName": "Server Keystore Password", "description": "The password for the keystore and certificate", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -203,6 +192,62 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false } ], "objects": [ @@ -356,15 +401,19 @@ "sourceStrategy": { "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" } ], "forcePull": true, "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-decisionserver62-openshift:1.2" + "name": "jboss-eap70-openshift:1.6" } } }, @@ -441,7 +490,7 @@ } }, "spec": { - "serviceAccountName": "decisionserver-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -450,8 +499,13 @@ "imagePullPolicy": "Always", "volumeMounts": [ { - "name": "decisionserver-keystore-volume", - "mountPath": "/etc/decisionserver-secret-volume", + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true } ], @@ -488,30 +542,15 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ { - "name": "KIE_CONTAINER_DEPLOYMENT", - "value": "${KIE_CONTAINER_DEPLOYMENT}" - }, - { - "name": "KIE_SERVER_USER", - "value": "${KIE_SERVER_USER}" - }, - { - "name": "KIE_SERVER_PASSWORD", - "value": "${KIE_SERVER_PASSWORD}" - }, - { - "name": "KIE_SERVER_DOMAIN", - "value": "${KIE_SERVER_DOMAIN}" - }, - { - "name": "KIE_SERVER_JMS_QUEUES_RESPONSE", - "value": "${KIE_SERVER_JMS_QUEUES_RESPONSE}" - }, - { "name": "MQ_SERVICE_PREFIX_MAPPING", "value": "${APPLICATION_NAME}-amq=MQ" }, @@ -540,30 +579,84 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { "name": "HTTPS_KEYSTORE_DIR", - "value": "/etc/decisionserver-secret-volume" + "value": "/etc/eap-secret-volume" }, { "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, { "name": "HTTPS_PASSWORD", "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } ], "volumes": [ { - "name": "decisionserver-keystore-volume", + "name": "eap-keystore-volume", "secret": { "secretName": "${HTTPS_SECRET}" } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } } ] } @@ -594,7 +687,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-62:1.6" } } }, @@ -686,6 +779,18 @@ "value": "${MQ_PROTOCOL}" }, { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-basic-s2i.json new file mode 100644 index 000000000..312db1971 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-basic-s2i.json @@ -0,0 +1,382 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-basic-s2i" + }, + "labels": { + "template": "eap70-basic-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application has been created in your project.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.0.GA", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-https-s2i.json new file mode 100644 index 000000000..7c3b35f5a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-https-s2i.json @@ -0,0 +1,578 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-https-s2i" + }, + "labels": { + "template": "eap70-https-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.0.GA", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mongodb-persistent-s2i.json new file mode 100644 index 000000000..205e451c7 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mongodb-persistent-s2i.json @@ -0,0 +1,855 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + MongoDB (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-mongodb-persistent-s2i" + }, + "labels": { + "template": "eap70-mongodb-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MongoDB persistent based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MongoDB No Preallocation", + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "displayName": "MongoDB Small Files", + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "displayName": "MongoDB Quiet", + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database admin password", + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MongoDB Image Stream Tag", + "description": "The tag to use for the \"mongodb\" image stream. Typically, this aligns with the major.minor version of MongoDB.", + "name": "MONGODB_IMAGE_STREAM_TAG", + "value": "3.2", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:${MONGODB_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mongodb/data", + "name": "${APPLICATION_NAME}-mongodb-pvol" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mongodb-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mongodb-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mongodb-s2i.json new file mode 100644 index 000000000..63b57d5dc --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mongodb-s2i.json @@ -0,0 +1,814 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Boss EAP 7.0 + MongoDB (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-mongodb-s2i" + }, + "labels": { + "template": "eap70-mongodb-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MongoDB based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MongoDB No Preallocation", + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "displayName": "MongoDB Small Files", + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "displayName": "MongoDB Quiet", + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database admin password", + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MongoDB Image Stream Tag", + "description": "The tag to use for the \"mongodb\" image stream. Typically, this aligns with the major.minor version of MongoDB.", + "name": "MONGODB_IMAGE_STREAM_TAG", + "value": "3.2", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:${MONGODB_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mysql-persistent-s2i.json new file mode 100644 index 000000000..f9f77f22c --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mysql-persistent-s2i.json @@ -0,0 +1,871 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-mysql-persistent-s2i" + }, + "labels": { + "template": "eap70-mysql-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MySQL persistent based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mysql-s2i.json new file mode 100644 index 000000000..8ea433a80 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-mysql-s2i.json @@ -0,0 +1,830 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-mysql-s2i" + }, + "labels": { + "template": "eap70-mysql-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MySQL based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-postgresql-persistent-s2i.json new file mode 100644 index 000000000..a2bc9d3b9 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-postgresql-persistent-s2i.json @@ -0,0 +1,845 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + PostgreSQL (Persistent with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-postgresql-persistent-s2i" + }, + "labels": { + "template": "eap70-postgresql-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and PostgreSQL persistent based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-postgresql-s2i.json new file mode 100644 index 000000000..66b0c737d --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-postgresql-s2i.json @@ -0,0 +1,804 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-postgresql-s2i" + }, + "labels": { + "template": "eap70-postgresql-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and PostgreSQL based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-sso-s2i.json new file mode 100644 index 000000000..2201ff7f3 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-sso-s2i.json @@ -0,0 +1,816 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 + Single Sign-On (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 Single Sign-On application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration and integrated with Red Hat Single Sign-On.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-sso-s2i" + }, + "labels": { + "template": "eap70-sso-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application with SSL and SSO support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "displayName": "Custom https Route Hostname", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "URL for SSO", + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "displayName": "URL for SSO (internal service)", + "description": "The URL for the internal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "displayName": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "displayName": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "displayName": "SSO Password", + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "SSO Public Key", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "displayName": "SSO Bearer Only?", + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "displayName": "Artifact Directories", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "displayName": "SSO SAML Keystore Secret", + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "SSO SAML Keystore", + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "SSO SAML Certificate Name", + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "displayName": "SSO SAML Keystore Password", + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "displayName": "SSO Client Secret", + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Enable CORS for SSO?", + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "displayName": "SSO SAML Logout Page", + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "displayName": "Disable SSL Validation in EAP->SSO communication", + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "displayName": "SSO Trust Store", + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "displayName": "SSO Trust Store Password", + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "SSO Trust Store Secret", + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + }, + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-third-party-db-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-third-party-db-s2i.json new file mode 100644 index 000000000..3ca69f6c7 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap70-third-party-db-s2i.json @@ -0,0 +1,650 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.0 (with https, DB drivers)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 DB application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.0 based application, including a build configuration, application deployment configuration, using third-party DB drivers and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap70-third-party-db-s2i" + }, + "labels": { + "template": "eap70-third-party-db-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets:\"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed application(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Configuration Secret Name", + "description": "The name of the secret containing configuration properties for the datasources.", + "name": "CONFIGURATION_NAME", + "value": "eap-app-config", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "datavirt/hibernate-webapp", + "required": false + }, + { + "displayName": "Drivers ImageStreamTag", + "description": "ImageStreamTag definition for the image containing the drivers and configuration, e.g. jboss-datavirt63-openshift:1.0-driver", + "name": "EXTENSIONS_IMAGE", + "value": "jboss-datavirt63-driver-openshift:1.1", + "required": true + }, + { + "displayName": "Drivers ImageStream Namespace", + "description": "Namespace within which the ImageStream definition for the image containing the drivers and configuration is located.", + "name": "EXTENSIONS_IMAGE_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Drivers Image Install Directory", + "description": "Full path to the directory within the extensions image where the extensions are located (e.g. install.sh, modules/, etc.)", + "name": "EXTENSIONS_INSTALL_DIR", + "value": "/extensions", + "required": true + }, + { + "displayName": "Queue Names", + "description": "Queue names to preconfigure within Messaging subsystem.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topic Names", + "description": "Topic names to preconfigure within Messaging subsystem.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "displayName": "Messaging Cluster Admin Password", + "description": "Admin password for Messaging cluster.", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the JGroups secret.", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the JGroups server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "namespace": "${EXTENSIONS_IMAGE_NAMESPACE}", + "name": "${EXTENSIONS_IMAGE}" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/extras", + "sourcePath": "${EXTENSIONS_INSTALL_DIR}/." + } + ] + } + ] + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.6" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${EXTENSIONS_IMAGE_NAMESPACE}", + "name": "${EXTENSIONS_IMAGE}" + } + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/eap-environment", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "ENV_FILES", + "value": "/etc/eap-environment/*" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-amq-persistent-s2i.json new file mode 100644 index 000000000..dbc1a8013 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-amq-persistent-s2i.json @@ -0,0 +1,876 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ with persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-amq-persistent-s2i" + }, + "labels": { + "template": "eap71-amq-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and A-MQ persistent based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "displayName": "A-MQ Volume Size", + "description": "Size of the volume used by A-MQ for persisting messages.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "JMS Connection Factory JNDI Name", + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "displayName": "Split Data?", + "description": "Split the data directory for each node in a mesh.", + "name": "AMQ_SPLIT", + "value": "false", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "maxSurge": 0 + } + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/opt/amq/data/kahadb", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_SPLIT", + "value": "${AMQ_SPLIT}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-amq-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-amq-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-amq-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-amq-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-amq-s2i.json new file mode 100644 index 000000000..6e330eae9 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-amq-s2i.json @@ -0,0 +1,821 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,xpaas,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + A-MQ (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 A-MQ application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, using Red Hat JBoss A-MQ and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-amq-s2i" + }, + "labels": { + "template": "eap71-amq-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and A-MQ based application with SSL support has been created in your project. The username/password for accessing the A-MQ service is ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts.git", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "helloworld-mdb", + "required": false + }, + { + "displayName": "JMS Connection Factory JNDI Name", + "description": "JNDI name for connection factory used by applications to connect to the broker, e.g. java:/ConnectionFactory", + "name": "MQ_JNDI", + "value": "java:/ConnectionFactory", + "required": false + }, + { + "displayName": "A-MQ Protocols", + "description": "Broker protocols to configure, separated by commas. Allowed values are: `openwire`, `amqp`, `stomp` and `mqtt`. Only `openwire` is supported by EAP.", + "name": "MQ_PROTOCOL", + "value": "openwire", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names, separated by commas. These queues will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_QUEUES", + "value": "HELLOWORLDMDBQueue", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names, separated by commas. These topics will be automatically created when the broker starts. Also, they will be made accessible as JNDI resources in EAP.", + "name": "MQ_TOPICS", + "value": "HELLOWORLDMDBTopic", + "required": false + }, + { + "displayName": "A-MQ Serializable Packages", + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "A-MQ Username", + "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Password", + "description": "Password for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", + "name": "MQ_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": false + }, + { + "displayName": "A-MQ Mesh Discovery Type", + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false + }, + { + "displayName": "A-MQ Storage Limit", + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTP port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's HTTPS port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-amq-tcp\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 61616, + "targetPort": 61616 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-amq-tcp", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The broker's OpenWire port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTP service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's HTTPS service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MQ_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-amq=MQ" + }, + { + "name": "MQ_JNDI", + "value": "${MQ_JNDI}" + }, + { + "name": "MQ_USERNAME", + "value": "${MQ_USERNAME}" + }, + { + "name": "MQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "MQ_PROTOCOL", + "value": "tcp" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-amq" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-amq-62:1.6" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-amq" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-amq", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-amq", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-amq", + "image": "jboss-amq-62", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/amq/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "amqp", + "containerPort": 5672, + "protocol": "TCP" + }, + { + "name": "amqp-ssl", + "containerPort": 5671, + "protocol": "TCP" + }, + { + "name": "mqtt", + "containerPort": 1883, + "protocol": "TCP" + }, + { + "name": "stomp", + "containerPort": 61613, + "protocol": "TCP" + }, + { + "name": "stomp-ssl", + "containerPort": 61612, + "protocol": "TCP" + }, + { + "name": "tcp", + "containerPort": 61616, + "protocol": "TCP" + }, + { + "name": "tcp-ssl", + "containerPort": 61617, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "AMQ_USER", + "value": "${MQ_USERNAME}" + }, + { + "name": "AMQ_PASSWORD", + "value": "${MQ_PASSWORD}" + }, + { + "name": "AMQ_TRANSPORTS", + "value": "${MQ_PROTOCOL}" + }, + { + "name": "AMQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "AMQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-basic-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-basic-s2i.json new file mode 100644 index 000000000..892ec468c --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-basic-s2i.json @@ -0,0 +1,382 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-basic-s2i" + }, + "labels": { + "template": "eap71-basic-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application has been created in your project.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.0.GA", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-https-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-https-s2i.json new file mode 100644 index 000000000..7426830ec --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-https-s2i.json @@ -0,0 +1,578 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-https-s2i" + }, + "labels": { + "template": "eap71-https-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.0.GA", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "kitchensink", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mongodb-persistent-s2i.json new file mode 100644 index 000000000..fb7f27acf --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mongodb-persistent-s2i.json @@ -0,0 +1,855 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MongoDB (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mongodb-persistent-s2i" + }, + "labels": { + "template": "eap71-mongodb-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MongoDB persistent based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MongoDB No Preallocation", + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "displayName": "MongoDB Small Files", + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "displayName": "MongoDB Quiet", + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database admin password", + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MongoDB Image Stream Tag", + "description": "The tag to use for the \"mongodb\" image stream. Typically, this aligns with the major.minor version of MongoDB.", + "name": "MONGODB_IMAGE_STREAM_TAG", + "value": "3.2", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:${MONGODB_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mongodb/data", + "name": "${APPLICATION_NAME}-mongodb-pvol" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mongodb-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mongodb-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mongodb-s2i.json new file mode 100644 index 000000000..915c9ba0a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mongodb-s2i.json @@ -0,0 +1,814 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MongoDB (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mongodb-s2i" + }, + "labels": { + "template": "eap71-mongodb-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MongoDB based application with SSL support has been created in your project. The username/password for accessing the MongoDB database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-mongodb", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mongodb", + "name": "DB_JNDI", + "value": "", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MongoDB No Preallocation", + "description": "Disable data file preallocation.", + "name": "MONGODB_NOPREALLOC", + "required": false + }, + { + "displayName": "MongoDB Small Files", + "description": "Set MongoDB to use a smaller default data file size.", + "name": "MONGODB_SMALLFILES", + "required": false + }, + { + "displayName": "MongoDB Quiet", + "description": "Runs MongoDB in a quiet mode that attempts to limit the amount of output.", + "name": "MONGODB_QUIET", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database admin password", + "description": "Database admin password", + "name": "DB_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MongoDB Image Stream Tag", + "description": "The tag to use for the \"mongodb\" image stream. Typically, this aligns with the major.minor version of MongoDB.", + "name": "MONGODB_IMAGE_STREAM_TAG", + "value": "3.2", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mongodb\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 27017, + "targetPort": 27017 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mongodb=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "DB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mongodb" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mongodb:${MONGODB_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mongodb", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mongodb", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mongodb", + "image": "mongodb", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 27017, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MONGODB_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MONGODB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MONGODB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MONGODB_ADMIN_PASSWORD", + "value": "${DB_ADMIN_PASSWORD}" + }, + { + "name": "MONGODB_NOPREALLOC", + "value": "${MONGODB_NOPREALLOC}" + }, + { + "name": "MONGODB_SMALLFILES", + "value": "${MONGODB_SMALLFILES}" + }, + { + "name": "MONGODB_QUIET", + "value": "${MONGODB_QUIET}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mysql-persistent-s2i.json new file mode 100644 index 000000000..6af9e5f50 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mysql-persistent-s2i.json @@ -0,0 +1,871 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mysql-persistent-s2i" + }, + "labels": { + "template": "eap71-mysql-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MySQL persistent based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/mysql/data", + "name": "${APPLICATION_NAME}-mysql-pvol" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-mysql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-mysql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-mysql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mysql-s2i.json new file mode 100644 index 000000000..c7d14d3c7 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-mysql-s2i.json @@ -0,0 +1,830 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-mysql-s2i" + }, + "labels": { + "template": "eap71-mysql-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and MySQL based application with SSL support has been created in your project. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/mysql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "MySQL Lower Case Table Names", + "description": "Sets how the table names are stored and compared.", + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "required": false + }, + { + "displayName": "MySQL Maximum number of connections", + "description": "The maximum permitted number of simultaneous client connections.", + "name": "MYSQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "MySQL FullText Minimum Word Length", + "description": "The minimum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MIN_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL FullText Maximum Word Length", + "description": "The maximum length of the word to be included in a FULLTEXT index.", + "name": "MYSQL_FT_MAX_WORD_LEN", + "required": false + }, + { + "displayName": "MySQL AIO", + "description": "Controls the innodb_use_native_aio setting value if the native AIO is broken.", + "name": "MYSQL_AIO", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "MySQL Image Stream Tag", + "description": "The tag to use for the \"mysql\" image stream. Typically, this aligns with the major.minor version of MySQL.", + "name": "MYSQL_IMAGE_STREAM_TAG", + "value": "5.7", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-mysql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 3306, + "targetPort": 3306 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-mysql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "mysql:${MYSQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-mysql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-mysql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-mysql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-mysql", + "image": "mysql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "MYSQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "${MYSQL_LOWER_CASE_TABLE_NAMES}" + }, + { + "name": "MYSQL_MAX_CONNECTIONS", + "value": "${MYSQL_MAX_CONNECTIONS}" + }, + { + "name": "MYSQL_FT_MIN_WORD_LEN", + "value": "${MYSQL_FT_MIN_WORD_LEN}" + }, + { + "name": "MYSQL_FT_MAX_WORD_LEN", + "value": "${MYSQL_FT_MAX_WORD_LEN}" + }, + { + "name": "MYSQL_AIO", + "value": "${MYSQL_AIO}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-postgresql-persistent-s2i.json new file mode 100644 index 000000000..a8d77b0ab --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-postgresql-persistent-s2i.json @@ -0,0 +1,845 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-postgresql-persistent-s2i" + }, + "labels": { + "template": "eap71-postgresql-persistent-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and PostgreSQL persistent based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Database Volume Capacity", + "description": "Size of persistent storage for database volume.", + "name": "VOLUME_CAPACITY", + "value": "512Mi", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "volumeMounts": [ + { + "mountPath": "/var/lib/pgsql/data", + "name": "${APPLICATION_NAME}-postgresql-pvol" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ], + "volumes": [ + { + "name": "${APPLICATION_NAME}-postgresql-pvol", + "persistentVolumeClaim": { + "claimName": "${APPLICATION_NAME}-postgresql-claim" + } + } + ] + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql-claim", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-postgresql-s2i.json new file mode 100644 index 000000000..d87f05ea8 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-postgresql-s2i.json @@ -0,0 +1,804 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-postgresql-s2i" + }, + "labels": { + "template": "eap71-postgresql-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 and PostgreSQL based application with SSL support has been created in your project. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "1.3", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "todolist/todolist-jdbc", + "required": false + }, + { + "displayName": "Database JNDI Name", + "description": "Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql", + "name": "DB_JNDI", + "value": "java:jboss/datasources/TodoListDS", + "required": false + }, + { + "displayName": "Database Name", + "description": "Database name", + "name": "DB_DATABASE", + "value": "root", + "required": true + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "Datasource Minimum Pool Size", + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Maximum Pool Size", + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE", + "required": false + }, + { + "displayName": "Datasource Transaction Isolation", + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION", + "required": false + }, + { + "displayName": "PostgreSQL Maximum number of connections", + "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", + "name": "POSTGRESQL_MAX_CONNECTIONS", + "required": false + }, + { + "displayName": "PostgreSQL Shared Buffers", + "description": "Configures how much memory is dedicated to PostgreSQL for caching data.", + "name": "POSTGRESQL_SHARED_BUFFERS", + "required": false + }, + { + "displayName": "A-MQ cluster password", + "description": "A-MQ cluster admin password", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Username", + "description": "Database user name", + "name": "DB_USERNAME", + "from": "user[a-zA-Z0-9]{3}", + "generate": "expression", + "required": true + }, + { + "displayName": "Database Password", + "description": "Database user password", + "name": "DB_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + }, + { + "displayName": "PostgreSQL Image Stream Tag", + "description": "The tag to use for the \"postgresql\" image stream. Typically, this aligns with the major.minor version of PostgreSQL.", + "name": "POSTGRESQL_IMAGE_STREAM_TAG", + "value": "9.5", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port.", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${APPLICATION_NAME}-postgresql\", \"kind\": \"Service\"}]" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The database server's port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "DB_SERVICE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_JNDI", + "value": "${DB_JNDI}" + }, + { + "name": "DB_USERNAME", + "value": "${DB_USERNAME}" + }, + { + "name": "DB_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "DB_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "TX_DATABASE_PREFIX_MAPPING", + "value": "${APPLICATION_NAME}-postgresql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "DEFAULT_JOB_REPOSITORY", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}-postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}-postgresql", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}-postgresql", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 60, + "containers": [ + { + "name": "${APPLICATION_NAME}-postgresql", + "image": "postgresql", + "imagePullPolicy": "Always", + "ports": [ + { + "containerPort": 5432, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DB_USERNAME}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DB_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DB_DATABASE}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-sso-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-sso-s2i.json new file mode 100644 index 000000000..96b3dffc9 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-sso-s2i.json @@ -0,0 +1,816 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 + Single Sign-On (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 Single Sign-On application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration and integrated with Red Hat Single Sign-On.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-sso-s2i" + }, + "labels": { + "template": "eap71-sso-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application with SSL and SSO support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "displayName": "Custom https Route Hostname", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "displayName": "Queues", + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topics", + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "HornetQ Password", + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "URL for SSO", + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "displayName": "URL for SSO (internal service)", + "description": "The URL for the internal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "displayName": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "displayName": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "displayName": "SSO Password", + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "SSO Public Key", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "displayName": "SSO Bearer Only?", + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "displayName": "Artifact Directories", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "displayName": "SSO SAML Keystore Secret", + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "SSO SAML Keystore", + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "SSO SAML Certificate Name", + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "displayName": "SSO SAML Keystore Password", + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "displayName": "SSO Client Secret", + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Enable CORS for SSO?", + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "displayName": "SSO SAML Logout Page", + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "displayName": "Disable SSL Validation in EAP->SSO communication", + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "displayName": "SSO Trust Store", + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "displayName": "SSO Trust Store Password", + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "displayName": "SSO Trust Store Secret", + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + }, + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-third-party-db-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-third-party-db-s2i.json new file mode 100644 index 000000000..a2a7264fb --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/eap71-third-party-db-s2i.json @@ -0,0 +1,650 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-eap", + "tags": "eap,javaee,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss EAP 7.1 (with https, DB drivers)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example EAP 7 DB application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Enterprise Application Server 7.1 based application, including a build configuration, application deployment configuration, using third-party DB drivers and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "eap71-third-party-db-s2i" + }, + "labels": { + "template": "eap71-third-party-db-s2i", + "xpaas": "1.4.7" + }, + "message": "A new EAP 7 based application with SSL support has been created in your project. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets:\"${CONFIGURATION_NAME}\" containing the datasource configuration details required by the deployed application(s); \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications.", + "parameters": [ + { + "displayName": "Application Name", + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "displayName": "Configuration Secret Name", + "description": "The name of the secret containing configuration properties for the datasources.", + "name": "CONFIGURATION_NAME", + "value": "eap-app-config", + "required": true + }, + { + "displayName": "Custom http Route Hostname", + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "displayName": "Custom https Route Hostname", + "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": false + }, + { + "displayName": "Git Repository URL", + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "displayName": "Git Reference", + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "displayName": "Context Directory", + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "datavirt/hibernate-webapp", + "required": false + }, + { + "displayName": "Drivers ImageStreamTag", + "description": "ImageStreamTag definition for the image containing the drivers and configuration, e.g. jboss-datavirt63-openshift:1.0-driver", + "name": "EXTENSIONS_IMAGE", + "value": "jboss-datavirt63-driver-openshift:1.1", + "required": true + }, + { + "displayName": "Drivers ImageStream Namespace", + "description": "Namespace within which the ImageStream definition for the image containing the drivers and configuration is located.", + "name": "EXTENSIONS_IMAGE_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "Drivers Image Install Directory", + "description": "Full path to the directory within the extensions image where the extensions are located (e.g. install.sh, modules/, etc.)", + "name": "EXTENSIONS_INSTALL_DIR", + "value": "/extensions", + "required": true + }, + { + "displayName": "Queue Names", + "description": "Queue names to preconfigure within Messaging subsystem.", + "name": "MQ_QUEUES", + "value": "", + "required": false + }, + { + "displayName": "Topic Names", + "description": "Topic names to preconfigure within Messaging subsystem.", + "name": "MQ_TOPICS", + "value": "", + "required": false + }, + { + "displayName": "Service Account Name", + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { + "displayName": "Server Keystore Secret Name", + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap-app-secret", + "required": true + }, + { + "displayName": "Server Keystore Filename", + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "displayName": "Server Keystore Type", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "displayName": "Server Certificate Name", + "description": "The name associated with the server certificate", + "name": "HTTPS_NAME", + "value": "jboss", + "required": false + }, + { + "displayName": "Server Keystore Password", + "description": "The password for the keystore and certificate", + "name": "HTTPS_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "displayName": "Messaging Cluster Admin Password", + "description": "Admin password for Messaging cluster.", + "name": "MQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Github Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "ImageStream Namespace", + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "displayName": "JGroups Secret Name", + "description": "The name of the secret containing the keystore to be used for securing JGroups communications.", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap-app-secret", + "required": false + }, + { + "displayName": "JGroups Keystore Filename", + "description": "The name of the keystore file within the JGroups secret.", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "displayName": "JGroups Certificate Name", + "description": "The name associated with the JGroups server certificate", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "secret-key", + "required": false + }, + { + "displayName": "JGroups Keystore Password", + "description": "The password for the keystore and certificate", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "password", + "required": false + }, + { + "displayName": "JGroups Cluster Password", + "description": "Password used by JGroups to authenticate nodes in the cluster.", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "displayName": "Deploy Exploded Archives", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "displayName": "Maven mirror URL", + "description": "Maven mirror to use for S2I builds", + "name": "MAVEN_MIRROR_URL", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}", + "images": [ + { + "from": { + "kind": "ImageStreamTag", + "namespace": "${EXTENSIONS_IMAGE_NAMESPACE}", + "name": "${EXTENSIONS_IMAGE}" + }, + "paths": [ + { + "destinationDir": "./${CONTEXT_DIR}/extensions/extras", + "sourcePath": "${EXTENSIONS_INSTALL_DIR}/." + } + ] + } + ] + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "env": [ + { + "name": "MAVEN_MIRROR_URL", + "value": "${MAVEN_MIRROR_URL}" + }, + { + "name": "CUSTOM_INSTALL_DIRECTORIES", + "value": "extensions/*" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + } + ], + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap71-openshift:TP" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ImageChange", + "imageChange": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${EXTENSIONS_IMAGE_NAMESPACE}", + "name": "${EXTENSIONS_IMAGE}" + } + } + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "configuration", + "mountPath": "/etc/eap-environment", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + } + ], + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "ENV_FILES", + "value": "/etc/eap-environment/*" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "MQ_CLUSTER_PASSWORD", + "value": "${MQ_CLUSTER_PASSWORD}" + }, + { + "name": "MQ_QUEUES", + "value": "${MQ_QUEUES}" + }, + { + "name": "MQ_TOPICS", + "value": "${MQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + } + ] + } + ], + "volumes": [ + { + "name": "configuration", + "secret": { + "secretName": "${CONFIGURATION_NAME}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-basic-s2i.json index 4e42e0eca..42e352538 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-basic-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 (no https)" + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 (no https)" }, - "name": "jws30-tomcat7-basic-s2i" + "name": "jws31-tomcat7-basic-s2i" }, "labels": { - "template": "jws30-tomcat7-basic-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat7-basic-s2i", + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", + "message": "A new JWS application for Apache Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", "parameters": [ { "displayName": "Application Name", @@ -195,7 +196,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-https-s2i.json index 71577bec4..b0a81d9c3 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-https-s2i.json @@ -3,19 +3,24 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 (with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example JBoss Web Server application configured for use with https. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 (with https)", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 7 based application, including a build configuration, and application deployment configuration. This also illustrations how to connect to the web applicaiton using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, - "name": "jws30-tomcat8-https-s2i" + "name": "jws31-tomcat7-https-s2i" }, "labels": { - "template": "jws30-tomcat8-https-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat7-https-s2i", + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -277,7 +282,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-mongodb-persistent-s2i.json index de86dd83e..565f97822 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-mongodb-persistent-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + MongoDB (Persistent with https)" - }, - "name": "jws30-tomcat8-mongodb-persistent-s2i" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + MongoDB (with https)", + "description": "An example JBoss Web Server application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 7 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "jws31-tomcat7-mongodb-persistent-s2i" }, - "message": "A new persistent JWS application for Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "labels": { - "template": "jws30-tomcat8-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat7-mongodb-persistent-s2i", + "xpaas": "1.4.7" }, + "message": "A new persistent JWS application for Apache Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -391,7 +395,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-mongodb-s2i.json index 6dc85e226..fc473f5c3 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-mongodb-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MongoDB applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + MongoDB (Ephemeral with https)" + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + MongoDB (Ephemeral with https)" }, - "name": "jws30-tomcat8-mongodb-s2i" + "name": "jws31-tomcat7-mongodb-s2i" }, "labels": { - "template": "jws30-tomcat8-mongodb-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat7-mongodb-s2i", + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -384,7 +385,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-mysql-persistent-s2i.json index 0e96b58a9..1223acd0f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-mysql-persistent-s2i.json @@ -3,19 +3,24 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + MySQL (Persistent with https)" - }, - "name": "jws30-tomcat8-mysql-persistent-s2i" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Red Hat JBoss Web Server 3.1 Apache Tomcat 7 + MySQL (with https)", + "description": "An example JBoss Web Server application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 7 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + + }, + "name": "jws31-tomcat7-mysql-persistent-s2i" }, "labels": { - "template": "jws30-tomcat8-mysql-persistent-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat7-mysql-persistent-s2i", + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -395,7 +400,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-mysql-s2i.json index 553a30a44..39becd41e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-mysql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MySQL applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + MySQL (Ephemeral with https)" + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + MySQL (Ephemeral with https)" }, - "name": "jws30-tomcat7-mysql-s2i" + "name": "jws31-tomcat7-mysql-s2i" }, "labels": { - "template": "jws30-tomcat7-mysql-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat7-mysql-s2i", + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -388,7 +389,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-postgresql-persistent-s2i.json index a5c6c8a56..77f4f8c9f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-postgresql-persistent-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + PostgreSQL (Persistent with https)" - }, - "name": "jws30-tomcat7-postgresql-persistent-s2i" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat7,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + PostgreSQL (with https)", + "description": "An example JBoss Web Server application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "jws31-tomcat7-postgresql-persistent-s2i" }, "labels": { - "template": "jws30-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat7-postgresql-persistent-s2i", + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -377,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-postgresql-s2i.json index 61a3208e4..6d1d7aef7 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat7-postgresql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS PostgreSQL applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + PostgreSQL (Ephemeral with https)" + "tags": "tomcat,tomcat7,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 7 + PostgreSQL (Ephemeral with https)" }, - "name": "jws30-tomcat7-postgresql-s2i" + "name": "jws31-tomcat7-postgresql-s2i" }, "labels": { - "template": "jws30-tomcat7-postgresql-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat7-postgresql-s2i", + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 7 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -370,7 +371,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" + "name": "jboss-webserver31-tomcat7-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-basic-s2i.json index 75d08e99d..9e7dc3488 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-basic-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 (no https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 (no https)", + "description": "An example JBoss Web Server application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, and an application deployment configuration.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "jws30-tomcat8-basic-s2i" + "name": "jws31-tomcat8-basic-s2i" }, "labels": { - "template": "jws30-tomcat8-basic-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat8-basic-s2i", + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", + "message": "A new JWS application for Apache Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}.", "parameters": [ { "displayName": "Application Name", @@ -195,7 +199,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-https-s2i.json index f5fc2e581..8fd5d9fab 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-https-s2i.json @@ -3,19 +3,24 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 (with https)" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 (with https)", + "description": "An example JBoss Web Server application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, - "name": "jws30-tomcat7-https-s2i" + "name": "jws31-tomcat8-https-s2i" }, "labels": { - "template": "jws30-tomcat7-https-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat8-https-s2i", + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -277,7 +282,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-mongodb-persistent-s2i.json index 2a73a182c..f4b11ccfa 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-mongodb-persistent-s2i.json @@ -3,19 +3,24 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MongoDB applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + MongoDB (Persistent with https)" - }, - "name": "jws30-tomcat7-mongodb-persistent-s2i" + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MongoDB (with https)", + "description": "An example JBoss Web Server application with a MongoDB database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, database deployment configuration for MongoDB using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + + }, + "name": "jws31-tomcat8-mongodb-persistent-s2i" }, + "message": "A new persistent JWS application for Apache Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "labels": { - "template": "jws30-tomcat7-mongodb-persistent-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat8-mongodb-persistent-s2i", + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -391,7 +396,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-mongodb-s2i.json index a71dfa634..e2f69f157 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-mongodb-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MongoDB applications built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + MongoDB (Ephemeral with https)" + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MongoDB (Ephemeral with https)" }, - "name": "jws30-tomcat7-mongodb-s2i" + "name": "jws31-tomcat8-mongodb-s2i" }, "labels": { - "template": "jws30-tomcat7-mongodb-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat8-mongodb-s2i", + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 7 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 (using MongoDB) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MongoDB database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD} (Admin password is \"${DB_ADMIN_PASSWORD}\"). Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -384,7 +385,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-mysql-persistent-s2i.json index 9a05dcbd5..579071cb1 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-mysql-persistent-s2i.json @@ -3,19 +3,23 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", - "description": "Application template for JWS MySQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat7,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 7 + MySQL (Persistent with https)" - }, - "name": "jws30-tomcat7-mysql-persistent-s2i" + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MySQL (with https)", + "description": "An example JBoss Web Server application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat JBoss Web Server 3.1 Apache Tomcat 8 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-web-server/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "jws31-tomcat8-mysql-persistent-s2i" }, "labels": { - "template": "jws30-tomcat7-mysql-persistent-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat8-mysql-persistent-s2i", + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 7 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -395,7 +399,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat7-openshift:1.3" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-mysql-s2i.json index 08b040863..e84d61608 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-mysql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS MySQL applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + MySQL (Ephemeral with https)" + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + MySQL (Ephemeral with https)" }, - "name": "jws30-tomcat8-mysql-s2i" + "name": "jws31-tomcat8-mysql-s2i" }, "labels": { - "template": "jws30-tomcat8-mysql-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat8-mysql-s2i", + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 (using MySQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -388,7 +389,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-postgresql-persistent-s2i.json index f117e6624..83a6ca19b 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-postgresql-persistent-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + PostgreSQL (Persistent with https)" + "tags": "tomcat,tomcat8,java,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.1 Apache Tomcat 8 + PostgreSQL (with https)" }, - "name": "jws30-tomcat8-postgresql-persistent-s2i" + "name": "jws31-tomcat8-postgresql-persistent-s2i" }, "labels": { - "template": "jws30-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat8-postgresql-persistent-s2i", + "xpaas": "1.4.7" }, - "message": "A new persistent JWS application for Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new persistent JWS application for Apache Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -377,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-postgresql-s2i.json index faece1269..e28cf8a04 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/jws30-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/jws31-tomcat8-postgresql-s2i.json @@ -3,19 +3,20 @@ "apiVersion": "v1", "metadata": { "annotations": { - "iconClass": "icon-tomcat", + "iconClass": "icon-rh-tomcat", + "openshift.io/provider-display-name": "Red Hat, Inc.", "description": "Application template for JWS PostgreSQL applications built using S2I.", - "tags": "tomcat,tomcat8,java,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss Web Server 3.0 Tomcat 8 + (PostgreSQL with https)" + "tags": "tomcat,tomcat8,java,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss Web Server 3.0 Apache Tomcat 8 + PostgreSQL (Ephemeral with https)" }, - "name": "jws30-tomcat8-postgresql-s2i" + "name": "jws31-tomcat8-postgresql-s2i" }, "labels": { - "template": "jws30-tomcat8-postgresql-s2i", - "xpaas": "1.4.0" + "template": "jws31-tomcat8-postgresql-s2i", + "xpaas": "1.4.7" }, - "message": "A new JWS application for Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", + "message": "A new JWS application for Apache Tomcat 8 (using PostgreSQL) has been created in your project. The username/password for administering your JWS is ${JWS_ADMIN_USERNAME}/${JWS_ADMIN_PASSWORD}. For accessing the PostgreSQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"jws-service-account\" service account and the secret named \"${JWS_HTTPS_SECRET}\" containing the ${JWS_HTTPS_CERTIFICATE} file used for serving secure content.", "parameters": [ { "displayName": "Application Name", @@ -370,7 +371,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-webserver30-tomcat8-openshift:1.3" + "name": "jboss-webserver31-tomcat8-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-camel-amq-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-camel-amq-template.json new file mode 100644 index 000000000..aad649f84 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-camel-amq-template.json @@ -0,0 +1,362 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Camel route using ActiveMQ in Karaf container. This quickstart shows how to use Camel in a Karaf Container using Blueprint to connect to the A-MQ xPaaS message broker on OpenShift that should already be installed, one simple way to run a A-MQ service is following the documentation of the A-MQ xPaaS image for OpenShift related to the amq62-basic template.", + "tags": "quickstart,java,karaf,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-karaf2-camel-amq" + }, + "labels": { + "template": "s2i-karaf2-camel-amq" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-karaf2-camel-amq", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "value": "https://github.com/fabric8-quickstarts/karaf2-camel-amq.git", + "required": true, + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "karaf2-camel-amq-1.0.0.redhat-000019", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "s2i-karaf2-camel-amq", + "description": "Exposed Service name." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000019", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "install -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "ACTIVEMQ_SERVICE_NAME", + "displayName": "ActiveMQ Broker Service", + "required": true, + "value": "broker-amq-tcp", + "description": "Set this to the name of the TCP service of the ActiveMQ broker. You may need to create a broker first." + }, + { + "name": "ACTIVEMQ_USERNAME", + "displayName": "ActiveMQ Broker Username", + "description": "The username used to authenticate with the ActiveMQ broker. Leave it empty if authentication is disabled." + }, + { + "name": "ACTIVEMQ_PASSWORD", + "displayName": "ActiveMQ Broker Password", + "description": "The password used to authenticate with the ActiveMQ broker. Leave it empty if authentication is disabled." + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "MEMORY_REQUEST", + "displayName": "Memory request", + "value": "1.5G", + "required": true, + "description": "The amount of memory required for the container to run." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory limit", + "value": "2G", + "required": true, + "description": "The amount of memory the container is limited to use." + } + ], + "objects": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-karaf-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "container": "karaf", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/readiness-check", + "port" : 8181 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health-check", + "port" : 8181 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8181, + "name": "http" + }, + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + }, { + "name": "ACTIVEMQ_SERVICE_NAME", + "value": "${ACTIVEMQ_SERVICE_NAME}" + }, { + "name": "ACTIVEMQ_USERNAME", + "value": "${ACTIVEMQ_USERNAME}" + }, { + "name": "ACTIVEMQ_PASSWORD", + "value": "${ACTIVEMQ_PASSWORD}" + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}", + "memory": "${MEMORY_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}", + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-camel-log-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-camel-log-template.json new file mode 100644 index 000000000..38b7bc249 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-camel-log-template.json @@ -0,0 +1,336 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "A simple Camel route in Karaf container. This quickstart shows a simple Apache Camel application that logs a message to the server log every 5th second.", + "tags": "quickstart,java,karaf,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-karaf2-camel-log" + }, + "labels": { + "template": "s2i-karaf2-camel-log" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-karaf2-camel-log", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "value": "https://github.com/fabric8-quickstarts/karaf2-camel-log.git", + "required": true, + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "karaf2-camel-log-1.0.0.redhat-000019", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "s2i-karaf2-camel-log", + "description": "Exposed Service name." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000019", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "install -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "MEMORY_REQUEST", + "displayName": "Memory request", + "value": "1.5G", + "required": true, + "description": "The amount of memory required for the container to run." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory limit", + "value": "2G", + "required": true, + "description": "The amount of memory the container is limited to use." + } + ], + "objects": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-karaf-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "container": "karaf", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/readiness-check", + "port" : 8181 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health-check", + "port" : 8181 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8181, + "name": "http" + }, + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}", + "memory": "${MEMORY_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}", + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-camel-rest-sql-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-camel-rest-sql-template.json new file mode 100644 index 000000000..6d9573e5b --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-camel-rest-sql-template.json @@ -0,0 +1,421 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Camel example using Rest DSL with SQL Database in Karaf container. This example demonstrates how to use SQL via JDBC along with Camel's REST DSL to expose a RESTful API. The OpenShift MySQL container image should already be installed and running on your OpenShift installation, one simple way to run a MySQL service is following the documentation of the Openshift MySQL container image related to the mysql-ephemeral template..", + "tags": "quickstart,java,karaf,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-karaf2-camel-rest-sql" + }, + "labels": { + "template": "s2i-karaf2-camel-rest-sql" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-karaf2-camel-rest-sql", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "value": "https://github.com/fabric8-quickstarts/karaf2-camel-rest-sql.git", + "required": true, + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "karaf2-camel-rest-sql-1.0.0.redhat-000019", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "s2i-karaf2-camel-rest", + "description": "Exposed Service name." + }, + { + "name": "MYSQL_SERVICE_NAME", + "displayName": "MySQL Server Service", + "required": true, + "value": "mysql", + "description": "Set this to the name of the TCP service of the MySQL server. You may need to create a server first." + }, + { + "name": "MYSQL_SERVICE_DATABASE", + "displayName": "MySQL Server Database", + "required": true, + "value": "sampledb", + "description": "The database hosted by the MySQL server to be used by the application." + }, + { + "name": "MYSQL_SERVICE_USERNAME", + "displayName": "MySQL Server Username", + "description": "The username used to authenticate with the MySQL server. Leave it empty if authentication is disabled." + }, + { + "name": "MYSQL_SERVICE_PASSWORD", + "displayName": "MySQL Server Password", + "description": "The password used to authenticate with the MySQL server. Leave it empty if authentication is disabled." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000019", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "install -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "MEMORY_REQUEST", + "displayName": "Memory request", + "value": "1.5G", + "required": true, + "description": "The amount of memory required for the container to run." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory limit", + "value": "2G", + "required": true, + "description": "The amount of memory the container is limited to use." + } + ], + "objects": [ + { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "labels": { + "container": "karaf", + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}-route" + }, + "spec": { + "to": { + "kind": "Service", + "name": "${SERVICE_NAME}" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + }, + "labels": { + "container": "karaf", + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}" + }, + "spec": { + "clusterIP": "None", + "deprecatedPublicIPs": [], + "ports": [ + { + "port": 9411, + "protocol": "TCP", + "targetPort": 8181 + } + ], + "selector": { + "container": "karaf", + "project": "${APP_NAME}", + "component": "${APP_NAME}", + "provider": "s2i", + "group": "quickstarts" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-karaf-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "container": "karaf", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/readiness-check", + "port" : 8181 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health-check", + "port" : 8181 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8181, + "name": "http" + }, + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + } , { + "name": "MYSQL_SERVICE_NAME", + "value": "${MYSQL_SERVICE_NAME}" + }, { + "name": "MYSQL_SERVICE_DATABASE", + "value": "${MYSQL_SERVICE_DATABASE}" + }, { + "name": "MYSQL_SERVICE_USERNAME", + "value": "${MYSQL_SERVICE_USERNAME}" + }, { + "name": "MYSQL_SERVICE_PASSWORD", + "value": "${MYSQL_SERVICE_PASSWORD}" + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}", + "memory": "${MEMORY_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}", + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-cxf-rest-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-cxf-rest-template.json new file mode 100644 index 000000000..fdc0c00e5 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/karaf2-cxf-rest-template.json @@ -0,0 +1,385 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "REST example using CXF in Karaf container. This quickstart demonstrates how to create a RESTful (JAX-RS) web service using CXF and expose it through the OSGi HTTP Service", + "tags": "quickstart,java,karaf,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-karaf2-cxf-rest" + }, + "labels": { + "template": "s2i-karaf2-cxf-rest" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-karaf2-cxf-rest", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "value": "https://github.com/fabric8-quickstarts/karaf2-cxf-rest.git", + "required": true, + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "karaf2-cxf-rest-1.0.0.redhat-000019", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "s2i-karaf2-cxf-rest", + "description": "Exposed Service name." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000019", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "install -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "MEMORY_REQUEST", + "displayName": "Memory request", + "value": "1.5G", + "required": true, + "description": "The amount of memory required for the container to run." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory limit", + "value": "2G", + "required": true, + "description": "The amount of memory the container is limited to use." + } + ], + "objects": [ + { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "labels": { + "container": "java", + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}-route" + }, + "spec": { + "to": { + "kind": "Service", + "name": "${SERVICE_NAME}" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + }, + "labels": { + "container": "karaf", + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}" + }, + "spec": { + "clusterIP": "None", + "deprecatedPublicIPs": [], + "ports": [ + { + "port": 9412, + "protocol": "TCP", + "targetPort": 8181 + } + ], + "selector": { + "container": "karaf", + "project": "${APP_NAME}", + "component": "${APP_NAME}", + "provider": "s2i", + "group": "quickstarts" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-karaf-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "container": "karaf", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "container": "karaf", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/readiness-check", + "port" : 8181 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health-check", + "port" : 8181 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8181, + "name": "http" + }, + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}", + "memory": "${MEMORY_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}", + "memory": "${MEMORY_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/openjdk18-web-basic-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/openjdk18-web-basic-s2i.json new file mode 100644 index 000000000..6336f0398 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/openjdk18-web-basic-s2i.json @@ -0,0 +1,272 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass": "icon-rh-openjdk", + "tags": "java", + "version": "1.4.7", + "openshift.io/display-name": "OpenJDK 8", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example Java application using OpenJDK 8. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat OpenJDK Java 8 based application.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "openjdk18-web-basic-s2i" + }, + "labels": { + "template": "openjdk18-web-basic-s2i", + "xpaas": "1.4.7" + }, + "message": "A new java application has been created in your project.", + "parameters": [ + { + "description": "The name for the application.", + "displayName": "Application Name", + "name": "APPLICATION_NAME", + "value": "openjdk-app", + "required": true + }, + { + "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "displayName": "Custom http Route Hostname", + "name": "HOSTNAME_HTTP", + "value": "", + "required": false + }, + { + "description": "Git source URI for application", + "displayName": "Git Repository URL", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/jboss-openshift/openshift-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "displayName": "Git Reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "master", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "displayName": "Context Directory", + "name": "CONTEXT_DIR", + "value": "undertow-servlet", + "required": false + }, + { + "description": "GitHub trigger secret", + "displayName": "Github Webhook Secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "displayName": "Generic Webhook Secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "displayName": "ImageStream Namespace", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The application's http port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "redhat-openjdk18-openshift:1.2" + } + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "env": [ + ], + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + } + ] + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-amq-mysql-persistent-s2i.json index d1705c88c..9ef04ae71 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-amq-mysql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + A-MQ + MySQL (Persistent with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "processserver63-amq-mysql-persistent-s2i" + "name": "processserver64-amq-mysql-persistent-s2i" }, "labels": { - "template": "processserver63-amq-mysql-persistent-s2i", - "xpaas": "1.4.0" + "template": "processserver64-amq-mysql-persistent-s2i", + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using MySQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -543,7 +547,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -996,7 +1000,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-63:1.2" } } }, @@ -1021,7 +1025,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "jboss-amq-62", + "image": "jboss-amq-63", "imagePullPolicy": "Always", "volumeMounts": [ { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-amq-mysql-s2i.json index 665cb76a3..4cb45db42 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-amq-mysql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + A-MQ + MySQL (Ephemeral with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "processserver63-amq-mysql-s2i" + "name": "processserver64-amq-mysql-s2i" }, "labels": { - "template": "processserver63-amq-mysql-s2i", - "xpaas": "1.4.0" + "template": "processserver64-amq-mysql-s2i", + "xpaas": "1.4.7" }, "message": "A new BPMS application (using MySQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -529,7 +533,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -912,7 +916,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-63:1.2" } } }, @@ -937,7 +941,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "jboss-amq-62", + "image": "jboss-amq-63", "imagePullPolicy": "Always", "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-amq-postgresql-persistent-s2i.json index 5a395a0f3..56fefcc0a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-amq-postgresql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + A-MQ + PostgreSQL (Persistent with https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "processserver63-amq-postgresql-persistent-s2i" + "name": "processserver64-amq-postgresql-persistent-s2i" }, "labels": { - "template": "processserver63-amq-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "template": "processserver64-amq-postgresql-persistent-s2i", + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using PostgreSQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -525,7 +529,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -966,7 +970,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-63:1.2" } } }, @@ -991,7 +995,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "jboss-amq-62", + "image": "jboss-amq-63", "imagePullPolicy": "Always", "volumeMounts": [ { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-amq-postgresql-s2i.json index e7c5efdc9..bb8d2df28 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-amq-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-amq-postgresql-s2i.json @@ -3,17 +3,22 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server AMQ and PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + A-MQ + PostgreSQL (Ephemeral with https)" - }, - "name": "processserver63-amq-postgresql-s2i" + "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server AMQ and PostgreSQL applications built using S2I.", + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + A-MQ + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with A-MQ and a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, Red Hat A-MQ for messaging broker, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "processserver64-amq-postgresql-s2i" }, "labels": { - "template": "processserver63-amq-postgresql-s2i", - "xpaas": "1.4.0" + "template": "processserver64-amq-postgresql-s2i", + "xpaas": "1.4.7" }, "message": "A new BPMS application (using PostgreSQL and A-MQ) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. And for the A-MQ service use the credentials ${MQ_USERNAME}/${MQ_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -511,7 +516,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-processserver64-openshift:1.1" } } }, @@ -882,7 +887,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-amq-62:1.4" + "name": "jboss-amq-63:1.2" } } }, @@ -907,7 +912,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "jboss-amq-62", + "image": "jboss-amq-63", "imagePullPolicy": "Always", "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-basic-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-basic-s2i.json index e70d20a6e..1b7cc8cf1 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-basic-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server (no https)" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server (no https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration and insecure communication using http.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "processserver63-basic-s2i" + "name": "processserver64-basic-s2i" }, "labels": { - "template": "processserver63-basic-s2i", - "xpaas": "1.4.0" + "template": "processserver64-basic-s2i", + "xpaas": "1.4.7" }, "message": "A new BPMS application has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}.", "parameters": [ @@ -234,7 +238,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-mysql-persistent-s2i.json index f76b07b0b..1a4d0887c 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-mysql-persistent-s2i.json @@ -3,17 +3,22 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + MySQL (Persistent with https)" - }, - "name": "processserver63-mysql-persistent-s2i" + "description": "Application template for Red Hat JBoss BPM Suite 6.4 intelligent process server MySQL applications with persistent storage built using S2I.", + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + MySQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "processserver64-mysql-persistent-s2i" }, "labels": { - "template": "processserver63-mysql-persistent-s2i", - "xpaas": "1.4.0" + "template": "processserver64-mysql-persistent-s2i", + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using MySQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -455,7 +460,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-mysql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-mysql-s2i.json index a3be02eab..7c491d832 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-mysql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server MySQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + MySQL (Ephemeral with https)" - }, - "name": "processserver63-mysql-s2i" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + MySQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for MySQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "processserver64-mysql-s2i" }, "labels": { - "template": "processserver63-mysql-s2i", - "xpaas": "1.4.0" + "template": "processserver64-mysql-s2i", + "xpaas": "1.4.7" }, "message": "A new BPMS application (using MySQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -448,7 +452,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-postgresql-persistent-s2i.json index 361b177f9..8965ea41f 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-postgresql-persistent-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications with persistent storage built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + PostgreSQL (Persistent with https)" - }, - "name": "processserver63-postgresql-persistent-s2i" + "iconClass": "icon-processserver", + "tags": "processserver,jboss", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + PostgreSQL (with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using persistence and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "processserver64-postgresql-persistent-s2i" }, "labels": { - "template": "processserver63-postgresql-persistent-s2i", - "xpaas": "1.4.0" + "template": "processserver64-postgresql-persistent-s2i", + "xpaas": "1.4.7" }, "message": "A new persistent BPMS application (using PostgreSQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -437,7 +441,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-postgresql-s2i.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-postgresql-s2i.json index 451915a1d..e21f0ce4e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/processserver63-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/processserver64-postgresql-s2i.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for Red Hat JBoss BPM Suite 6.3 intelligent process server PostgreSQL applications built using S2I.", - "iconClass": "icon-jboss", - "tags": "processserver,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat JBoss BPM Suite 6.3 intelligent process server + PostgreSQL (Ephemeral with https)" - }, - "name": "processserver63-postgresql-s2i" + "iconClass": "icon-processserver", + "tags": "processserver,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "JBoss BPM Suite 6.4 intelligent process server + PostgreSQL (Ephemeral with https)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example BPM Suite application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Business Process Suite intelligent process server 6.4 based application, including a build configuration, application deployment configuration, database deployment configuration for PostgreSQL using ephemeral (temporary) storage and secure communication using https.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-jboss-bpm-suite/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "processserver64-postgresql-s2i" }, "labels": { - "template": "processserver63-postgresql-s2i", - "xpaas": "1.4.0" + "template": "processserver64-postgresql-s2i", + "xpaas": "1.4.7" }, "message": "A new BPMS application (using PostgreSQL) has been created in your project. The username/password for accessing the KIE Server REST or JMS interface is ${KIE_SERVER_USER}/${KIE_SERVER_PASSWORD}. For accessing the MySQL database \"${DB_DATABASE}\" use the credentials ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"processserver-service-account\" service account and the secret named \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content.", "parameters": [ @@ -430,7 +434,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-processserver63-openshift:1.4" + "name": "jboss-processserver64-openshift:1.1" } } }, diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-amq-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-amq-template.json new file mode 100644 index 000000000..2c1a73a29 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-amq-template.json @@ -0,0 +1,331 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Spring Boot, Camel and ActiveMQ QuickStart. This quickstart demonstrates how to connect a Spring-Boot application to an ActiveMQ broker and use JMS messaging between two Camel routes using OpenShift. In this example we will use two containers, one container to run as a ActiveMQ broker, and another as a client to the broker, where the Camel routes are running. This quickstart requires the ActiveMQ broker has been deployed and running first, one simple way to run a A-MQ service is following the documentation of the A-MQ xPaaS image for OpenShift related to the amq62-basic template", + "tags": "quickstart,java,springboot,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-spring-boot-camel-amq" + }, + "labels": { + "template": "s2i-spring-boot-camel-amq" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-spring-boot-camel-amq", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "required": true, + "value": "https://github.com/fabric8-quickstarts/spring-boot-camel-amq.git", + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "spring-boot-camel-amq-1.0.0.redhat-000064", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "ACTIVEMQ_SERVICE_NAME", + "displayName": "ActiveMQ Broker Service", + "required": true, + "value": "broker-amq-tcp", + "description": "Set this to the name of the TCP service of the ActiveMQ broker. You may need to create a broker first." + }, + { + "name": "ACTIVEMQ_BROKER_USERNAME", + "displayName": "ActiveMQ Broker Username", + "description": "The username used to authenticate with the ActiveMQ broker. Leave it empty if authentication is disabled." + }, + { + "name": "ACTIVEMQ_BROKER_PASSWORD", + "displayName": "ActiveMQ Broker Password", + "description": "The password used to authenticate with the ActiveMQ broker. Leave it empty if authentication is disabled." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000064", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "package -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + } + ], + "objects": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-java-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + } , { + "name": "ACTIVEMQ_SERVICE_NAME", + "value": "${ACTIVEMQ_SERVICE_NAME}" + }, { + "name": "ACTIVEMQ_BROKER_USERNAME", + "value": "${ACTIVEMQ_BROKER_USERNAME}" + }, { + "name": "ACTIVEMQ_BROKER_PASSWORD", + "value": "${ACTIVEMQ_BROKER_PASSWORD}" + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-config-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-config-template.json new file mode 100644 index 000000000..b62e768b6 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-config-template.json @@ -0,0 +1,327 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Spring Boot and Camel using ConfigMaps and Secrets. This quickstart demonstrates how to configure a Spring-Boot application using OpenShift ConfigMaps and Secrets. This example requires that a ConfigMap named camel-config and a Secret named camel-config are present in the namespace before the application is deployed, instruction about how to manually create them can be found here: https://github.com/fabric8-quickstarts/spring-boot-camel-config/blob/fis-2.0.x.redhat/README.redhat.md ", + "tags": "quickstart,java,springboot,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-spring-boot-camel-config" + }, + "labels": { + "template": "s2i-spring-boot-camel-config" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-spring-boot-camel-config", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "required": true, + "value": "https://github.com/fabric8-quickstarts/spring-boot-camel-config.git", + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "spring-boot-camel-config-1.0.0.redhat-000014", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "SERVICE_ACCOUNT_NAME", + "displayName": "Service Account", + "value": "qs-camel-config", + "required": true, + "description": "The Service Account that will be used to run the container. It must be already present in Openshift and have the view role." + }, + { + "name": "SECRET_NAME", + "displayName": "Secret Name", + "value": "camel-config", + "required": true, + "description": "The name of the Openshift Secret that will be used to configure the application. It must be already present in Openshift." + }, + { + "name": "CONFIGMAP_NAME", + "displayName": "ConfigMap Name", + "value": "camel-config", + "required": true, + "description": "The name of the Openshift ConfigMap that will be used to configure the application. It must be already present in Openshift." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000014", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "package -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + } + ], + "objects": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-java-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "volumes": [ + { + "name": "camel-config", + "secret": { + "secretName": "${SECRET_NAME}" + } + } + ], + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + }, { + "name": "SPRING_CLOUD_KUBERNETES_SECRETS_NAME", + "value": "${SECRET_NAME}" + }, { + "name": "SPRING_CLOUD_KUBERNETES_CONFIG_NAME", + "value": "${CONFIGMAP_NAME}" + } ], + "resources": {}, + "volumeMounts": [ + { + "name": "camel-config", + "readOnly": true, + "mountPath": "/etc/secrets/camel-config" + } + ] + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-drools-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-drools-template.json new file mode 100644 index 000000000..91081e493 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-drools-template.json @@ -0,0 +1,334 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Spring-Boot, Camel and JBoss BRMS QuickStart. This example demonstrates how you can use Apache Camel and JBoss BRMS with Spring Boot on OpenShift. DRL files contain simple rules which are used to create knowledge session via Spring configuration file. Camel routes, defined via Spring as well, are then used to e.g. pass (insert) the Body of the message as a POJO to Drools engine for execution. A Kie Server should be deployed and configured before running the application, more information about how to configure it can be found at https://github.com/fabric8-quickstarts/spring-boot-camel-drools/blob/fis-2.0.x.redhat/README.redhat.md", + "tags": "quickstart,java,springboot,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-spring-boot-camel-drools" + }, + "labels": { + "template": "s2i-spring-boot-camel-drools" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-spring-boot-camel-drools", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "required": true, + "value": "https://github.com/fabric8-quickstarts/spring-boot-camel-drools.git", + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "spring-boot-camel-drools-1.0.0.redhat-000063", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "KIESERVER_SERVICE", + "displayName": "Decision Server Name", + "required": true, + "value": "kie-app", + "description": "Set this to the name of the Decision Server. You may need to create an instance before." + }, + { + "name": "KIESERVER_USERNAME", + "displayName": "Decision Server Username", + "required": true, + "value": "kieserver", + "description": "The username used to authenticate with the Decision Server." + }, + { + "name": "KIESERVER_PASSWORD", + "displayName": "Decision Server Password", + "required": true, + "description": "The password used to authenticate with the Decision Server." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000063", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "package -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + } + ], + "objects": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-java-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + }, { + "name": "KIESERVER_SERVICE", + "value": "${KIESERVER_SERVICE}" + }, { + "name": "KIESERVER_USERNAME", + "value": "${KIESERVER_USERNAME}" + }, { + "name": "KIESERVER_PASSWORD", + "value": "${KIESERVER_PASSWORD}" + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-infinispan-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-infinispan-template.json new file mode 100644 index 000000000..8d97400ab --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-infinispan-template.json @@ -0,0 +1,315 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Spring Boot, Camel and JBoss Data Grid QuickStart. This quickstart demonstrates how to connect a Spring-Boot application to a JBoss Data Grid (or Infinispan) server using the Hot Rod protocol. It requires that the data grid server (or cluster) has been deployed first, one simple way to run a JDG service is following the documentation of the JDG xPaaS image for OpenShift related to the datagrid65-basic template.", + "tags": "quickstart,java,springboot,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-spring-boot-camel-infinispan" + }, + "labels": { + "template": "s2i-spring-boot-camel-infinispan" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-spring-boot-camel-infinispan", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "required": true, + "value": "https://github.com/fabric8-quickstarts/spring-boot-camel-infinispan.git", + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "spring-boot-camel-infinispan-1.0.0.redhat-000033", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "INFINISPAN_SERVICE", + "displayName": "JBoss Data Grid Service (Hot Rod)", + "required": true, + "value": "datagrid-app-hotrod", + "description": "Set this to the name of the Hot Rod service of the JBoss Data Grid. You may need to create the data grid first." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000033", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "package -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + } + ], + "objects": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-java-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + } , { + "name": "INFINISPAN_SERVICE", + "value": "${INFINISPAN_SERVICE}" + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-rest-sql-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-rest-sql-template.json new file mode 100644 index 000000000..bf722844c --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-rest-sql-template.json @@ -0,0 +1,403 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Spring Boot, Camel REST DSL and MySQL QuickStart. This quickstart demonstrates how to connect a Spring Boot application to a MySQL database and expose a REST API with Camel on OpenShift. In this example we will use two containers, one container to run as a MySQL server, and another as a client to the database, where the Camel routes are running. This quickstart requires the MySQL server to be deployed and started first, one simple way to run a MySQL service is following the documentation of the OpenShift MySQL container image related to the mysql-ephemeral template.", + "tags": "quickstart,java,springboot,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-spring-boot-camel-rest-sql" + }, + "labels": { + "template": "s2i-spring-boot-camel-rest-sql" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-spring-boot-camel-rest-sql", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "required": true, + "value": "https://github.com/fabric8-quickstarts/spring-boot-camel-rest-sql.git", + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "spring-boot-camel-rest-sql-1.0.0.redhat-000064", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "camel-rest-sql", + "description": "Exposed service name." + }, + { + "name": "MYSQL_SERVICE_NAME", + "displayName": "MySQL Server Service", + "required": true, + "value": "mysql", + "description": "Set this to the name of the TCP service of the MySQL server. You may need to create a server first." + }, + { + "name": "MYSQL_SERVICE_DATABASE", + "displayName": "MySQL Server Database", + "value": "sampledb", + "description": "The database hosted by the MySQL server to be used by the application." + }, + { + "name": "MYSQL_SERVICE_USERNAME", + "displayName": "MySQL Server Username", + "description": "The username used to authenticate with the MySQL server. Leave it empty if authentication is disabled." + }, + { + "name": "MYSQL_SERVICE_PASSWORD", + "displayName": "MySQL Server Password", + "description": "The password used to authenticate with the MySQL server. Leave it empty if authentication is disabled." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000064", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "package -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + } + ], + "objects": [ + { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}-route" + }, + "spec": { + "to": { + "kind": "Service", + "name": "${SERVICE_NAME}" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + }, + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}" + }, + "spec": { + "clusterIP": "None", + "deprecatedPublicIPs": [], + "ports": [ + { + "port": 9411, + "protocol": "TCP", + "targetPort": 8080 + } + ], + "selector": { + "project": "${APP_NAME}", + "component": "${APP_NAME}", + "provider": "s2i", + "group": "quickstarts" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-java-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8080, + "name": "http" + }, + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + } , { + "name": "MYSQL_SERVICE_NAME", + "value": "${MYSQL_SERVICE_NAME}" + }, { + "name": "MYSQL_SERVICE_DATABASE", + "value": "${MYSQL_SERVICE_DATABASE}" + }, { + "name": "MYSQL_SERVICE_USERNAME", + "value": "${MYSQL_SERVICE_USERNAME}" + }, { + "name": "MYSQL_SERVICE_PASSWORD", + "value": "${MYSQL_SERVICE_PASSWORD}" + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-teiid-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-teiid-template.json new file mode 100644 index 000000000..856264615 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-teiid-template.json @@ -0,0 +1,343 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Spring-Boot, Camel and JBoss Data Virtualization QuickStart. This example demonstrates how to connect Apache Camel to a remote JBoss Data Virtualization (or Teiid) Server using the JDBC protocol. This quickstart assumes that the JDV server is already running and configured on OpenShift, more information about to setup a JDV server can be found at https://github.com/fabric8-quickstarts/spring-boot-camel-teiid/blob/fis-2.0.x.redhat/README.redhat.md", + "tags": "quickstart,java,springboot,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-spring-boot-camel-teiid" + }, + "labels": { + "template": "s2i-spring-boot-camel-teiid" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-spring-boot-camel-teiid", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "required": true, + "value": "https://github.com/fabric8-quickstarts/spring-boot-camel-teiid.git", + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "spring-boot-camel-teiid-1.0.0.redhat-000062", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "TEIID_SERVICE_NAME", + "displayName": "JDV Server Name", + "required": true, + "value": "datavirt-app", + "description": "Set this to the name of the JDV Server. You may need to create an instance before." + }, + { + "name": "TEIID_PORT_NAME", + "displayName": "JDV Port Name", + "value": "jdbc", + "description": "Set this to the name of the JDV port to use. Set this value if the JDV service contains multiple named ports." + }, + { + "name": "TEIID_USERNAME", + "displayName": "JDV Server Username", + "required": true, + "description": "The username used to authenticate with the JDV Server." + }, + { + "name": "TEIID_PASSWORD", + "displayName": "JDV Server Password", + "required": true, + "description": "The password used to authenticate with the JDV Server." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000062", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "package -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + } + ], + "objects": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-java-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ + { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + }, { + "name": "TEIID_SERVICE_NAME", + "value": "${TEIID_SERVICE_NAME}" + }, { + "name": "TEIID_PORT_NAME", + "value": "${TEIID_PORT_NAME}" + }, { + "name": "TEIID_USERNAME", + "value": "${TEIID_USERNAME}" + }, { + "name": "TEIID_PASSWORD", + "value": "${TEIID_PASSWORD}" + }], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-template.json new file mode 100644 index 000000000..9c0fe287e --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-template.json @@ -0,0 +1,305 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Spring-Boot and Camel QuickStart. This example demonstrates how you can use Apache Camel with Spring Boot on Openshift. The quickstart uses Spring Boot to configure a little application that includes a Camel route that triggeres a message every 5th second, and routes the message to a log.", + "tags": "quickstart,java,springboot,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-spring-boot-camel" + }, + "labels": { + "template": "s2i-spring-boot-camel" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-spring-boot-camel", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "required": true, + "value": "https://github.com/fabric8-quickstarts/spring-boot-camel.git", + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "spring-boot-camel-1.0.0.redhat-000064", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000064", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "package -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + } + ], + "objects": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-java-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-xml-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-xml-template.json new file mode 100644 index 000000000..87c0e347a --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-camel-xml-template.json @@ -0,0 +1,305 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Spring-Boot and Camel Xml QuickStart. This example demonstrates how you can use Apache Camel with Spring Boot on Openshift. The quickstart uses Spring Boot to configure a little application that includes a Camel route (in Spring xml) that triggeres a message every 5th second, and routes the message to a log.", + "tags": "quickstart,java,springboot,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-spring-boot-camel-xml" + }, + "labels": { + "template": "s2i-spring-boot-camel-xml" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-spring-boot-camel-xml", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "required": true, + "value": "https://github.com/fabric8-quickstarts/spring-boot-camel-xml.git", + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "spring-boot-camel-xml-1.0.0.redhat-000064", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000064", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "package -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + } + ], + "objects": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-java-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-cxf-jaxrs-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-cxf-jaxrs-template.json new file mode 100644 index 000000000..8b0261035 --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-cxf-jaxrs-template.json @@ -0,0 +1,364 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Spring-Boot and CXF JAXRS QuickStart. This example demonstrates how you can use Apache CXF JAXRS with Spring Boot on Openshift. The quickstart uses Spring Boot to configure a little application that includes a CXF JAXRS endpoint with Swagger enabled.", + "tags": "quickstart,java,springboot,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-spring-boot-cxf-jaxrs" + }, + "labels": { + "template": "s2i-spring-boot-cxf-jaxrs" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-spring-boot-cxf-jaxrs", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "required": true, + "value": "https://github.com/fabric8-quickstarts/spring-boot-cxf-jaxrs.git", + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "spring-boot-cxf-jaxrs-1.0.0.redhat-000014", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "cxf-jaxrs", + "description": "Exposed service name." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000014", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "package -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + } + ], + "objects": [ + { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}-route" + }, + "spec": { + "to": { + "kind": "Service", + "name": "${SERVICE_NAME}" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + }, + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}" + }, + "spec": { + "clusterIP": "None", + "deprecatedPublicIPs": [], + "ports": [ + { + "port": 9413, + "protocol": "TCP", + "targetPort": 8080 + } + ], + "selector": { + "project": "${APP_NAME}", + "component": "${APP_NAME}", + "provider": "s2i", + "group": "quickstarts" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-java-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-cxf-jaxws-template.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-cxf-jaxws-template.json new file mode 100644 index 000000000..8b36f5f0b --- /dev/null +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/spring-boot-cxf-jaxws-template.json @@ -0,0 +1,364 @@ +{ + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "annotations": { + "description": "Spring-Boot and CXF JAXWS QuickStart. This example demonstrates how you can use Apache CXF JAXWS with Spring Boot on Openshift. The quickstart uses Spring Boot to configure a little application that includes a CXF JAXWS endpoint.", + "tags": "quickstart,java,springboot,fis", + "iconClass": "icon-jboss", + "version": "2.0" + }, + "name": "s2i-spring-boot-cxf-jaxws" + }, + "labels": { + "template": "s2i-spring-boot-cxf-jaxws" + }, + "parameters": [ + { + "name": "APP_NAME", + "displayName": "Application Name", + "required": true, + "value": "s2i-spring-boot-cxf-jaxws", + "description": "The name assigned to the application." + }, + { + "name": "GIT_REPO", + "displayName": "Git Repository URL", + "required": true, + "value": "https://github.com/fabric8-quickstarts/spring-boot-cxf-jaxws.git", + "description": "The URL of the repository with your application source code." + }, + { + "name": "GIT_REF", + "displayName": "Git Reference", + "value": "spring-boot-cxf-jaxws-1.0.0.redhat-000014", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch." + }, + { + "name": "SERVICE_NAME", + "displayName": "Service Name", + "value": "cxf-jaxws", + "description": "Exposed service name." + }, + { + "name": "BUILDER_VERSION", + "displayName": "Builder version", + "value": "2.0", + "description": "The version of the FIS S2I builder image to use." + }, + { + "name": "APP_VERSION", + "displayName": "Application Version", + "value": "1.0.0.redhat-000014", + "description": "The application version." + }, + { + "name": "MAVEN_ARGS", + "displayName": "Maven Arguments", + "value": "package -DskipTests -Dfabric8.skip -e -B", + "description": "Arguments passed to mvn in the build." + }, + { + "name": "MAVEN_ARGS_APPEND", + "displayName": "Extra Maven Arguments", + "description": "Extra arguments passed to mvn, e.g. for multi-module builds." + }, + { + "name": "ARTIFACT_DIR", + "displayName": "Maven build directory", + "description": "Directory of the artifact to be built, e.g. for multi-module builds." + }, + { + "name": "IMAGE_STREAM_NAMESPACE", + "displayName": "Image Stream Namespace", + "value": "openshift", + "required": true, + "description": "Namespace in which the Fuse ImageStreams are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project." + }, + { + "name": "BUILD_SECRET", + "displayName": "Git Build Secret", + "generate": "expression", + "description": "The secret needed to trigger a build.", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "CPU_REQUEST", + "displayName": "CPU request", + "value": "0.2", + "required": true, + "description": "The amount of CPU to requests." + }, + { + "name": "CPU_LIMIT", + "displayName": "CPU limit", + "value": "1.0", + "required": true, + "description": "The amount of CPU the container is limited to use." + } + ], + "objects": [ + { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}-route" + }, + "spec": { + "to": { + "kind": "Service", + "name": "${SERVICE_NAME}" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "annotations": { + }, + "labels": { + "component": "${APP_NAME}", + "provider": "s2i", + "project": "${APP_NAME}", + "version": "${APP_VERSION}", + "group": "quickstarts" + }, + "name": "${SERVICE_NAME}" + }, + "spec": { + "clusterIP": "None", + "deprecatedPublicIPs": [], + "ports": [ + { + "port": 9414, + "protocol": "TCP", + "targetPort": 8080 + } + ], + "selector": { + "project": "${APP_NAME}", + "component": "${APP_NAME}", + "provider": "s2i", + "group": "quickstarts" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": {}, + "status": { + "dockerImageRepository": "" + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${BUILD_SECRET}" + } + }, + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChange": {} + } + ], + "source": { + "type": "Git", + "git": { + "uri": "${GIT_REPO}", + "ref": "${GIT_REF}" + } + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "fis-java-openshift:${BUILDER_VERSION}" + }, + "forcePull": true, + "incremental": true, + "env": [ + { + "name": "BUILD_LOGLEVEL", + "value": "5" + }, + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS", + "value": "${MAVEN_ARGS}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "${MAVEN_ARGS_APPEND}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + }, + "resources": {} + }, + "status": { + "lastVersion": 0 + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APP_NAME}", + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "strategy": { + "resources": {} + }, + "triggers": [ + { + "type": "ConfigChange" + }, + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APP_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APP_NAME}:latest" + } + } + } + ], + "replicas": 1, + "selector": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + }, + "template": { + "metadata": { + "creationTimestamp": null, + "labels": { + "component": "${APP_NAME}", + "deploymentconfig": "${APP_NAME}", + "group": "quickstarts", + "project": "${APP_NAME}", + "provider": "s2i", + "version": "${APP_VERSION}" + } + }, + "spec": { + "containers": [ + { + "name": "${APP_NAME}", + "image": "library/${APP_NAME}:latest", + "readinessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 10 + }, + "livenessProbe" : { + "httpGet" : { + "path" : "/health", + "port" : 8081 + }, + "initialDelaySeconds" : 180 + }, + "ports": [ + { + "containerPort": 8778, + "name": "jolokia" + } + ], + "env" : [ { + "name" : "KUBERNETES_NAMESPACE", + "valueFrom" : { + "fieldRef" : { + "fieldPath" : "metadata.namespace" + } + } + } ], + "resources": { + "requests": { + "cpu": "${CPU_REQUEST}" + }, + "limits": { + "cpu": "${CPU_LIMIT}" + } + } + } + ] + } + } + }, + "status": {} + } + ] +} diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-https.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/sso71-https.json index 5e956f449..26dd26624 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-https.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/sso71-https.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.0", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" }, - "name": "sso70-https" + "name": "sso71-https" }, "labels": { - "template": "sso70-https", - "xpaas": "1.4.0" + "template": "sso71-https", + "xpaas": "1.4.7" }, "message": "A new SSO service has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -316,7 +320,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.4" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -379,7 +383,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/sso71-mysql-persistent.json index 0fb2703c7..7092bb65e 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/sso71-mysql-persistent.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.0 MySQL applications with persistent storage", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0 + MySQL (Persistent)" - }, - "name": "sso70-mysql-persistent" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + MySQL", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for MySQL using persistence.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "sso71-mysql-persistent" }, "labels": { - "template": "sso70-mysql-persistent", - "xpaas": "1.4.0" + "template": "sso71-mysql-persistent", + "xpaas": "1.4.7" }, "message": "A new persistent SSO service (using MySQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -416,7 +420,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.4" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -479,7 +483,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/sso71-mysql.json index 9beae806b..d90f0a0cc 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-mysql.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/sso71-mysql.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.0 MySQL applications", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0 + MySQL (Ephemeral)" - }, - "name": "sso70-mysql" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + MySQL (Ephemeral)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a MySQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for MySQL using ephemeral (temporary) storage.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "sso71-mysql" }, "labels": { - "template": "sso70-mysql", - "xpaas": "1.4.0" + "template": "sso71-mysql", + "xpaas": "1.4.7" }, "message": "A new SSO service (using MySQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the MySQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -415,7 +419,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.4" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -479,7 +483,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/sso71-postgresql-persistent.json index e22399351..b1077db91 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/sso71-postgresql-persistent.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0 + PostgreSQL (Persistent)" - }, - "name": "sso70-postgresql-persistent" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + PostgreSQL", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for PostgreSQL using persistence.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "sso71-postgresql-persistent" }, "labels": { - "template": "sso70-postgresql-persistent", - "xpaas": "1.4.0" + "template": "sso71-postgresql-persistent", + "xpaas": "1.4.7" }, "message": "A new persistent SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -398,7 +402,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.4" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -461,7 +465,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/sso71-postgresql.json index aa8ebaa8e..0955d712a 100644 --- a/roles/openshift_examples/files/examples/v3.7/xpaas-templates/sso70-postgresql.json +++ b/roles/openshift_examples/files/examples/v3.8/xpaas-templates/sso71-postgresql.json @@ -3,17 +3,21 @@ "apiVersion": "v1", "metadata": { "annotations": { - "description": "Application template for SSO 7.0 PostgreSQL applications", - "iconClass" : "icon-jboss", - "tags" : "sso,keycloak,jboss,xpaas", - "version": "1.4.0", - "openshift.io/display-name": "Red Hat Single Sign-On 7.0 + PostgreSQL (Ephemeral)" - }, - "name": "sso70-postgresql" + "iconClass" : "icon-sso", + "tags" : "sso,keycloak,jboss,hidden", + "version": "1.4.7", + "openshift.io/display-name": "Single Sign-On 7.1 + PostgreSQL (Ephemeral)", + "openshift.io/provider-display-name": "Red Hat, Inc.", + "description": "An example SSO 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates.", + "template.openshift.io/long-description": "This template defines resources needed to develop Red Hat Single Sign-On 7.1 server based deployment and deployment configuration for PostgreSQL using ephemeral (temporary) storage.", + "template.openshift.io/documentation-url": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/", + "template.openshift.io/support-url": "https://access.redhat.com" + }, + "name": "sso71-postgresql" }, "labels": { - "template": "sso70-postgresql", - "xpaas": "1.4.0" + "template": "sso71-postgresql", + "xpaas": "1.4.7" }, "message": "A new SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database \"${DB_DATABASE}\" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the \"${SERVICE_ACCOUNT_NAME}\" service account and the following secrets: \"${HTTPS_SECRET}\" containing the ${HTTPS_KEYSTORE} file used for serving secure content; \"${JGROUPS_ENCRYPT_SECRET}\" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications; \"${SSO_TRUSTSTORE_SECRET}\" containing the ${SSO_TRUSTSTORE} file used for securing SSO requests.", "parameters": [ @@ -397,7 +401,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.4" + "name": "redhat-sso71-openshift:1.2" } } }, @@ -461,7 +465,8 @@ "-c", "/opt/eap/bin/livenessProbe.sh" ] - } + }, + "initialDelaySeconds": 10 }, "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index 1a4562776..356317431 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -63,8 +63,10 @@ - name: Import Centos Image streams command: > - {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig -n openshift -f {{ centos_image_streams }} + {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig -n openshift -f {{ item }} when: openshift_examples_load_centos | bool + with_items: + - "{{ centos_image_streams }}" register: oex_import_centos_streams failed_when: "'already exists' not in oex_import_centos_streams.stderr and oex_import_centos_streams.rc != 0" changed_when: false diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml index 3a866cedf..7a5bebf6f 100644 --- a/roles/openshift_excluder/tasks/install.yml +++ b/roles/openshift_excluder/tasks/install.yml @@ -6,19 +6,46 @@ block: - - name: Install docker excluder + - name: Install docker excluder - yum package: name: "{{ r_openshift_excluder_service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" state: "{{ r_openshift_excluder_docker_package_state }}" when: - r_openshift_excluder_enable_docker_excluder | bool + - ansible_pkg_mgr == "yum" - - name: Install openshift excluder + + # For DNF we do not need the "*" and if we add it, it causes an error because + # it's not a valid pkg_spec + # + # https://bugzilla.redhat.com/show_bug.cgi?id=1199432 + - name: Install docker excluder - dnf + package: + name: "{{ r_openshift_excluder_service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + state: "{{ r_openshift_excluder_docker_package_state }}" + when: + - r_openshift_excluder_enable_docker_excluder | bool + - ansible_pkg_mgr == "dnf" + + - name: Install openshift excluder - yum package: name: "{{ r_openshift_excluder_service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" state: "{{ r_openshift_excluder_package_state }}" when: - r_openshift_excluder_enable_openshift_excluder | bool + - ansible_pkg_mgr == "yum" + + # For DNF we do not need the "*" and if we add it, it causes an error because + # it's not a valid pkg_spec + # + # https://bugzilla.redhat.com/show_bug.cgi?id=1199432 + - name: Install openshift excluder - dnf + package: + name: "{{ r_openshift_excluder_service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + state: "{{ r_openshift_excluder_package_state }}" + when: + - r_openshift_excluder_enable_openshift_excluder | bool + - ansible_pkg_mgr == "dnf" - set_fact: r_openshift_excluder_install_ran: True diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 215ff4b72..99ebb7e36 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -490,7 +490,7 @@ def set_selectors(facts): facts['hosted']['metrics'] = {} if 'selector' not in facts['hosted']['metrics'] or facts['hosted']['metrics']['selector'] in [None, 'None']: facts['hosted']['metrics']['selector'] = None - if 'logging' not in facts: + if 'logging' not in facts or not isinstance(facts['logging'], dict): facts['logging'] = {} if 'selector' not in facts['logging'] or facts['logging']['selector'] in [None, 'None']: facts['logging']['selector'] = None @@ -498,6 +498,20 @@ def set_selectors(facts): facts['hosted']['etcd'] = {} if 'selector' not in facts['hosted']['etcd'] or facts['hosted']['etcd']['selector'] in [None, 'None']: facts['hosted']['etcd']['selector'] = None + if 'prometheus' not in facts: + facts['prometheus'] = {} + if 'selector' not in facts['prometheus'] or facts['prometheus']['selector'] in [None, 'None']: + facts['prometheus']['selector'] = None + if 'alertmanager' not in facts['prometheus']: + facts['prometheus']['alertmanager'] = {} + # pylint: disable=line-too-long + if 'selector' not in facts['prometheus']['alertmanager'] or facts['prometheus']['alertmanager']['selector'] in [None, 'None']: + facts['prometheus']['alertmanager']['selector'] = None + if 'alertbuffer' not in facts['prometheus']: + facts['prometheus']['alertbuffer'] = {} + # pylint: disable=line-too-long + if 'selector' not in facts['prometheus']['alertbuffer'] or facts['prometheus']['alertbuffer']['selector'] in [None, 'None']: + facts['prometheus']['alertbuffer']['selector'] = None return facts @@ -792,7 +806,7 @@ def set_deployment_facts_if_unset(facts): # pylint: disable=too-many-statements def set_version_facts_if_unset(facts): """ Set version facts. This currently includes common.version and - common.version_gte_3_1_or_1_1. + common.version_gte_3_x Args: facts (dict): existing facts @@ -800,65 +814,31 @@ def set_version_facts_if_unset(facts): dict: the facts dict updated with version facts. """ if 'common' in facts: - deployment_type = facts['common']['deployment_type'] openshift_version = get_openshift_version(facts) if openshift_version and openshift_version != "latest": version = LooseVersion(openshift_version) facts['common']['version'] = openshift_version facts['common']['short_version'] = '.'.join([str(x) for x in version.version[0:2]]) - if deployment_type == 'origin': - version_gte_3_1_or_1_1 = version >= LooseVersion('1.1.0') - version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('1.1.1') - version_gte_3_2_or_1_2 = version >= LooseVersion('1.2.0') - version_gte_3_3_or_1_3 = version >= LooseVersion('1.3.0') - version_gte_3_4_or_1_4 = version >= LooseVersion('1.4') - version_gte_3_5_or_1_5 = version >= LooseVersion('1.5') - version_gte_3_6 = version >= LooseVersion('3.6') - version_gte_3_7 = version >= LooseVersion('3.7') - else: - version_gte_3_1_or_1_1 = version >= LooseVersion('3.0.2.905') - version_gte_3_1_1_or_1_1_1 = version >= LooseVersion('3.1.1') - version_gte_3_2_or_1_2 = version >= LooseVersion('3.1.1.901') - version_gte_3_3_or_1_3 = version >= LooseVersion('3.3.0') - version_gte_3_4_or_1_4 = version >= LooseVersion('3.4') - version_gte_3_5_or_1_5 = version >= LooseVersion('3.5') - version_gte_3_6 = version >= LooseVersion('3.6') - version_gte_3_7 = version >= LooseVersion('3.7') + version_gte_3_6 = version >= LooseVersion('3.6') + version_gte_3_7 = version >= LooseVersion('3.7') + version_gte_3_8 = version >= LooseVersion('3.8') else: # 'Latest' version is set to True, 'Next' versions set to False - version_gte_3_1_or_1_1 = True - version_gte_3_1_1_or_1_1_1 = True - version_gte_3_2_or_1_2 = True - version_gte_3_3_or_1_3 = True - version_gte_3_4_or_1_4 = True - version_gte_3_5_or_1_5 = True version_gte_3_6 = True - version_gte_3_7 = False - facts['common']['version_gte_3_1_or_1_1'] = version_gte_3_1_or_1_1 - facts['common']['version_gte_3_1_1_or_1_1_1'] = version_gte_3_1_1_or_1_1_1 - facts['common']['version_gte_3_2_or_1_2'] = version_gte_3_2_or_1_2 - facts['common']['version_gte_3_3_or_1_3'] = version_gte_3_3_or_1_3 - facts['common']['version_gte_3_4_or_1_4'] = version_gte_3_4_or_1_4 - facts['common']['version_gte_3_5_or_1_5'] = version_gte_3_5_or_1_5 + version_gte_3_7 = True + version_gte_3_8 = False facts['common']['version_gte_3_6'] = version_gte_3_6 facts['common']['version_gte_3_7'] = version_gte_3_7 + facts['common']['version_gte_3_8'] = version_gte_3_8 - if version_gte_3_7: + if version_gte_3_8: + examples_content_version = 'v3.8' + elif version_gte_3_7: examples_content_version = 'v3.7' elif version_gte_3_6: examples_content_version = 'v3.6' - elif version_gte_3_5_or_1_5: - examples_content_version = 'v1.5' - elif version_gte_3_4_or_1_4: - examples_content_version = 'v1.4' - elif version_gte_3_3_or_1_3: - examples_content_version = 'v1.3' - elif version_gte_3_2_or_1_2: - examples_content_version = 'v1.2' - elif version_gte_3_1_or_1_1: - examples_content_version = 'v1.1' else: - examples_content_version = 'v1.0' + examples_content_version = 'v1.5' facts['common']['examples_content_version'] = examples_content_version @@ -1275,7 +1255,7 @@ def get_container_openshift_version(facts): If containerized, see if we can determine the installed version via the systemd environment files. """ - for filename in ['/etc/sysconfig/%s-master', '/etc/sysconfig/%s-node']: + for filename in ['/etc/sysconfig/%s-master-controllers', '/etc/sysconfig/%s-node']: env_path = filename % facts['common']['service_type'] if not os.path.exists(env_path): continue @@ -1779,7 +1759,8 @@ class OpenShiftFacts(object): 'node', 'logging', 'loggingops', - 'metrics'] + 'metrics', + 'prometheus'] # Disabling too-many-arguments, this should be cleaned up as a TODO item. # pylint: disable=too-many-arguments,no-value-for-parameter @@ -1907,7 +1888,6 @@ class OpenShiftFacts(object): portal_net='172.30.0.0/16', client_binary='oc', admin_binary='oadm', dns_domain='cluster.local', - debug_level=2, config_base='/etc/origin') if 'master' in roles: @@ -2069,6 +2049,66 @@ class OpenShiftFacts(object): ) ) + defaults['prometheus'] = dict( + storage=dict( + kind=None, + volume=dict( + name='prometheus', + size='10Gi' + ), + nfs=dict( + directory='/exports', + options='*(rw,root_squash)' + ), + host=None, + access=dict( + modes=['ReadWriteOnce'] + ), + create_pv=True, + create_pvc=False + ) + ) + + defaults['prometheus']['alertmanager'] = dict( + storage=dict( + kind=None, + volume=dict( + name='prometheus-alertmanager', + size='10Gi' + ), + nfs=dict( + directory='/exports', + options='*(rw,root_squash)' + ), + host=None, + access=dict( + modes=['ReadWriteOnce'] + ), + create_pv=True, + create_pvc=False + ) + ) + + defaults['prometheus']['alertbuffer'] = dict( + storage=dict( + kind=None, + volume=dict( + name='prometheus-alertbuffer', + size='10Gi' + ), + nfs=dict( + directory='/exports', + options='*(rw,root_squash)' + ), + host=None, + access=dict( + modes=['ReadWriteOnce'] + ), + create_pv=True, + create_pvc=False + ) + ) + return defaults def guess_host_provider(self): diff --git a/roles/openshift_gcp/templates/provision.j2.sh b/roles/openshift_gcp/templates/provision.j2.sh index d72a11de1..4d150bc74 100644 --- a/roles/openshift_gcp/templates/provision.j2.sh +++ b/roles/openshift_gcp/templates/provision.j2.sh @@ -125,10 +125,11 @@ fi ) & if ! gcloud --project "{{ openshift_gcp_project }}" compute instance-templates describe "{{ openshift_gcp_prefix }}instance-template-{{ node_group.name }}" &>/dev/null; then gcloud --project "{{ openshift_gcp_project }}" compute instance-templates create "{{ openshift_gcp_prefix }}instance-template-{{ node_group.name }}" \ --machine-type "{{ node_group.machine_type }}" --network "{{ openshift_gcp_network_name }}" \ - --tags "{{ openshift_gcp_prefix }}ocp,ocp,{{ node_group.tags }}" \ + --tags "{{ openshift_gcp_prefix }}ocp,ocp,{{ 'ocp-bootstrap,' if (node_group.bootstrap | default(False)) else '' }}{{ node_group.tags }}" \ --boot-disk-size "{{ node_group.boot_disk_size }}" --boot-disk-type "pd-ssd" \ --scopes "logging-write,monitoring-write,useraccounts-ro,service-control,service-management,storage-ro,compute-rw" \ - --image "${image}" ${metadata} + --image "{{ node_group.image | default('${image}') }}" ${metadata} \ + --metadata "bootstrap={{ node_group.bootstrap | default(False) | bool | to_json }},cluster-id={{ openshift_gcp_prefix + openshift_gcp_clusterid }},node-group={{ node_group.name }}" else echo "Instance template '{{ openshift_gcp_prefix }}instance-template-{{ node_group.name }}' already exists" fi @@ -312,8 +313,12 @@ fi # wait until all node groups are stable {% for node_group in openshift_gcp_node_group_config %} +{% if node_group.wait_for_stable | default(False) or not (node_group.bootstrap | default(False)) %} # wait for stable {{ node_group.name }} -( gcloud --project "{{ openshift_gcp_project }}" compute instance-groups managed wait-until-stable "{{ openshift_gcp_prefix }}ig-{{ node_group.suffix }}" --zone "{{ openshift_gcp_zone }}" --timeout=300) & +( gcloud --project "{{ openshift_gcp_project }}" compute instance-groups managed wait-until-stable "{{ openshift_gcp_prefix }}ig-{{ node_group.suffix }}" --zone "{{ openshift_gcp_zone }}" --timeout=600 ) & +{% else %} +# not waiting for {{ node_group.name }} due to bootstrapping +{% endif %} {% endfor %} diff --git a/roles/openshift_gcp/templates/remove.j2.sh b/roles/openshift_gcp/templates/remove.j2.sh index a1e0affec..c9213b800 100644 --- a/roles/openshift_gcp/templates/remove.j2.sh +++ b/roles/openshift_gcp/templates/remove.j2.sh @@ -37,7 +37,7 @@ function teardown() { # scale down {{ node_group.name }} ( # performs a delete and scale down as one operation to ensure maximum parallelism - if ! instances=$( gcloud --project "{{ openshift_gcp_project }}" compute instance-groups managed list-instances "{{ openshift_gcp_prefix }}ig-{{ node_group.suffix }}" --zone "{{ openshift_gcp_zone }}" --format='value[terminator=","](instance)' ); then + if ! instances=$( gcloud --project "{{ openshift_gcp_project }}" compute instance-groups managed list-instances "{{ openshift_gcp_prefix }}ig-{{ node_group.suffix }}" --zone "{{ openshift_gcp_zone }}" --format='value[terminator=","](instance)' 2>/dev/null ); then exit 0 fi instances="${instances%?}" @@ -59,6 +59,21 @@ if gsutil ls -p "{{ openshift_gcp_project }}" "gs://{{ openshift_gcp_registry_bu fi ) & +# Project metadata prefixed with {{ openshift_gcp_prefix }} +( + for key in $( gcloud --project "{{ openshift_gcp_project }}" compute project-info describe --flatten=commonInstanceMetadata.items[] '--format=value(commonInstanceMetadata.items.key)' ); do + if [[ "${key}" == "{{ openshift_gcp_prefix }}"* ]]; then + gcloud --project "{{ openshift_gcp_project }}" compute project-info remove-metadata "--keys=${key}" + fi + done +) & + +# Instances and disks used for image building +( + teardown "{{ openshift_gcp_prefix }}build-image-instance" compute instances --zone "{{ openshift_gcp_zone }}" + teardown "{{ openshift_gcp_prefix }}build-image-instance" compute disks --zone "{{ openshift_gcp_zone }}" +) & + # DNS ( dns_zone="{{ dns_managed_zone | default(openshift_gcp_prefix + 'managed-zone') }}" @@ -152,5 +167,12 @@ for i in `jobs -p`; do wait $i; done for i in `jobs -p`; do wait $i; done +# Images specifically located under this cluster prefix family +for name in $( gcloud --project "{{ openshift_gcp_project }}" compute images list "--filter=family={{ openshift_gcp_prefix }}images" '--format=value(name)' ); do + ( gcloud --project "{{ openshift_gcp_project }}" compute images delete "${name}" ) & +done + # Network -teardown "{{ openshift_gcp_network_name }}" compute networks +( teardown "{{ openshift_gcp_network_name }}" compute networks ) & + +for i in `jobs -p`; do wait $i; done
\ No newline at end of file diff --git a/roles/openshift_health_checker/action_plugins/openshift_health_check.py b/roles/openshift_health_checker/action_plugins/openshift_health_check.py index 326176273..3ee3b132c 100644 --- a/roles/openshift_health_checker/action_plugins/openshift_health_check.py +++ b/roles/openshift_health_checker/action_plugins/openshift_health_check.py @@ -101,7 +101,8 @@ class ActionModule(ActionBase): execute_module=self._execute_module, tmp=tmp, task_vars=task_vars, - want_full_results=want_full_results + want_full_results=want_full_results, + templar=self._templar ) return known_checks diff --git a/roles/openshift_health_checker/openshift_checks/__init__.py b/roles/openshift_health_checker/openshift_checks/__init__.py index ce05b44a4..b7b16e0ea 100644 --- a/roles/openshift_health_checker/openshift_checks/__init__.py +++ b/roles/openshift_health_checker/openshift_checks/__init__.py @@ -65,12 +65,15 @@ class OpenShiftCheck(object): If the check can gather logs, tarballs, etc., do so when True; but no need to spend the time if they're not wanted (won't be written to output directory). """ - - def __init__(self, execute_module=None, task_vars=None, tmp=None, want_full_results=False): + # pylint: disable=too-many-arguments + def __init__(self, execute_module=None, task_vars=None, tmp=None, want_full_results=False, + templar=None): # store a method for executing ansible modules from the check self._execute_module = execute_module # the task variables and tmpdir passed into the health checker task self.task_vars = task_vars or {} + # We may need to template some task_vars + self._templar = templar self.tmp = tmp # a boolean for disabling the gathering of results (files, computations) that won't # actually be recorded/used diff --git a/roles/openshift_health_checker/openshift_checks/disk_availability.py b/roles/openshift_health_checker/openshift_checks/disk_availability.py index cdf56e959..87e6146d4 100644 --- a/roles/openshift_health_checker/openshift_checks/disk_availability.py +++ b/roles/openshift_health_checker/openshift_checks/disk_availability.py @@ -1,6 +1,7 @@ """Check that there is enough disk space in predefined paths.""" import tempfile +import os.path from openshift_checks import OpenShiftCheck, OpenShiftCheckException @@ -15,31 +16,31 @@ class DiskAvailability(OpenShiftCheck): # https://docs.openshift.org/latest/install_config/install/prerequisites.html#system-requirements recommended_disk_space_bytes = { '/var': { - 'masters': 40 * 10**9, - 'nodes': 15 * 10**9, - 'etcd': 20 * 10**9, + 'oo_masters_to_config': 40 * 10**9, + 'oo_nodes_to_config': 15 * 10**9, + 'oo_etcd_to_config': 20 * 10**9, }, # Used to copy client binaries into, # see roles/openshift_cli/library/openshift_container_binary_sync.py. '/usr/local/bin': { - 'masters': 1 * 10**9, - 'nodes': 1 * 10**9, - 'etcd': 1 * 10**9, + 'oo_masters_to_config': 1 * 10**9, + 'oo_nodes_to_config': 1 * 10**9, + 'oo_etcd_to_config': 1 * 10**9, }, # Used as temporary storage in several cases. tempfile.gettempdir(): { - 'masters': 1 * 10**9, - 'nodes': 1 * 10**9, - 'etcd': 1 * 10**9, + 'oo_masters_to_config': 1 * 10**9, + 'oo_nodes_to_config': 1 * 10**9, + 'oo_etcd_to_config': 1 * 10**9, }, } # recommended disk space for each location under an upgrade context recommended_disk_upgrade_bytes = { '/var': { - 'masters': 10 * 10**9, - 'nodes': 5 * 10 ** 9, - 'etcd': 5 * 10 ** 9, + 'oo_masters_to_config': 10 * 10**9, + 'oo_nodes_to_config': 5 * 10 ** 9, + 'oo_etcd_to_config': 5 * 10 ** 9, }, } @@ -61,9 +62,9 @@ class DiskAvailability(OpenShiftCheck): number = float(user_config) user_config = { '/var': { - 'masters': number, - 'nodes': number, - 'etcd': number, + 'oo_masters_to_config': number, + 'oo_nodes_to_config': number, + 'oo_etcd_to_config': number, }, } except TypeError: @@ -121,11 +122,21 @@ class DiskAvailability(OpenShiftCheck): return {} + def find_ansible_submounts(self, path): + """Return a list of ansible_mounts that are below the given path.""" + base = os.path.join(path, "") + return [ + mount + for mount in self.get_var("ansible_mounts") + if mount["mount"].startswith(base) + ] + def free_bytes(self, path): """Return the size available in path based on ansible_mounts.""" + submounts = sum(mnt.get('size_available', 0) for mnt in self.find_ansible_submounts(path)) mount = self.find_ansible_mount(path) try: - return mount['size_available'] + return mount['size_available'] + submounts except KeyError: raise OpenShiftCheckException( 'Unable to retrieve disk availability for "{path}".\n' diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py index fa07c1dde..4f91f6bb3 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py +++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py @@ -1,5 +1,7 @@ """Check that required Docker images are available.""" +import re +from pipes import quote from ansible.module_utils import six from openshift_checks import OpenShiftCheck from openshift_checks.mixins import DockerHostMixin @@ -10,12 +12,16 @@ DEPLOYMENT_IMAGE_INFO = { "origin": { "namespace": "openshift", "name": "origin", - "registry_console_image": "cockpit/kubernetes", + "registry_console_prefix": "cockpit/", + "registry_console_basename": "kubernetes", + "registry_console_default_version": "latest", }, "openshift-enterprise": { "namespace": "openshift3", "name": "ose", - "registry_console_image": "registry.access.redhat.com/openshift3/registry-console", + "registry_console_prefix": "openshift3/", + "registry_console_basename": "registry-console", + "registry_console_default_version": "${short_version}", }, } @@ -33,10 +39,44 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): # we use python-docker-py to check local docker for images, and skopeo # to look for images available remotely without waiting to pull them. dependencies = ["python-docker-py", "skopeo"] - skopeo_img_check_command = "timeout 10 skopeo inspect --tls-verify=false docker://{registry}/{image}" + # command for checking if remote registries have an image, without docker pull + skopeo_command = "timeout 10 skopeo inspect --tls-verify={tls} {creds} docker://{registry}/{image}" + skopeo_example_command = "skopeo inspect [--tls-verify=false] [--creds=<user>:<pass>] docker://<registry>/<image>" def __init__(self, *args, **kwargs): super(DockerImageAvailability, self).__init__(*args, **kwargs) + + self.registries = dict( + # set of registries that need to be checked insecurely (note: not accounting for CIDR entries) + insecure=set(self.ensure_list("openshift_docker_insecure_registries")), + # set of registries that should never be queried even if given in the image + blocked=set(self.ensure_list("openshift_docker_blocked_registries")), + ) + + # ordered list of registries (according to inventory vars) that docker will try for unscoped images + regs = self.ensure_list("openshift_docker_additional_registries") + # currently one of these registries is added whether the user wants it or not. + deployment_type = self.get_var("openshift_deployment_type") + if deployment_type == "origin" and "docker.io" not in regs: + regs.append("docker.io") + elif deployment_type == 'openshift-enterprise' and "registry.access.redhat.com" not in regs: + regs.append("registry.access.redhat.com") + self.registries["configured"] = regs + + # for the oreg_url registry there may be credentials specified + components = self.get_var("oreg_url", default="").split('/') + self.registries["oreg"] = "" if len(components) < 3 else components[0] + + # Retrieve and template registry credentials, if provided + self.skopeo_command_creds = "" + oreg_auth_user = self.get_var('oreg_auth_user', default='') + oreg_auth_password = self.get_var('oreg_auth_password', default='') + if oreg_auth_user != '' and oreg_auth_password != '': + if self._templar is not None: + oreg_auth_user = self._templar.template(oreg_auth_user) + oreg_auth_password = self._templar.template(oreg_auth_password) + self.skopeo_command_creds = "--creds={}:{}".format(quote(oreg_auth_user), quote(oreg_auth_password)) + # record whether we could reach a registry or not (and remember results) self.reachable_registries = {} @@ -62,26 +102,25 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): if not missing_images: return {} - registries = self.known_docker_registries() - if not registries: - return {"failed": True, "msg": "Unable to retrieve any docker registries."} - - available_images = self.available_images(missing_images, registries) + available_images = self.available_images(missing_images) unavailable_images = set(missing_images) - set(available_images) if unavailable_images: - registries = [ - reg if self.reachable_registries.get(reg, True) else reg + " (unreachable)" - for reg in registries - ] + unreachable = [reg for reg, reachable in self.reachable_registries.items() if not reachable] + unreachable_msg = "Failed connecting to: {}\n".format(", ".join(unreachable)) + blocked_msg = "Blocked registries: {}\n".format(", ".join(self.registries["blocked"])) msg = ( - "One or more required Docker images are not available:\n {}\n" - "Configured registries: {}\n" - "Checked by: {}" + "One or more required container images are not available:\n {missing}\n" + "Checked with: {cmd}\n" + "Default registries searched: {registries}\n" + "{blocked}" + "{unreachable}" ).format( - ",\n ".join(sorted(unavailable_images)), - ", ".join(registries), - self.skopeo_img_check_command + missing=",\n ".join(sorted(unavailable_images)), + cmd=self.skopeo_example_command, + registries=", ".join(self.registries["configured"]), + blocked=blocked_msg if self.registries["blocked"] else "", + unreachable=unreachable_msg if unreachable else "", ) return dict(failed=True, msg=msg) @@ -114,35 +153,53 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): # template for images that run on top of OpenShift image_url = "{}/{}-{}:{}".format(image_info["namespace"], image_info["name"], "${component}", "${version}") image_url = self.get_var("oreg_url", default="") or image_url - if 'nodes' in host_groups: + if 'oo_nodes_to_config' in host_groups: for suffix in NODE_IMAGE_SUFFIXES: required.add(image_url.replace("${component}", suffix).replace("${version}", image_tag)) - # The registry-console is for some reason not prefixed with ose- like the other components. - # Nor is it versioned the same, so just look for latest. - # Also a completely different name is used for Origin. - required.add(image_info["registry_console_image"]) + if self.get_var("osm_use_cockpit", default=True, convert=bool): + required.add(self._registry_console_image(image_tag, image_info)) # images for containerized components if self.get_var("openshift", "common", "is_containerized"): components = set() - if 'nodes' in host_groups: + if 'oo_nodes_to_config' in host_groups: components.update(["node", "openvswitch"]) - if 'masters' in host_groups: # name is "origin" or "ose" + if 'oo_masters_to_config' in host_groups: # name is "origin" or "ose" components.add(image_info["name"]) for component in components: required.add("{}/{}:{}".format(image_info["namespace"], component, image_tag)) - if 'etcd' in host_groups: # special case, note it is the same for origin/enterprise + if 'oo_etcd_to_config' in host_groups: # special case, note it is the same for origin/enterprise required.add("registry.access.redhat.com/rhel7/etcd") # and no image tag return required + def _registry_console_image(self, image_tag, image_info): + """Returns image with logic to parallel what happens with the registry-console template.""" + # The registry-console is for some reason not prefixed with ose- like the other components. + # Nor is it versioned the same. Also a completely different name is used for Origin. + prefix = self.get_var( + "openshift_cockpit_deployer_prefix", + default=image_info["registry_console_prefix"], + ) + basename = self.get_var( + "openshift_cockpit_deployer_basename", + default=image_info["registry_console_basename"], + ) + + # enterprise template just uses v3.6, v3.7, etc + match = re.match(r'v\d+\.\d+', image_tag) + short_version = match.group() if match else image_tag + version = image_info["registry_console_default_version"].replace("${short_version}", short_version) + version = self.get_var("openshift_cockpit_deployer_version", default=version) + + return prefix + basename + ':' + version + def local_images(self, images): """Filter a list of images and return those available locally.""" - registries = self.known_docker_registries() found_images = [] for image in images: # docker could have the image name as-is or prefixed with any registry - imglist = [image] + [reg + "/" + image for reg in registries] + imglist = [image] + [reg + "/" + image for reg in self.registries["configured"]] if self.is_image_local(imglist): found_images.append(image) return found_images @@ -152,37 +209,27 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): result = self.execute_module("docker_image_facts", {"name": image}) return bool(result.get("images")) and not result.get("failed") - def known_docker_registries(self): - """Build a list of docker registries available according to inventory vars.""" - regs = self.get_var("openshift_docker_additional_registries", default=[]) + def ensure_list(self, registry_param): + """Return the task var as a list.""" # https://bugzilla.redhat.com/show_bug.cgi?id=1497274 - # if the result was a string type, place it into a list. We must do this + # If the result was a string type, place it into a list. We must do this # as using list() on a string will split the string into its characters. - if isinstance(regs, six.string_types): - regs = [regs] - else: - # Otherwise cast to a list as was done previously - regs = list(regs) + # Otherwise cast to a list as was done previously. + registry = self.get_var(registry_param, default=[]) + if not isinstance(registry, six.string_types): + return list(registry) + return self.normalize(registry) - deployment_type = self.get_var("openshift_deployment_type") - if deployment_type == "origin" and "docker.io" not in regs: - regs.append("docker.io") - elif deployment_type == 'openshift-enterprise' and "registry.access.redhat.com" not in regs: - regs.append("registry.access.redhat.com") - - return regs - - def available_images(self, images, default_registries): + def available_images(self, images): """Search remotely for images. Returns: list of images found.""" return [ image for image in images - if self.is_available_skopeo_image(image, default_registries) + if self.is_available_skopeo_image(image) ] - def is_available_skopeo_image(self, image, default_registries): + def is_available_skopeo_image(self, image): """Use Skopeo to determine if required image exists in known registry(s).""" - registries = default_registries - + registries = self.registries["configured"] # If image already includes a registry, only use that. # NOTE: This logic would incorrectly identify images that do not use a namespace, e.g. # registry.access.redhat.com/rhel7 as if the registry were a namespace. @@ -193,13 +240,18 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): registries = [registry] for registry in registries: + if registry in self.registries["blocked"]: + continue # blocked will never be consulted if registry not in self.reachable_registries: self.reachable_registries[registry] = self.connect_to_registry(registry) if not self.reachable_registries[registry]: - continue + continue # do not keep trying unreachable registries + + args = dict(registry=registry, image=image) + args["tls"] = "false" if registry in self.registries["insecure"] else "true" + args["creds"] = self.skopeo_command_creds if registry == self.registries["oreg"] else "" - args = {"_raw_params": self.skopeo_img_check_command.format(registry=registry, image=image)} - result = self.execute_module_with_retries("command", args) + result = self.execute_module_with_retries("command", {"_raw_params": self.skopeo_command.format(**args)}) if result.get("rc", 0) == 0 and not result.get("failed"): return True if result.get("rc") == 124: # RC 124 == timed out; mark unreachable diff --git a/roles/openshift_health_checker/openshift_checks/docker_storage.py b/roles/openshift_health_checker/openshift_checks/docker_storage.py index 0558ddf14..6808d8b2f 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_storage.py +++ b/roles/openshift_health_checker/openshift_checks/docker_storage.py @@ -14,7 +14,7 @@ class DockerStorage(DockerHostMixin, OpenShiftCheck): """ name = "docker_storage" - tags = ["pre-install", "health", "preflight"] + tags = ["health", "preflight"] dependencies = ["python-docker-py"] storage_drivers = ["devicemapper", "overlay", "overlay2"] diff --git a/roles/openshift_health_checker/openshift_checks/etcd_traffic.py b/roles/openshift_health_checker/openshift_checks/etcd_traffic.py index b4c8957e9..8b20ccb49 100644 --- a/roles/openshift_health_checker/openshift_checks/etcd_traffic.py +++ b/roles/openshift_health_checker/openshift_checks/etcd_traffic.py @@ -12,7 +12,7 @@ class EtcdTraffic(OpenShiftCheck): def is_active(self): """Skip hosts that do not have etcd in their group names.""" group_names = self.get_var("group_names", default=[]) - valid_group_names = "etcd" in group_names + valid_group_names = "oo_etcd_to_config" in group_names version = self.get_major_minor_version(self.get_var("openshift_image_tag")) valid_version = version in ((3, 4), (3, 5)) diff --git a/roles/openshift_health_checker/openshift_checks/etcd_volume.py b/roles/openshift_health_checker/openshift_checks/etcd_volume.py index 79955cb2f..3d75da6f9 100644 --- a/roles/openshift_health_checker/openshift_checks/etcd_volume.py +++ b/roles/openshift_health_checker/openshift_checks/etcd_volume.py @@ -15,7 +15,11 @@ class EtcdVolume(OpenShiftCheck): etcd_mount_path = "/var/lib/etcd" def is_active(self): - etcd_hosts = self.get_var("groups", "etcd", default=[]) or self.get_var("groups", "masters", default=[]) or [] + etcd_hosts = ( + self.get_var("groups", "oo_etcd_to_config", default=[]) or + self.get_var("groups", "oo_masters_to_config", default=[]) or + [] + ) is_etcd_host = self.get_var("ansible_host") in etcd_hosts return super(EtcdVolume, self).is_active() and is_etcd_host diff --git a/roles/openshift_health_checker/openshift_checks/logging/fluentd_config.py b/roles/openshift_health_checker/openshift_checks/logging/fluentd_config.py index d783e6760..e93cc9028 100644 --- a/roles/openshift_health_checker/openshift_checks/logging/fluentd_config.py +++ b/roles/openshift_health_checker/openshift_checks/logging/fluentd_config.py @@ -46,7 +46,7 @@ class FluentdConfig(LoggingCheck): # if check is running on a master, retrieve all running pods # and check any pod's container for the env var "USE_JOURNAL" group_names = self.get_var("group_names") - if "masters" in group_names: + if "oo_masters_to_config" in group_names: use_journald = self.check_fluentd_env_var() docker_info = self.execute_module("docker_info", {}) diff --git a/roles/openshift_health_checker/openshift_checks/memory_availability.py b/roles/openshift_health_checker/openshift_checks/memory_availability.py index 765ba072d..e7a8ec976 100644 --- a/roles/openshift_health_checker/openshift_checks/memory_availability.py +++ b/roles/openshift_health_checker/openshift_checks/memory_availability.py @@ -14,9 +14,9 @@ class MemoryAvailability(OpenShiftCheck): # Values taken from the official installation documentation: # https://docs.openshift.org/latest/install_config/install/prerequisites.html#system-requirements recommended_memory_bytes = { - "masters": 16 * GIB, - "nodes": 8 * GIB, - "etcd": 8 * GIB, + "oo_masters_to_config": 16 * GIB, + "oo_nodes_to_config": 8 * GIB, + "oo_etcd_to_config": 8 * GIB, } # https://access.redhat.com/solutions/3006511 physical RAM is partly reserved from memtotal memtotal_adjustment = 1 * GIB diff --git a/roles/openshift_health_checker/openshift_checks/mixins.py b/roles/openshift_health_checker/openshift_checks/mixins.py index b90ebf6dd..cfbdea303 100644 --- a/roles/openshift_health_checker/openshift_checks/mixins.py +++ b/roles/openshift_health_checker/openshift_checks/mixins.py @@ -21,9 +21,11 @@ class DockerHostMixin(object): def is_active(self): """Only run on hosts that depend on Docker.""" - is_containerized = self.get_var("openshift", "common", "is_containerized") - is_node = "nodes" in self.get_var("group_names", default=[]) - return super(DockerHostMixin, self).is_active() and (is_containerized or is_node) + group_names = set(self.get_var("group_names", default=[])) + needs_docker = set(["oo_nodes_to_config"]) + if self.get_var("openshift.common.is_containerized"): + needs_docker.update(["oo_masters_to_config", "oo_etcd_to_config"]) + return super(DockerHostMixin, self).is_active() and bool(group_names.intersection(needs_docker)) def ensure_dependencies(self): """ diff --git a/roles/openshift_health_checker/openshift_checks/ovs_version.py b/roles/openshift_health_checker/openshift_checks/ovs_version.py index 363c12def..0cad19842 100644 --- a/roles/openshift_health_checker/openshift_checks/ovs_version.py +++ b/roles/openshift_health_checker/openshift_checks/ovs_version.py @@ -16,7 +16,8 @@ class OvsVersion(NotContainerizedMixin, OpenShiftCheck): tags = ["health"] openshift_to_ovs_version = { - "3.6": ["2.6", "2.7"], + "3.7": ["2.6", "2.7", "2.8"], + "3.6": ["2.6", "2.7", "2.8"], "3.5": ["2.6", "2.7"], "3.4": "2.4", } @@ -24,7 +25,7 @@ class OvsVersion(NotContainerizedMixin, OpenShiftCheck): def is_active(self): """Skip hosts that do not have package requirements.""" group_names = self.get_var("group_names", default=[]) - master_or_node = 'masters' in group_names or 'nodes' in group_names + master_or_node = 'oo_masters_to_config' in group_names or 'oo_nodes_to_config' in group_names return super(OvsVersion, self).is_active() and master_or_node def run(self): diff --git a/roles/openshift_health_checker/openshift_checks/package_availability.py b/roles/openshift_health_checker/openshift_checks/package_availability.py index 21355c2f0..090e438ff 100644 --- a/roles/openshift_health_checker/openshift_checks/package_availability.py +++ b/roles/openshift_health_checker/openshift_checks/package_availability.py @@ -20,9 +20,9 @@ class PackageAvailability(NotContainerizedMixin, OpenShiftCheck): packages = set() - if "masters" in group_names: + if "oo_masters_to_config" in group_names: packages.update(self.master_packages(rpm_prefix)) - if "nodes" in group_names: + if "oo_nodes_to_config" in group_names: packages.update(self.node_packages(rpm_prefix)) args = {"packages": sorted(set(packages))} diff --git a/roles/openshift_health_checker/openshift_checks/package_version.py b/roles/openshift_health_checker/openshift_checks/package_version.py index d4aec3ed8..13a91dadf 100644 --- a/roles/openshift_health_checker/openshift_checks/package_version.py +++ b/roles/openshift_health_checker/openshift_checks/package_version.py @@ -16,7 +16,8 @@ class PackageVersion(NotContainerizedMixin, OpenShiftCheck): openshift_to_ovs_version = { (3, 4): "2.4", (3, 5): ["2.6", "2.7"], - (3, 6): ["2.6", "2.7"], + (3, 6): ["2.6", "2.7", "2.8"], + (3, 7): ["2.6", "2.7", "2.8"], } openshift_to_docker_version = { @@ -36,7 +37,7 @@ class PackageVersion(NotContainerizedMixin, OpenShiftCheck): def is_active(self): """Skip hosts that do not have package requirements.""" group_names = self.get_var("group_names", default=[]) - master_or_node = 'masters' in group_names or 'nodes' in group_names + master_or_node = 'oo_masters_to_config' in group_names or 'oo_nodes_to_config' in group_names return super(PackageVersion, self).is_active() and master_or_node def run(self): diff --git a/roles/openshift_health_checker/test/action_plugin_test.py b/roles/openshift_health_checker/test/action_plugin_test.py index f14887303..40ad27d5d 100644 --- a/roles/openshift_health_checker/test/action_plugin_test.py +++ b/roles/openshift_health_checker/test/action_plugin_test.py @@ -94,6 +94,7 @@ def skipped(result): {}, ]) def test_action_plugin_missing_openshift_facts(plugin, task_vars, monkeypatch): + monkeypatch.setattr(plugin, 'load_known_checks', lambda *_: {}) monkeypatch.setattr('openshift_health_check.resolve_checks', lambda *args: ['fake_check']) result = plugin.run(tmp=None, task_vars=task_vars) diff --git a/roles/openshift_health_checker/test/disk_availability_test.py b/roles/openshift_health_checker/test/disk_availability_test.py index 9ae679b79..7acdb40ec 100644 --- a/roles/openshift_health_checker/test/disk_availability_test.py +++ b/roles/openshift_health_checker/test/disk_availability_test.py @@ -4,11 +4,11 @@ from openshift_checks.disk_availability import DiskAvailability, OpenShiftCheckE @pytest.mark.parametrize('group_names,is_active', [ - (['masters'], True), - (['nodes'], True), - (['etcd'], True), - (['masters', 'nodes'], True), - (['masters', 'etcd'], True), + (['oo_masters_to_config'], True), + (['oo_nodes_to_config'], True), + (['oo_etcd_to_config'], True), + (['oo_masters_to_config', 'oo_nodes_to_config'], True), + (['oo_masters_to_config', 'oo_etcd_to_config'], True), ([], False), (['lb'], False), (['nfs'], False), @@ -39,7 +39,7 @@ def test_is_active(group_names, is_active): ]) def test_cannot_determine_available_disk(desc, ansible_mounts, expect_chunks): task_vars = dict( - group_names=['masters'], + group_names=['oo_masters_to_config'], ansible_mounts=ansible_mounts, ) @@ -52,7 +52,7 @@ def test_cannot_determine_available_disk(desc, ansible_mounts, expect_chunks): @pytest.mark.parametrize('group_names,configured_min,ansible_mounts', [ ( - ['masters'], + ['oo_masters_to_config'], 0, [{ 'mount': '/', @@ -60,7 +60,7 @@ def test_cannot_determine_available_disk(desc, ansible_mounts, expect_chunks): }], ), ( - ['nodes'], + ['oo_nodes_to_config'], 0, [{ 'mount': '/', @@ -68,7 +68,7 @@ def test_cannot_determine_available_disk(desc, ansible_mounts, expect_chunks): }], ), ( - ['etcd'], + ['oo_etcd_to_config'], 0, [{ 'mount': '/', @@ -76,7 +76,7 @@ def test_cannot_determine_available_disk(desc, ansible_mounts, expect_chunks): }], ), ( - ['etcd'], + ['oo_etcd_to_config'], 1, # configure lower threshold [{ 'mount': '/', @@ -84,7 +84,7 @@ def test_cannot_determine_available_disk(desc, ansible_mounts, expect_chunks): }], ), ( - ['etcd'], + ['oo_etcd_to_config'], 0, [{ # not enough space on / ... @@ -96,6 +96,24 @@ def test_cannot_determine_available_disk(desc, ansible_mounts, expect_chunks): 'size_available': 20 * 10**9 + 1, }], ), + ( + ['oo_masters_to_config'], + 0, + [{ + 'mount': '/', + 'size_available': 2 * 10**9, + }, { # not enough directly on /var + 'mount': '/var', + 'size_available': 10 * 10**9 + 1, + }, { + # but subdir mounts add up to enough + 'mount': '/var/lib/docker', + 'size_available': 20 * 10**9 + 1, + }, { + 'mount': '/var/lib/origin', + 'size_available': 20 * 10**9 + 1, + }], + ), ]) def test_succeeds_with_recommended_disk_space(group_names, configured_min, ansible_mounts): task_vars = dict( @@ -104,15 +122,16 @@ def test_succeeds_with_recommended_disk_space(group_names, configured_min, ansib ansible_mounts=ansible_mounts, ) - result = DiskAvailability(fake_execute_module, task_vars).run() + check = DiskAvailability(fake_execute_module, task_vars) + check.run() - assert not result.get('failed', False) + assert not check.failures @pytest.mark.parametrize('name,group_names,configured_min,ansible_mounts,expect_chunks', [ ( 'test with no space available', - ['masters'], + ['oo_masters_to_config'], 0, [{ 'mount': '/', @@ -122,7 +141,7 @@ def test_succeeds_with_recommended_disk_space(group_names, configured_min, ansib ), ( 'test with a higher configured required value', - ['masters'], + ['oo_masters_to_config'], 100, # set a higher threshold [{ 'mount': '/', @@ -132,7 +151,7 @@ def test_succeeds_with_recommended_disk_space(group_names, configured_min, ansib ), ( 'test with 1GB available, but "0" GB space requirement', - ['nodes'], + ['oo_nodes_to_config'], 0, [{ 'mount': '/', @@ -142,7 +161,7 @@ def test_succeeds_with_recommended_disk_space(group_names, configured_min, ansib ), ( 'test with no space available, but "0" GB space requirement', - ['etcd'], + ['oo_etcd_to_config'], 0, [{ 'mount': '/', @@ -152,7 +171,7 @@ def test_succeeds_with_recommended_disk_space(group_names, configured_min, ansib ), ( 'test with enough space for a node, but not for a master', - ['nodes', 'masters'], + ['oo_nodes_to_config', 'oo_masters_to_config'], 0, [{ 'mount': '/', @@ -162,7 +181,7 @@ def test_succeeds_with_recommended_disk_space(group_names, configured_min, ansib ), ( 'test failure with enough space on "/", but not enough on "/var"', - ['etcd'], + ['oo_etcd_to_config'], 0, [{ # enough space on / ... @@ -194,7 +213,7 @@ def test_fails_with_insufficient_disk_space(name, group_names, configured_min, a @pytest.mark.parametrize('name,group_names,context,ansible_mounts,failed,extra_words', [ ( 'test without enough space for master under "upgrade" context', - ['nodes', 'masters'], + ['oo_nodes_to_config', 'oo_masters_to_config'], "upgrade", [{ 'mount': '/', @@ -206,7 +225,7 @@ def test_fails_with_insufficient_disk_space(name, group_names, configured_min, a ), ( 'test with enough space for master under "upgrade" context', - ['nodes', 'masters'], + ['oo_nodes_to_config', 'oo_masters_to_config'], "upgrade", [{ 'mount': '/', @@ -218,7 +237,7 @@ def test_fails_with_insufficient_disk_space(name, group_names, configured_min, a ), ( 'test with not enough space for master, and non-upgrade context', - ['nodes', 'masters'], + ['oo_nodes_to_config', 'oo_masters_to_config'], "health", [{ 'mount': '/', diff --git a/roles/openshift_health_checker/test/docker_image_availability_test.py b/roles/openshift_health_checker/test/docker_image_availability_test.py index c523ffd5c..ec46c3b4b 100644 --- a/roles/openshift_health_checker/test/docker_image_availability_test.py +++ b/roles/openshift_health_checker/test/docker_image_availability_test.py @@ -1,6 +1,6 @@ import pytest -from openshift_checks.docker_image_availability import DockerImageAvailability +from openshift_checks.docker_image_availability import DockerImageAvailability, DEPLOYMENT_IMAGE_INFO @pytest.fixture() @@ -16,19 +16,19 @@ def task_vars(): ), openshift_deployment_type='origin', openshift_image_tag='', - group_names=['nodes', 'masters'], + group_names=['oo_nodes_to_config', 'oo_masters_to_config'], ) @pytest.mark.parametrize('deployment_type, is_containerized, group_names, expect_active', [ - ("origin", True, [], True), - ("openshift-enterprise", True, [], True), ("invalid", True, [], False), ("", True, [], False), ("origin", False, [], False), ("openshift-enterprise", False, [], False), - ("origin", False, ["nodes", "masters"], True), - ("openshift-enterprise", False, ["etcd"], False), + ("origin", False, ["oo_nodes_to_config", "oo_masters_to_config"], True), + ("openshift-enterprise", False, ["oo_etcd_to_config"], False), + ("origin", True, ["nfs"], False), + ("openshift-enterprise", True, ["lb"], False), ]) def test_is_active(task_vars, deployment_type, is_containerized, group_names, expect_active): task_vars['openshift_deployment_type'] = deployment_type @@ -98,40 +98,7 @@ def test_all_images_unavailable(task_vars): actual = check.run() assert actual['failed'] - assert "required Docker images are not available" in actual['msg'] - - -def test_no_known_registries(): - def execute_module(module_name=None, *_): - if module_name == "command": - return { - 'failed': True, - } - - return { - 'changed': False, - } - - def mock_known_docker_registries(): - return [] - - dia = DockerImageAvailability(execute_module, task_vars=dict( - openshift=dict( - common=dict( - service_type='origin', - is_containerized=False, - is_atomic=False, - ) - ), - openshift_docker_additional_registries=["docker.io"], - openshift_deployment_type="openshift-enterprise", - openshift_image_tag='latest', - group_names=['nodes', 'masters'], - )) - dia.known_docker_registries = mock_known_docker_registries - actual = dia.run() - assert actual['failed'] - assert "Unable to retrieve any docker registries." in actual['msg'] + assert "required container images are not available" in actual['msg'] @pytest.mark.parametrize("message,extra_words", [ @@ -172,13 +139,13 @@ def test_skopeo_update_failure(task_vars, message, extra_words): "spam/eggs:v1", ["test.reg"], True, True, False, - {"test.reg": False}, + {"test.reg": False, "docker.io": False}, ), ( "spam/eggs:v1", ["test.reg"], False, True, False, - {"test.reg": True}, + {"test.reg": True, "docker.io": True}, ), ( "eggs.reg/spam/eggs:v1", ["test.reg"], @@ -195,44 +162,46 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo elif module_name == "command": return dict(msg="msg", failed=skopeo_failed) - check = DockerImageAvailability(execute_module, task_vars()) + tv = task_vars() + tv.update({"openshift_docker_additional_registries": registries}) + check = DockerImageAvailability(execute_module, tv) check._module_retry_interval = 0 - available = check.is_available_skopeo_image(image, registries) + available = check.is_available_skopeo_image(image) assert available == expect_success assert expect_registries_reached == check.reachable_registries @pytest.mark.parametrize("deployment_type, is_containerized, groups, oreg_url, expected", [ ( # standard set of stuff required on nodes - "origin", False, ['nodes'], None, + "origin", False, ['oo_nodes_to_config'], "", set([ 'openshift/origin-pod:vtest', 'openshift/origin-deployer:vtest', 'openshift/origin-docker-registry:vtest', 'openshift/origin-haproxy-router:vtest', - 'cockpit/kubernetes', # origin version of registry-console + 'cockpit/kubernetes:latest', # origin version of registry-console ]) ), ( # set a different URL for images - "origin", False, ['nodes'], 'foo.io/openshift/origin-${component}:${version}', + "origin", False, ['oo_nodes_to_config'], 'foo.io/openshift/origin-${component}:${version}', set([ 'foo.io/openshift/origin-pod:vtest', 'foo.io/openshift/origin-deployer:vtest', 'foo.io/openshift/origin-docker-registry:vtest', 'foo.io/openshift/origin-haproxy-router:vtest', - 'cockpit/kubernetes', # AFAICS this is not built from the URL + 'cockpit/kubernetes:latest', # AFAICS this is not built from the URL ]) ), ( - "origin", True, ['nodes', 'masters', 'etcd'], None, + "origin", True, ['oo_nodes_to_config', 'oo_masters_to_config', 'oo_etcd_to_config'], "", set([ # images running on top of openshift 'openshift/origin-pod:vtest', 'openshift/origin-deployer:vtest', 'openshift/origin-docker-registry:vtest', 'openshift/origin-haproxy-router:vtest', - 'cockpit/kubernetes', + 'cockpit/kubernetes:latest', # containerized component images 'openshift/origin:vtest', 'openshift/node:vtest', @@ -241,21 +210,21 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo ]) ), ( # enterprise images - "openshift-enterprise", True, ['nodes'], 'foo.io/openshift3/ose-${component}:f13ac45', + "openshift-enterprise", True, ['oo_nodes_to_config'], 'foo.io/openshift3/ose-${component}:f13ac45', set([ 'foo.io/openshift3/ose-pod:f13ac45', 'foo.io/openshift3/ose-deployer:f13ac45', 'foo.io/openshift3/ose-docker-registry:f13ac45', 'foo.io/openshift3/ose-haproxy-router:f13ac45', # registry-console is not constructed/versioned the same as the others. - 'registry.access.redhat.com/openshift3/registry-console', + 'openshift3/registry-console:vtest', # containerized images aren't built from oreg_url 'openshift3/node:vtest', 'openshift3/openvswitch:vtest', ]) ), ( - "openshift-enterprise", True, ['etcd', 'lb'], 'foo.io/openshift3/ose-${component}:f13ac45', + "openshift-enterprise", True, ['oo_etcd_to_config', 'lb'], 'foo.io/openshift3/ose-${component}:f13ac45', set([ 'registry.access.redhat.com/rhel7/etcd', # lb does not yet come in a containerized version @@ -280,6 +249,42 @@ def test_required_images(deployment_type, is_containerized, groups, oreg_url, ex assert expected == DockerImageAvailability(task_vars=task_vars).required_images() +@pytest.mark.parametrize("task_vars, expected", [ + ( + dict( + openshift_deployment_type="origin", + openshift_image_tag="vtest", + ), + "cockpit/kubernetes:latest", + ), ( + dict( + openshift_deployment_type="openshift-enterprise", + openshift_image_tag="vtest", + ), + "openshift3/registry-console:vtest", + ), ( + dict( + openshift_deployment_type="openshift-enterprise", + openshift_image_tag="v3.7.0-alpha.0", + openshift_cockpit_deployer_prefix="registry.example.com/spam/", + ), + "registry.example.com/spam/registry-console:v3.7", + ), ( + dict( + openshift_deployment_type="origin", + openshift_image_tag="v3.7.0-alpha.0", + openshift_cockpit_deployer_prefix="registry.example.com/eggs/", + openshift_cockpit_deployer_version="spam", + ), + "registry.example.com/eggs/kubernetes:spam", + ), +]) +def test_registry_console_image(task_vars, expected): + info = DEPLOYMENT_IMAGE_INFO[task_vars["openshift_deployment_type"]] + tag = task_vars["openshift_image_tag"] + assert expected == DockerImageAvailability(task_vars=task_vars)._registry_console_image(tag, info) + + def test_containerized_etcd(): task_vars = dict( openshift=dict( @@ -288,7 +293,7 @@ def test_containerized_etcd(): ), ), openshift_deployment_type="origin", - group_names=['etcd'], + group_names=['oo_etcd_to_config'], ) expected = set(['registry.access.redhat.com/rhel7/etcd']) assert expected == DockerImageAvailability(task_vars=task_vars).required_images() diff --git a/roles/openshift_health_checker/test/docker_storage_test.py b/roles/openshift_health_checker/test/docker_storage_test.py index e0dccc062..8fa68c378 100644 --- a/roles/openshift_health_checker/test/docker_storage_test.py +++ b/roles/openshift_health_checker/test/docker_storage_test.py @@ -5,9 +5,9 @@ from openshift_checks.docker_storage import DockerStorage @pytest.mark.parametrize('is_containerized, group_names, is_active', [ - (False, ["masters", "etcd"], False), - (False, ["masters", "nodes"], True), - (True, ["etcd"], True), + (False, ["oo_masters_to_config", "oo_etcd_to_config"], False), + (False, ["oo_masters_to_config", "oo_nodes_to_config"], True), + (True, ["oo_etcd_to_config"], True), ]) def test_is_active(is_containerized, group_names, is_active): task_vars = dict( diff --git a/roles/openshift_health_checker/test/etcd_traffic_test.py b/roles/openshift_health_checker/test/etcd_traffic_test.py index fae3e578d..dd6f4ad81 100644 --- a/roles/openshift_health_checker/test/etcd_traffic_test.py +++ b/roles/openshift_health_checker/test/etcd_traffic_test.py @@ -4,14 +4,14 @@ from openshift_checks.etcd_traffic import EtcdTraffic @pytest.mark.parametrize('group_names,version,is_active', [ - (['masters'], "3.5", False), - (['masters'], "3.6", False), - (['nodes'], "3.4", False), - (['etcd'], "3.4", True), - (['etcd'], "1.5", True), - (['etcd'], "3.1", False), - (['masters', 'nodes'], "3.5", False), - (['masters', 'etcd'], "3.5", True), + (['oo_masters_to_config'], "3.5", False), + (['oo_masters_to_config'], "3.6", False), + (['oo_nodes_to_config'], "3.4", False), + (['oo_etcd_to_config'], "3.4", True), + (['oo_etcd_to_config'], "1.5", True), + (['oo_etcd_to_config'], "3.1", False), + (['oo_masters_to_config', 'oo_nodes_to_config'], "3.5", False), + (['oo_masters_to_config', 'oo_etcd_to_config'], "3.5", True), ([], "3.4", False), ]) def test_is_active(group_names, version, is_active): @@ -23,9 +23,9 @@ def test_is_active(group_names, version, is_active): @pytest.mark.parametrize('group_names,matched,failed,extra_words', [ - (["masters"], True, True, ["Higher than normal", "traffic"]), - (["masters", "etcd"], False, False, []), - (["etcd"], False, False, []), + (["oo_masters_to_config"], True, True, ["Higher than normal", "traffic"]), + (["oo_masters_to_config", "oo_etcd_to_config"], False, False, []), + (["oo_etcd_to_config"], False, False, []), ]) def test_log_matches_high_traffic_msg(group_names, matched, failed, extra_words): def execute_module(module_name, *_): diff --git a/roles/openshift_health_checker/test/fluentd_config_test.py b/roles/openshift_health_checker/test/fluentd_config_test.py index 10db253bc..b5b4858d6 100644 --- a/roles/openshift_health_checker/test/fluentd_config_test.py +++ b/roles/openshift_health_checker/test/fluentd_config_test.py @@ -82,7 +82,7 @@ def test_check_logging_config_non_master(name, use_journald, logging_driver, ext return {} task_vars = dict( - group_names=["nodes", "etcd"], + group_names=["oo_nodes_to_config", "oo_etcd_to_config"], openshift_logging_fluentd_use_journal=use_journald, openshift=dict( common=dict(config_base=""), @@ -128,7 +128,7 @@ def test_check_logging_config_non_master_failed(name, use_journald, logging_driv return {} task_vars = dict( - group_names=["nodes", "etcd"], + group_names=["oo_nodes_to_config", "oo_etcd_to_config"], openshift_logging_fluentd_use_journal=use_journald, openshift=dict( common=dict(config_base=""), @@ -192,7 +192,7 @@ def test_check_logging_config_master(name, pods, logging_driver, extra_words): return {} task_vars = dict( - group_names=["masters"], + group_names=["oo_masters_to_config"], openshift=dict( common=dict(config_base=""), ), @@ -274,7 +274,7 @@ def test_check_logging_config_master_failed(name, pods, logging_driver, words): return {} task_vars = dict( - group_names=["masters"], + group_names=["oo_masters_to_config"], openshift=dict( common=dict(config_base=""), ), @@ -331,7 +331,7 @@ def test_check_logging_config_master_fails_on_unscheduled_deployment(name, pods, return {} task_vars = dict( - group_names=["masters"], + group_names=["oo_masters_to_config"], openshift=dict( common=dict(config_base=""), ), diff --git a/roles/openshift_health_checker/test/memory_availability_test.py b/roles/openshift_health_checker/test/memory_availability_test.py index aee2f0416..5ec83dd79 100644 --- a/roles/openshift_health_checker/test/memory_availability_test.py +++ b/roles/openshift_health_checker/test/memory_availability_test.py @@ -4,11 +4,11 @@ from openshift_checks.memory_availability import MemoryAvailability @pytest.mark.parametrize('group_names,is_active', [ - (['masters'], True), - (['nodes'], True), - (['etcd'], True), - (['masters', 'nodes'], True), - (['masters', 'etcd'], True), + (['oo_masters_to_config'], True), + (['oo_nodes_to_config'], True), + (['oo_etcd_to_config'], True), + (['oo_masters_to_config', 'oo_nodes_to_config'], True), + (['oo_masters_to_config', 'oo_etcd_to_config'], True), ([], False), (['lb'], False), (['nfs'], False), @@ -22,32 +22,32 @@ def test_is_active(group_names, is_active): @pytest.mark.parametrize('group_names,configured_min,ansible_memtotal_mb', [ ( - ['masters'], + ['oo_masters_to_config'], 0, 17200, ), ( - ['nodes'], + ['oo_nodes_to_config'], 0, 8200, ), ( - ['nodes'], + ['oo_nodes_to_config'], 1, # configure lower threshold 2000, # too low for recommended but not for configured ), ( - ['nodes'], + ['oo_nodes_to_config'], 2, # configure threshold where adjustment pushes it over 1900, ), ( - ['etcd'], + ['oo_etcd_to_config'], 0, 8200, ), ( - ['masters', 'nodes'], + ['oo_masters_to_config', 'oo_nodes_to_config'], 0, 17000, ), @@ -66,43 +66,43 @@ def test_succeeds_with_recommended_memory(group_names, configured_min, ansible_m @pytest.mark.parametrize('group_names,configured_min,ansible_memtotal_mb,extra_words', [ ( - ['masters'], + ['oo_masters_to_config'], 0, 0, ['0.0 GiB'], ), ( - ['nodes'], + ['oo_nodes_to_config'], 0, 100, ['0.1 GiB'], ), ( - ['nodes'], + ['oo_nodes_to_config'], 24, # configure higher threshold 20 * 1024, # enough to meet recommended but not configured ['20.0 GiB'], ), ( - ['nodes'], + ['oo_nodes_to_config'], 24, # configure higher threshold 22 * 1024, # not enough for adjustment to push over threshold ['22.0 GiB'], ), ( - ['etcd'], + ['oo_etcd_to_config'], 0, 6 * 1024, ['6.0 GiB'], ), ( - ['etcd', 'masters'], + ['oo_etcd_to_config', 'oo_masters_to_config'], 0, 9 * 1024, # enough memory for etcd, not enough for a master ['9.0 GiB'], ), ( - ['nodes', 'masters'], + ['oo_nodes_to_config', 'oo_masters_to_config'], 0, # enough memory for a node, not enough for a master 11 * 1024, diff --git a/roles/openshift_health_checker/test/ovs_version_test.py b/roles/openshift_health_checker/test/ovs_version_test.py index 602f32989..6f0457549 100644 --- a/roles/openshift_health_checker/test/ovs_version_test.py +++ b/roles/openshift_health_checker/test/ovs_version_test.py @@ -38,8 +38,9 @@ def test_invalid_openshift_release_format(): @pytest.mark.parametrize('openshift_release,expected_ovs_version', [ + ("3.7", ["2.6", "2.7", "2.8"]), ("3.5", ["2.6", "2.7"]), - ("3.6", ["2.6", "2.7"]), + ("3.6", ["2.6", "2.7", "2.8"]), ("3.4", "2.4"), ("3.3", "2.4"), ("1.0", "2.4"), @@ -67,14 +68,14 @@ def test_ovs_package_version(openshift_release, expected_ovs_version): @pytest.mark.parametrize('group_names,is_containerized,is_active', [ - (['masters'], False, True), + (['oo_masters_to_config'], False, True), # ensure check is skipped on containerized installs - (['masters'], True, False), - (['nodes'], False, True), - (['masters', 'nodes'], False, True), - (['masters', 'etcd'], False, True), + (['oo_masters_to_config'], True, False), + (['oo_nodes_to_config'], False, True), + (['oo_masters_to_config', 'oo_nodes_to_config'], False, True), + (['oo_masters_to_config', 'oo_etcd_to_config'], False, True), ([], False, False), - (['etcd'], False, False), + (['oo_etcd_to_config'], False, False), (['lb'], False, False), (['nfs'], False, False), ]) diff --git a/roles/openshift_health_checker/test/package_availability_test.py b/roles/openshift_health_checker/test/package_availability_test.py index b34e8fbfc..9815acb38 100644 --- a/roles/openshift_health_checker/test/package_availability_test.py +++ b/roles/openshift_health_checker/test/package_availability_test.py @@ -26,7 +26,7 @@ def test_is_active(pkg_mgr, is_containerized, is_active): ( dict( openshift=dict(common=dict(service_type='origin')), - group_names=['masters'], + group_names=['oo_masters_to_config'], ), set(['origin-master']), set(['origin-node']), @@ -34,7 +34,7 @@ def test_is_active(pkg_mgr, is_containerized, is_active): ( dict( openshift=dict(common=dict(service_type='atomic-openshift')), - group_names=['nodes'], + group_names=['oo_nodes_to_config'], ), set(['atomic-openshift-node']), set(['atomic-openshift-master']), @@ -42,7 +42,7 @@ def test_is_active(pkg_mgr, is_containerized, is_active): ( dict( openshift=dict(common=dict(service_type='atomic-openshift')), - group_names=['masters', 'nodes'], + group_names=['oo_masters_to_config', 'oo_nodes_to_config'], ), set(['atomic-openshift-master', 'atomic-openshift-node']), set(), diff --git a/roles/openshift_health_checker/test/package_version_test.py b/roles/openshift_health_checker/test/package_version_test.py index 8564cd4db..3cf4ce033 100644 --- a/roles/openshift_health_checker/test/package_version_test.py +++ b/roles/openshift_health_checker/test/package_version_test.py @@ -97,14 +97,14 @@ def test_docker_package_version(deployment_type, openshift_release, expected_doc @pytest.mark.parametrize('group_names,is_containerized,is_active', [ - (['masters'], False, True), + (['oo_masters_to_config'], False, True), # ensure check is skipped on containerized installs - (['masters'], True, False), - (['nodes'], False, True), - (['masters', 'nodes'], False, True), - (['masters', 'etcd'], False, True), + (['oo_masters_to_config'], True, False), + (['oo_nodes_to_config'], False, True), + (['oo_masters_to_config', 'oo_nodes_to_config'], False, True), + (['oo_masters_to_config', 'oo_etcd_to_config'], False, True), ([], False, False), - (['etcd'], False, False), + (['oo_etcd_to_config'], False, False), (['lb'], False, False), (['nfs'], False, False), ]) diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md index 29ae58556..d6f6e3e09 100644 --- a/roles/openshift_hosted/README.md +++ b/roles/openshift_hosted/README.md @@ -27,6 +27,7 @@ From this role: | openshift_hosted_registry_replicas | Number of nodes matching selector | The number of replicas to configure. | | openshift_hosted_registry_selector | region=infra | Node selector used when creating registry. The OpenShift registry will only be deployed to nodes matching this selector. | | openshift_hosted_registry_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | +| openshift_hosted_registry_clusterip | None | Cluster IP for registry service | If you specify `openshift_hosted_registry_kind=glusterfs`, the following variables also control configuration behavior: diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index c234c3740..2af42fba4 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -69,7 +69,6 @@ r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | defau openshift_hosted_registry_name: docker-registry openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}" -registry_volume_claim: 'registry-claim' openshift_hosted_registry_cert_expire_days: 730 r_openshift_hosted_registry_os_firewall_deny: [] @@ -81,6 +80,7 @@ r_openshift_hosted_registry_os_firewall_allow: openshift_hosted_registry_serviceaccount: registry openshift_hosted_registry_volumes: [] openshift_hosted_registry_env_vars: {} +openshift_hosted_registry_clusterip: null # These edits are being specified only to prevent 'changed' on rerun openshift_hosted_registry_edits: diff --git a/roles/openshift_hosted/tasks/registry.yml b/roles/openshift_hosted/tasks/registry.yml index f1aa9c5a8..eaaac9da2 100644 --- a/roles/openshift_hosted/tasks/registry.yml +++ b/roles/openshift_hosted/tasks/registry.yml @@ -89,6 +89,7 @@ docker-registry: default session_affinity: ClientIP service_type: ClusterIP + clusterip: '{{ openshift_hosted_registry_clusterip | default(omit) }}' - include: secure.yml static: no diff --git a/roles/openshift_hosted/tasks/router.yml b/roles/openshift_hosted/tasks/router.yml index 2aceef9e4..dd7053656 100644 --- a/roles/openshift_hosted/tasks/router.yml +++ b/roles/openshift_hosted/tasks/router.yml @@ -29,7 +29,9 @@ src: "{{ item }}" with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" - when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} + when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} or + ( openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length > 0 ) + # This is for when we desire a cluster signed cert # The certificate is generated and placed in master_config_dir/ @@ -42,8 +44,8 @@ hostnames: - "{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - "*.{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - cert: "{{ ('/etc/origin/master/' ~ (item.certificate.certfile | basename)) if 'certfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.crt') }}" - key: "{{ ('/etc/origin/master/' ~ (item.certificate.keyfile | basename)) if 'keyfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.key') }}" + cert: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}" + key: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}" with_items: "{{ openshift_hosted_routers }}" - name: set the openshift_hosted_router_certificate @@ -55,6 +57,7 @@ when: - openshift_hosted_router_create_certificate | bool - openshift_hosted_router_certificate == {} + - openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length == 0 - name: Create the router service account(s) oc_serviceaccount: diff --git a/roles/openshift_hosted/tasks/secure.yml b/roles/openshift_hosted/tasks/secure.yml index 0da8ac8a7..174bc39a4 100644 --- a/roles/openshift_hosted/tasks/secure.yml +++ b/roles/openshift_hosted/tasks/secure.yml @@ -42,7 +42,7 @@ - "{{ openshift_hosted_registry_routehost }}" cert: "{{ docker_registry_cert_path }}" key: "{{ docker_registry_key_path }}" - expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift_deployment_type) | bool else omit }}" + expire_days: "{{ openshift_hosted_registry_cert_expire_days }}" register: registry_self_cert when: docker_registry_self_signed diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2 index eae8b328e..222b63b8a 100644 --- a/roles/openshift_hosted/templates/registry_config.j2 +++ b/roles/openshift_hosted/templates/registry_config.j2 @@ -53,7 +53,7 @@ storage: {% if openshift_hosted_registry_storage_swift_domain is defined %} domain: {{ openshift_hosted_registry_storage_swift_domain }} {% endif -%} -{% if openshift_hosted_registry_storage_swift_domainid %} +{% if openshift_hosted_registry_storage_swift_domainid is defined %} domainid: {{ openshift_hosted_registry_storage_swift_domainid }} {% endif -%} {% elif openshift_hosted_registry_storage_provider | default('') == 'gcs' %} @@ -63,7 +63,7 @@ storage: keyfile: /etc/registry/gcs.json {% endif -%} {% if openshift_hosted_registry_storage_gcs_rootdirectory is defined %} - rootdirectory: {{ openshift_hosted_registry_storage_gcs_rootdirectory }} + rootdirectory: {{ openshift_hosted_registry_storage_gcs_rootdirectory | default('/registry') }} {% endif -%} {% endif -%} auth: diff --git a/roles/openshift_hosted_facts/tasks/main.yml b/roles/openshift_hosted_facts/tasks/main.yml index 47dc9171d..8fc70cecb 100644 --- a/roles/openshift_hosted_facts/tasks/main.yml +++ b/roles/openshift_hosted_facts/tasks/main.yml @@ -16,4 +16,4 @@ | oo_openshift_env }}" openshift_env_structures: - 'openshift.hosted.router.*' - with_items: [hosted, logging, loggingops, metrics] + with_items: [hosted, logging, loggingops, metrics, prometheus] diff --git a/roles/openshift_hosted_metrics/handlers/main.yml b/roles/openshift_hosted_metrics/handlers/main.yml index ce7688581..074b72942 100644 --- a/roles/openshift_hosted_metrics/handlers/main.yml +++ b/roles/openshift_hosted_metrics/handlers/main.yml @@ -4,8 +4,13 @@ when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server @@ -13,11 +18,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: diff --git a/roles/openshift_hosted_templates/files/v3.6/enterprise/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.6/enterprise/registry-console.yaml index f821efd6b..cc3159a32 100644 --- a/roles/openshift_hosted_templates/files/v3.6/enterprise/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.6/enterprise/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -102,7 +102,10 @@ objects: parameters: - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' name: IMAGE_PREFIX - value: "registry.access.redhat.com/openshift3/" + value: "openshift3/" + - description: 'Specify component name for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", use base name "registry-console"' + name: IMAGE_BASENAME + value: "registry-console" - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:v3.6", set version "v3.6"' name: IMAGE_VERSION value: "v3.6" diff --git a/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml index 6811ece28..a75340eb7 100644 --- a/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.6/origin/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_NAME}:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_NAME}:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -100,9 +100,12 @@ objects: redirectURIs: - "${COCKPIT_KUBE_URL}" parameters: - - description: "Container image name" - name: IMAGE_NAME - value: "cockpit/kubernetes" + - description: 'Specify "registry/namespace" prefix for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", set prefix "registry.example.com/cockpit/"' + name: IMAGE_PREFIX + value: "cockpit/" + - description: 'Specify component name for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", use base name "kubernetes"' + name: IMAGE_BASENAME + value: "kubernetes" - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' name: IMAGE_VERSION value: latest diff --git a/roles/openshift_hosted_templates/files/v3.7/enterprise/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.7/enterprise/registry-console.yaml index 019d836fe..9f2e6125d 100644 --- a/roles/openshift_hosted_templates/files/v3.7/enterprise/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.7/enterprise/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_PREFIX}registry-console:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -102,7 +102,10 @@ objects: parameters: - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' name: IMAGE_PREFIX - value: "registry.access.redhat.com/openshift3/" + value: "openshift3/" + - description: 'Specify component name for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", use base name "registry-console"' + name: IMAGE_BASENAME + value: "registry-console" - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:v3.7", set version "v3.7"' name: IMAGE_VERSION value: "v3.7" diff --git a/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml index 6811ece28..a75340eb7 100644 --- a/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml +++ b/roles/openshift_hosted_templates/files/v3.7/origin/registry-console.yaml @@ -27,7 +27,7 @@ objects: spec: containers: - name: registry-console - image: ${IMAGE_NAME}:${IMAGE_VERSION} + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} ports: - containerPort: 9090 protocol: TCP @@ -89,7 +89,7 @@ objects: - annotations: null from: kind: DockerImage - name: ${IMAGE_NAME}:${IMAGE_VERSION} + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} name: ${IMAGE_VERSION} - kind: OAuthClient apiVersion: v1 @@ -100,9 +100,12 @@ objects: redirectURIs: - "${COCKPIT_KUBE_URL}" parameters: - - description: "Container image name" - name: IMAGE_NAME - value: "cockpit/kubernetes" + - description: 'Specify "registry/namespace" prefix for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", set prefix "registry.example.com/cockpit/"' + name: IMAGE_PREFIX + value: "cockpit/" + - description: 'Specify component name for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", use base name "kubernetes"' + name: IMAGE_BASENAME + value: "kubernetes" - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' name: IMAGE_VERSION value: latest diff --git a/roles/openshift_hosted_templates/files/v3.8/enterprise/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.8/enterprise/registry-console.yaml new file mode 100644 index 000000000..f04ce06d3 --- /dev/null +++ b/roles/openshift_hosted_templates/files/v3.8/enterprise/registry-console.yaml @@ -0,0 +1,127 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: 'Specify "registry/repository" prefix for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", set prefix "registry.access.redhat.com/openshift3/"' + name: IMAGE_PREFIX + value: "openshift3/" + - description: 'Specify component name for container image; e.g. for "registry.access.redhat.com/openshift3/registry-console:latest", use base name "registry-console"' + name: IMAGE_BASENAME + value: "registry-console" + - description: 'Specify image version; e.g. for "registry.access.redhat.com/openshift3/registry-console:v3.8", set version "v3.8"' + name: IMAGE_VERSION + value: "v3.8" + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_hosted_templates/files/v3.8/origin/registry-console.yaml b/roles/openshift_hosted_templates/files/v3.8/origin/registry-console.yaml new file mode 100644 index 000000000..a75340eb7 --- /dev/null +++ b/roles/openshift_hosted_templates/files/v3.8/origin/registry-console.yaml @@ -0,0 +1,127 @@ +kind: Template +apiVersion: v1 +metadata: + name: "registry-console" + annotations: + description: "Template for deploying registry web console. Requires cluster-admin." + tags: infrastructure +labels: + createdBy: "registry-console-template" +objects: + - kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "registry-console" + template: + metadata: + labels: + name: "registry-console" + spec: + containers: + - name: registry-console + image: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} + ports: + - containerPort: 9090 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ping + port: 9090 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: OPENSHIFT_OAUTH_PROVIDER_URL + value: "${OPENSHIFT_OAUTH_PROVIDER_URL}" + - name: OPENSHIFT_OAUTH_CLIENT_ID + value: "${OPENSHIFT_OAUTH_CLIENT_ID}" + - name: KUBERNETES_INSECURE + value: "false" + - name: COCKPIT_KUBE_INSECURE + value: "false" + - name: REGISTRY_ONLY + value: "true" + - name: REGISTRY_HOST + value: "${REGISTRY_HOST}" + - kind: Service + apiVersion: v1 + metadata: + name: "registry-console" + labels: + name: "registry-console" + spec: + type: ClusterIP + ports: + - name: registry-console + protocol: TCP + port: 9000 + targetPort: 9090 + selector: + name: "registry-console" + - kind: ImageStream + apiVersion: v1 + metadata: + name: registry-console + annotations: + description: Atomic Registry console + spec: + tags: + - annotations: null + from: + kind: DockerImage + name: ${IMAGE_PREFIX}${IMAGE_BASENAME}:${IMAGE_VERSION} + name: ${IMAGE_VERSION} + - kind: OAuthClient + apiVersion: v1 + metadata: + name: "${OPENSHIFT_OAUTH_CLIENT_ID}" + respondWithChallenges: false + secret: "${OPENSHIFT_OAUTH_CLIENT_SECRET}" + redirectURIs: + - "${COCKPIT_KUBE_URL}" +parameters: + - description: 'Specify "registry/namespace" prefix for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", set prefix "registry.example.com/cockpit/"' + name: IMAGE_PREFIX + value: "cockpit/" + - description: 'Specify component name for container image; e.g. for "registry.example.com/cockpit/kubernetes:latest", use base name "kubernetes"' + name: IMAGE_BASENAME + value: "kubernetes" + - description: 'Specify image version; e.g. for "cockpit/kubernetes:latest", set version "latest"' + name: IMAGE_VERSION + value: latest + - description: "The public URL for the Openshift OAuth Provider, e.g. https://openshift.example.com:8443" + name: OPENSHIFT_OAUTH_PROVIDER_URL + required: true + - description: "The registry console URL. This should be created beforehand using 'oc create route passthrough --service registry-console --port registry-console -n default', e.g. https://registry-console-default.example.com" + name: COCKPIT_KUBE_URL + required: true + - description: "Oauth client secret" + name: OPENSHIFT_OAUTH_CLIENT_SECRET + from: "user[a-zA-Z0-9]{64}" + generate: expression + - description: "Oauth client id" + name: OPENSHIFT_OAUTH_CLIENT_ID + value: "cockpit-oauth-client" + - description: "The integrated registry hostname exposed via route, e.g. registry.example.com" + name: REGISTRY_HOST + required: true diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 829c78728..27cfc17d6 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -44,23 +44,23 @@ When `openshift_logging_install_logging` is set to `False` the `openshift_loggin - `openshift_logging_curator_run_timezone`: The timezone that Curator uses for figuring out its run time. Defaults to 'UTC'. - `openshift_logging_curator_script_log_level`: The script log level for Curator. Defaults to 'INFO'. - `openshift_logging_curator_log_level`: The log level for the Curator process. Defaults to 'ERROR'. -- `openshift_logging_curator_cpu_limit`: The amount of CPU to allocate to Curator. Default is '100m'. +- `openshift_logging_curator_cpu_request`: The minimum amount of CPU to allocate to Curator. Default is '100m'. - `openshift_logging_curator_memory_limit`: The amount of memory to allocate to Curator. Unset if not specified. - `openshift_logging_curator_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the curator pod will land. - `openshift_logging_image_pull_secret`: The name of an existing pull secret to link to the logging service accounts - `openshift_logging_kibana_hostname`: The Kibana hostname. Defaults to 'kibana.example.com'. -- `openshift_logging_kibana_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified. +- `openshift_logging_kibana_cpu_request`: The minimum amount of CPU to allocate to Kibana or unset if not specified. - `openshift_logging_kibana_memory_limit`: The amount of memory to allocate to Kibana or unset if not specified. - `openshift_logging_kibana_proxy_debug`: When "True", set the Kibana Proxy log level to DEBUG. Defaults to 'false'. -- `openshift_logging_kibana_proxy_cpu_limit`: The amount of CPU to allocate to Kibana proxy or unset if not specified. +- `openshift_logging_kibana_proxy_cpu_request`: The minimum amount of CPU to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_replica_count`: The number of replicas Kibana should be scaled up to. Defaults to 1. - `openshift_logging_kibana_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land. - `openshift_logging_kibana_edge_term_policy`: Insecure Edge Termination Policy. Defaults to Redirect. - `openshift_logging_fluentd_nodeselector`: The node selector that the Fluentd daemonset uses to determine where to deploy to. Defaults to '"logging-infra-fluentd": "true"'. -- `openshift_logging_fluentd_cpu_limit`: The CPU limit for Fluentd pods. Defaults to '100m'. +- `openshift_logging_fluentd_cpu_request`: The minimum amount of CPU to allocate for Fluentd collector pods. Defaults to '100m'. - `openshift_logging_fluentd_memory_limit`: The memory limit for Fluentd pods. Defaults to '512Mi'. - `openshift_logging_fluentd_use_journal`: *DEPRECATED - DO NOT USE* Fluentd will automatically detect whether or not Docker is using the journald log driver. - `openshift_logging_fluentd_journal_read_from_head`: If empty, Fluentd will use its internal default, which is false. @@ -69,6 +69,9 @@ When `openshift_logging_install_logging` is set to `False` the `openshift_loggin - `openshift_logging_fluentd_buffer_size_limit`: Buffer chunk limit for Fluentd. Defaults to 1m. - `openshift_logging_fluentd_file_buffer_limit`: Fluentd will set the value to the file buffer limit. Defaults to '1Gi' per destination. +- `openshift_logging_fluentd_audit_container_engine`: When `openshift_logging_fluentd_audit_container_engine` is set to `True`, the audit log of the container engine will be collected and stored in ES. +- `openshift_logging_fluentd_audit_file`: Location of audit log file. The default is `/var/log/audit/audit.log` +- `openshift_logging_fluentd_audit_pos_file`: Location of fluentd in_tail position file for the audit log file. The default is `/var/log/audit/audit.log.pos` - `openshift_logging_es_host`: The name of the ES service Fluentd should send logs to. Defaults to 'logging-es'. - `openshift_logging_es_port`: The port for the ES service Fluentd should sent its logs to. Defaults to '9200'. @@ -77,10 +80,11 @@ When `openshift_logging_install_logging` is set to `False` the `openshift_loggin - `openshift_logging_es_client_key`: The location of the client key Fluentd uses for openshift_logging_es_host. Defaults to '/etc/fluent/keys/key'. - `openshift_logging_es_cluster_size`: The number of ES cluster members. Defaults to '1'. -- `openshift_logging_es_cpu_limit`: The amount of CPU limit for the ES cluster. Unused if not set +- `openshift_logging_es_cpu_request`: The minimum amount of CPU to allocate for an ES pod cluster member. Defaults to 1 CPU. - `openshift_logging_es_memory_limit`: The amount of RAM that should be assigned to ES. Defaults to '8Gi'. - `openshift_logging_es_log_appenders`: The list of rootLogger appenders for ES logs which can be: 'file', 'console'. Defaults to 'file'. - `openshift_logging_es_pv_selector`: A key/value map added to a PVC in order to select specific PVs. Defaults to 'None'. +- `openshift_logging_es_pvc_storage_class_name`: The name of the storage class to use for a static PVC. Defaults to ''. - `openshift_logging_es_pvc_dynamic`: Whether or not to add the dynamic PVC annotation for any generated PVCs. Defaults to 'False'. - `openshift_logging_es_pvc_size`: The requested size for the ES PVCs, when not provided the role will not generate any PVCs. Defaults to '""'. - `openshift_logging_es_pvc_prefix`: The prefix for the generated PVCs. Defaults to 'logging-es'. @@ -104,7 +108,7 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta - `openshift_logging_es_ops_client_cert`: /etc/fluent/keys/cert - `openshift_logging_es_ops_client_key`: /etc/fluent/keys/key - `openshift_logging_es_ops_cluster_size`: 1 -- `openshift_logging_es_ops_cpu_limit`: The amount of CPU limit for the ES cluster. Unused if not set +- `openshift_logging_es_ops_cpu_request`: The minimum amount of CPU to allocate for an ES ops pod cluster member. Defaults to 1 CPU. - `openshift_logging_es_ops_memory_limit`: 8Gi - `openshift_logging_es_ops_pvc_dynamic`: False - `openshift_logging_es_ops_pvc_size`: "" @@ -112,9 +116,9 @@ same as above for their non-ops counterparts, but apply to the OPS cluster insta - `openshift_logging_es_ops_recover_after_time`: 5m - `openshift_logging_es_ops_storage_group`: 65534 - `openshift_logging_kibana_ops_hostname`: The Operations Kibana hostname. Defaults to 'kibana-ops.example.com'. -- `openshift_logging_kibana_ops_cpu_limit`: The amount of CPU to allocate to Kibana or unset if not specified. +- `openshift_logging_kibana_ops_cpu_request`: The minimum amount of CPU to allocate to Kibana or unset if not specified. - `openshift_logging_kibana_ops_memory_limit`: The amount of memory to allocate to Kibana or unset if not specified. -- `openshift_logging_kibana_ops_proxy_cpu_limit`: The amount of CPU to allocate to Kibana proxy or unset if not specified. +- `openshift_logging_kibana_ops_proxy_cpu_request`: The minimum amount of CPU to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_ops_proxy_memory_limit`: The amount of memory to allocate to Kibana proxy or unset if not specified. - `openshift_logging_kibana_ops_replica_count`: The number of replicas Kibana ops should be scaled up to. Defaults to 1. @@ -173,7 +177,7 @@ Elasticsearch OPS too, if using an OPS cluster: clients will use to connect to mux, and will be used in the TLS server cert subject. - `openshift_logging_mux_port`: 24284 -- `openshift_logging_mux_cpu_limit`: 100m +- `openshift_logging_mux_cpu_request`: 100m - `openshift_logging_mux_memory_limit`: 512Mi - `openshift_logging_mux_default_namespaces`: Default `["mux-undefined"]` - the first value in the list is the namespace to use for undefined projects, @@ -222,3 +226,80 @@ The corresponding openshift\_logging\_mux\_* parameters are below. - `openshift_logging_mux_remote_syslog_tag_key`: If string specified, use this field from the record to set the key field on the syslog message - `openshift_logging_mux_remote_syslog_use_record`: Set `true` to use the severity and facility from the record, defaults to `false` - `openshift_logging_mux_remote_syslog_payload_key`: If string is specified, use this field from the record as the payload on the syslog message + +Image update procedure +---------------------- +An upgrade of the logging stack from older version to newer is an automated process and should be performed by calling appropriate ansible playbook and setting required ansible variables in your inventory as documented in https://docs.openshift.org/. + +Following text describes manual update of the logging images without version upgrade. To determine the current version of images being used you can. +``` +oc describe pod | grep 'Image ID:' +``` +This will get the repo digest that can later be compared to the inspected image details. + +A way to determine when was your image last updated: +``` +$ docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +<registry>/openshift3/logging-fluentd v3.7 ff2e249fc45a About an hour ago 235.2 MB + +$ docker inspect ff2e249fc45a +[ + { + . . . + "RepoDigests": [ + "<registry>/openshift3/logging-fluentd@sha256:4346f0aa9694f32735115705ad324803b1a6ff08343c3288f7a62c3a5cb70495" + ], + . . . + "Config": { + . . . + "Labels": { + . . . + "build-date": "2017-10-12T14:38:22.414827", + . . . + "release": "0.143.3.0", + . . . + "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/openshift3/logging-fluentd/images/v3.7.0-0.143.3.0", + . . . + "version": "v3.7.0" + } + }, + . . . +``` + +Pull a new image to see if registry has any newer images with the same tag: +``` +$ docker pull <registry>/openshift3/logging-fluentd:v3.7 +``` + +If there was an update, you need to run the `docker pull` on each node. + +It is recommended that you now rerun the `openshift_logging` playbook to ensure that any necessary config changes are also picked up. + +To manually redeploy your pod you can do the following: +- for a DC you can do: +``` +oc rollout latest <dc_name> +``` + +- for a RC you can scale down and scale back up +``` +oc scale --replicas=0 <rc_name> + +... wait for scale down + +oc scale --replicas=<original_replica_count> <rc_name> +``` + +- for a DS you can delete the pod or unlabel and relabel your node +``` +oc delete pod --selector=<ds_selector> +``` + +Changelog +--------- +Tue Oct 26, 2017 +- Make CPU request equal limit if limit is greater then request + +Tue Oct 10, 2017 +- Default imagePullPolicy changed from Always to IfNotPresent diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 0f1f659c6..497c6e0c5 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -18,20 +18,24 @@ openshift_logging_curator_run_minute: 0 openshift_logging_curator_run_timezone: UTC openshift_logging_curator_script_log_level: INFO openshift_logging_curator_log_level: ERROR -openshift_logging_curator_cpu_limit: 100m -openshift_logging_curator_memory_limit: null +openshift_logging_curator_cpu_limit: null +openshift_logging_curator_memory_limit: 256Mi +openshift_logging_curator_cpu_request: 100m openshift_logging_curator_nodeselector: {} -openshift_logging_curator_ops_cpu_limit: 100m -openshift_logging_curator_ops_memory_limit: null +openshift_logging_curator_ops_cpu_limit: null +openshift_logging_curator_ops_memory_limit: 256Mi +openshift_logging_curator_ops_cpu_request: 100m openshift_logging_curator_ops_nodeselector: {} openshift_logging_kibana_hostname: "{{ 'kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" openshift_logging_kibana_cpu_limit: null openshift_logging_kibana_memory_limit: 736Mi +openshift_logging_kibana_cpu_request: 100m openshift_logging_kibana_proxy_debug: false openshift_logging_kibana_proxy_cpu_limit: null openshift_logging_kibana_proxy_memory_limit: 256Mi +openshift_logging_kibana_proxy_cpu_request: 100m openshift_logging_kibana_replica_count: 1 openshift_logging_kibana_edge_term_policy: Redirect @@ -53,9 +57,11 @@ openshift_logging_kibana_ca: "" openshift_logging_kibana_ops_hostname: "{{ 'kibana-ops.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" openshift_logging_kibana_ops_cpu_limit: null openshift_logging_kibana_ops_memory_limit: 736Mi +openshift_logging_kibana_ops_cpu_request: 100m openshift_logging_kibana_ops_proxy_debug: false openshift_logging_kibana_ops_proxy_cpu_limit: null openshift_logging_kibana_ops_proxy_memory_limit: 256Mi +openshift_logging_kibana_ops_proxy_cpu_request: 100m openshift_logging_kibana_ops_replica_count: 1 #The absolute path on the control node to the cert file to use @@ -71,13 +77,14 @@ openshift_logging_kibana_ops_key: "" openshift_logging_kibana_ops_ca: "" openshift_logging_fluentd_nodeselector: {'logging-infra-fluentd': 'true'} -openshift_logging_fluentd_cpu_limit: 100m +openshift_logging_fluentd_cpu_limit: null openshift_logging_fluentd_memory_limit: 512Mi +openshift_logging_fluentd_cpu_request: 100m openshift_logging_fluentd_journal_source: "" openshift_logging_fluentd_journal_read_from_head: "" openshift_logging_fluentd_hosts: ['--all'] -openshift_logging_fluentd_buffer_queue_limit: 1024 -openshift_logging_fluentd_buffer_size_limit: 1m +openshift_logging_fluentd_buffer_queue_limit: 32 +openshift_logging_fluentd_buffer_size_limit: 8m openshift_logging_es_host: logging-es openshift_logging_es_port: 9200 @@ -85,21 +92,20 @@ openshift_logging_es_ca: /etc/fluent/keys/ca openshift_logging_es_client_cert: /etc/fluent/keys/cert openshift_logging_es_client_key: /etc/fluent/keys/key openshift_logging_es_cluster_size: 1 -openshift_logging_es_cpu_limit: 1000m +openshift_logging_es_cpu_limit: null +openshift_logging_es_cpu_request: "1" # the logging appenders for the root loggers to write ES logs. Valid values: 'file', 'console' openshift_logging_es_log_appenders: ['file'] openshift_logging_es_memory_limit: "8Gi" openshift_logging_es_pv_selector: "{{ openshift_logging_storage_labels | default('') }}" openshift_logging_es_pvc_dynamic: "{{ openshift_logging_elasticsearch_pvc_dynamic | default(False) }}" -openshift_logging_es_pvc_size: "{{ openshift_logging_elasticsearch_pvc_size | default('') }}" +openshift_logging_es_pvc_size: '' openshift_logging_es_pvc_prefix: "{{ openshift_logging_elasticsearch_pvc_prefix | default('logging-es') }}" openshift_logging_es_recover_after_time: 5m -openshift_logging_es_storage_group: "{{ openshift_logging_elasticsearch_storage_group | default('65534') }}" +openshift_logging_es_storage_group: "65534" openshift_logging_es_nodeselector: {} # openshift_logging_es_config is a hash to be merged into the defaults for the elasticsearch.yaml openshift_logging_es_config: {} -openshift_logging_es_number_of_shards: 1 -openshift_logging_es_number_of_replicas: 0 # for exposing es to external (outside of the cluster) clients openshift_logging_es_allow_external: False @@ -126,14 +132,15 @@ openshift_logging_es_ops_ca: /etc/fluent/keys/ca openshift_logging_es_ops_client_cert: /etc/fluent/keys/cert openshift_logging_es_ops_client_key: /etc/fluent/keys/key openshift_logging_es_ops_cluster_size: "{{ openshift_logging_elasticsearch_ops_cluster_size | default(1) }}" -openshift_logging_es_ops_cpu_limit: 1000m -openshift_logging_es_ops_memory_limit: "8Gi" +openshift_logging_es_ops_cpu_limit: null +openshift_logging_es_ops_memory_limit: 8Gi +openshift_logging_es_ops_cpu_request: "1" openshift_logging_es_ops_pv_selector: "{{ openshift_loggingops_storage_labels | default('') }}" openshift_logging_es_ops_pvc_dynamic: "{{ openshift_logging_elasticsearch_ops_pvc_dynamic | default(False) }}" openshift_logging_es_ops_pvc_size: "{{ openshift_logging_elasticsearch_ops_pvc_size | default('') }}" openshift_logging_es_ops_pvc_prefix: "{{ openshift_logging_elasticsearch_ops_pvc_prefix | default('logging-es-ops') }}" openshift_logging_es_ops_recover_after_time: 5m -openshift_logging_es_ops_storage_group: "{{ openshift_logging_elasticsearch_storage_group | default('65534') }}" +openshift_logging_es_ops_storage_group: "65534" openshift_logging_es_ops_nodeselector: {} # for exposing es-ops to external (outside of the cluster) clients @@ -160,8 +167,9 @@ openshift_logging_mux_allow_external: False openshift_logging_use_mux: "{{ openshift_logging_mux_allow_external | default(False) }}" openshift_logging_mux_hostname: "{{ 'mux.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" openshift_logging_mux_port: 24284 -openshift_logging_mux_cpu_limit: 500m -openshift_logging_mux_memory_limit: 1Gi +openshift_logging_mux_cpu_limit: null +openshift_logging_mux_memory_limit: 512Mi +openshift_logging_mux_cpu_request: 100m # the namespace to use for undefined projects should come first, followed by any # additional namespaces to create by default - users will typically not need to set this openshift_logging_mux_default_namespaces: ["mux-undefined"] diff --git a/roles/openshift_logging/filter_plugins/openshift_logging.py b/roles/openshift_logging/filter_plugins/openshift_logging.py index eac086e81..e1a5ea726 100644 --- a/roles/openshift_logging/filter_plugins/openshift_logging.py +++ b/roles/openshift_logging/filter_plugins/openshift_logging.py @@ -3,6 +3,7 @@ ''' import random +import re def es_storage(os_logging_facts, dc_name, pvc_claim, root='elasticsearch'): @@ -17,6 +18,47 @@ def es_storage(os_logging_facts, dc_name, pvc_claim, root='elasticsearch'): return dict(kind='emptydir') +def min_cpu(left, right): + '''Return the minimum cpu value of the two values given''' + message = "Unable to evaluate {} cpu value is specified correctly '{}'. Exp whole, decimal or int followed by M" + pattern = re.compile(r"^(\d*\.?\d*)([Mm])?$") + millis_per_core = 1000 + if not right: + return left + m_left = pattern.match(left) + if not m_left: + raise RuntimeError(message.format("left", left)) + m_right = pattern.match(right) + if not m_right: + raise RuntimeError(message.format("right", right)) + left_value = float(m_left.group(1)) + right_value = float(m_right.group(1)) + if m_left.group(2) not in ["M", "m"]: + left_value = left_value * millis_per_core + if m_right.group(2) not in ["M", "m"]: + right_value = right_value * millis_per_core + response = left + if left_value != min(left_value, right_value): + response = right + return response + + +def walk(source, path, default, delimiter='.'): + '''Walk the sourch hash given the path and return the value or default if not found''' + if not isinstance(source, dict): + raise RuntimeError('The source is not a walkable dict: {} path: {}'.format(source, path)) + keys = path.split(delimiter) + max_depth = len(keys) + cur_depth = 0 + while cur_depth < max_depth: + if keys[cur_depth] in source: + source = source[keys[cur_depth]] + cur_depth = cur_depth + 1 + else: + return default + return source + + def random_word(source_alpha, length): ''' Returns a random word given the source of characters to pick from and resulting length ''' return ''.join(random.choice(source_alpha) for i in range(length)) @@ -45,6 +87,21 @@ def map_from_pairs(source, delim="="): return dict(item.split(delim) for item in source.split(",")) +def serviceaccount_name(qualified_sa): + ''' Returns the simple name from a fully qualified name ''' + return qualified_sa.split(":")[-1] + + +def serviceaccount_namespace(qualified_sa, default=None): + ''' Returns the namespace from a fully qualified name ''' + seg = qualified_sa.split(":") + if len(seg) > 1: + return seg[-2] + if default: + return default + return seg[-1] + + # pylint: disable=too-few-public-methods class FilterModule(object): ''' OpenShift Logging Filters ''' @@ -56,5 +113,9 @@ class FilterModule(object): 'random_word': random_word, 'entry_from_named_pair': entry_from_named_pair, 'map_from_pairs': map_from_pairs, - 'es_storage': es_storage + 'min_cpu': min_cpu, + 'es_storage': es_storage, + 'serviceaccount_name': serviceaccount_name, + 'serviceaccount_namespace': serviceaccount_namespace, + 'walk': walk } diff --git a/roles/openshift_logging/filter_plugins/test b/roles/openshift_logging/filter_plugins/test new file mode 100644 index 000000000..bac25c012 --- /dev/null +++ b/roles/openshift_logging/filter_plugins/test @@ -0,0 +1,49 @@ +import unittest +from openshift_logging import walk +from openshift_logging import min_cpu + +class TestFilterMethods(unittest.TestCase): + + + def test_min_cpu_for_none(self): + source = "1000M" + self.assertEquals(min_cpu(source, None), "1000M") + + def test_min_cpu_for_millis(self): + source = "1" + self.assertEquals(min_cpu(source, "0.1"), "0.1") + + + def test_min_cpu_for_whole(self): + source = "120M" + self.assertEquals(min_cpu(source, "2"), "120M") + + + def test_walk_find_key(self): + source = {'foo': {'bar.xyz': 'myvalue'}} + self.assertEquals(walk(source,'foo#bar.xyz', 123, delimiter='#'), 'myvalue') + + + def test_walk_return_default(self): + source = {'foo': {'bar.xyz': 'myvalue'}} + self.assertEquals(walk(source,'foo#bar.abc', 123, delimiter='#'), 123) + + + def test_walk_limit_max_depth(self): + source = {'foo': {'bar.xyz': 'myvalue'}} + self.assertEquals(walk(source,'foo#bar.abc#dontfindme', 123, delimiter='#'), 123) + + def test_complex_hash(self): + source = { + 'elasticsearch': { + 'configmaps': { + 'logging-elasticsearch': { + 'elasticsearch.yml': "a string value" + } + } + } + } + self.assertEquals(walk(source,'elasticsearch#configmaps#logging-elasticsearch#elasticsearch.yml', 123, delimiter='#'), "a string value") + +if __name__ == '__main__': + unittest.main() diff --git a/roles/openshift_logging/handlers/main.yml b/roles/openshift_logging/handlers/main.yml index ce7688581..074b72942 100644 --- a/roles/openshift_logging/handlers/main.yml +++ b/roles/openshift_logging/handlers/main.yml @@ -4,8 +4,13 @@ when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server @@ -13,11 +18,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: diff --git a/roles/openshift_logging/library/openshift_logging_facts.py b/roles/openshift_logging/library/openshift_logging_facts.py index 35accfb78..98d0d1c4f 100644 --- a/roles/openshift_logging/library/openshift_logging_facts.py +++ b/roles/openshift_logging/library/openshift_logging_facts.py @@ -171,22 +171,25 @@ class OpenshiftLoggingFacts(OCBaseCommand): if comp is not None: spec = dc_item["spec"]["template"]["spec"] facts = dict( + name=name, selector=dc_item["spec"]["selector"], replicas=dc_item["spec"]["replicas"], serviceAccount=spec["serviceAccount"], containers=dict(), volumes=dict() ) + if "nodeSelector" in spec: + facts["nodeSelector"] = spec["nodeSelector"] + if "supplementalGroups" in spec["securityContext"]: + facts["storageGroups"] = spec["securityContext"]["supplementalGroups"] + facts["spec"] = spec if "volumes" in spec: for vol in spec["volumes"]: clone = copy.deepcopy(vol) clone.pop("name", None) facts["volumes"][vol["name"]] = clone for container in spec["containers"]: - facts["containers"][container["name"]] = dict( - image=container["image"], - resources=container["resources"], - ) + facts["containers"][container["name"]] = container self.add_facts_for(comp, "deploymentconfigs", name, facts) def facts_for_services(self, namespace): @@ -204,7 +207,7 @@ class OpenshiftLoggingFacts(OCBaseCommand): def facts_for_configmaps(self, namespace): ''' Gathers facts for configmaps in logging namespace ''' self.default_keys_for("configmaps") - a_list = self.oc_command("get", "configmaps", namespace=namespace, add_options=["-l", LOGGING_SELECTOR]) + a_list = self.oc_command("get", "configmaps", namespace=namespace) if len(a_list["items"]) == 0: return for item in a_list["items"]: diff --git a/roles/openshift_logging/tasks/delete_logging.yaml b/roles/openshift_logging/tasks/delete_logging.yaml index 3040d15ca..ffed956a4 100644 --- a/roles/openshift_logging/tasks/delete_logging.yaml +++ b/roles/openshift_logging/tasks/delete_logging.yaml @@ -92,6 +92,7 @@ with_items: - rolebinding-reader - daemonset-admin + - prometheus-metrics-viewer # delete our configmaps - name: delete configmaps diff --git a/roles/openshift_logging/tasks/generate_certs.yaml b/roles/openshift_logging/tasks/generate_certs.yaml index 9c8f0986a..f526fd734 100644 --- a/roles/openshift_logging/tasks/generate_certs.yaml +++ b/roles/openshift_logging/tasks/generate_certs.yaml @@ -139,10 +139,10 @@ # TODO: make idempotent - name: Generate proxy session - set_fact: session_secret={{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(200)}} + set_fact: session_secret={{ 200 | oo_random_word}} check_mode: no # TODO: make idempotent - name: Generate oauth client secret - set_fact: oauth_secret={{'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'|random_word(64)}} + set_fact: oauth_secret={{ 64 | oo_random_word}} check_mode: no diff --git a/roles/openshift_logging/tasks/install_logging.yaml b/roles/openshift_logging/tasks/install_logging.yaml index 2695ef030..2fefdc894 100644 --- a/roles/openshift_logging/tasks/install_logging.yaml +++ b/roles/openshift_logging/tasks/install_logging.yaml @@ -36,6 +36,14 @@ - openshift_logging_label_key != "" - openshift_logging_label_value is defined +- name: Annotate Logging Project to allow overcommit + oc_edit: + kind: ns + name: "{{ openshift_logging_namespace }}" + separator: '#' + content: + metadata#annotations#quota.openshift.io/cluster-resource-override-enabled: "false" + - name: Create logging cert directory file: path: "{{ openshift.common.config_base }}/logging" @@ -69,19 +77,25 @@ vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}" - openshift_logging_elasticsearch_deployment_name: "{{ item.0 }}" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix ~ '-' ~ item.2 if item.1 is none else item.1 }}" + openshift_logging_elasticsearch_deployment_name: "{{ outer_item.0.name }}" + openshift_logging_elasticsearch_pvc_name: "{{ outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim.claimName if outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim is defined else openshift_logging_es_pvc_prefix ~ '-' ~ outer_item.2 if outer_item.1 is none else outer_item.1 }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_cluster_size | int }}" openshift_logging_elasticsearch_storage_type: "{{ elasticsearch_storage_type }}" - openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" - openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_pvc_dynamic }}" openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" + openshift_logging_elasticsearch_pvc_storage_class_name: "{{ openshift_logging_es_pvc_storage_class_name }}" + openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_nodeselector if outer_item.0.nodeSelector | default(None) is none else outer_item.0.nodeSelector }}" + openshift_logging_elasticsearch_storage_group: "{{ [openshift_logging_es_storage_group] if outer_item.0.storageGroups | default([]) | length == 0 else outer_item.0.storageGroups }}" + _es_containers: "{{ outer_item.0.containers}}" + _es_configmap: "{{ openshift_logging_facts | walk('elasticsearch#configmaps#logging-elasticsearch#elasticsearch.yml', '{}', delimiter='#') | from_yaml }}" with_together: - - "{{ openshift_logging_facts.elasticsearch.deploymentconfigs }}" + - "{{ openshift_logging_facts.elasticsearch.deploymentconfigs.values() }}" - "{{ openshift_logging_facts.elasticsearch.pvcs }}" - "{{ es_indices }}" + loop_control: + loop_var: outer_item when: - openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count > 0 @@ -91,15 +105,17 @@ vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix }}-{{ item | int + openshift_logging_facts.elasticsearch.deploymentconfigs | count - 1 }}" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_pvc_prefix }}-{{ outer_item | int + openshift_logging_facts.elasticsearch.deploymentconfigs | count - 1 }}" + openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_cluster_size | int }}" openshift_logging_elasticsearch_storage_type: "{{ elasticsearch_storage_type }}" - openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_pvc_size }}" - openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_pvc_dynamic }}" openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_pv_selector }}" + openshift_logging_elasticsearch_pvc_storage_class_name: "{{ openshift_logging_es_pvc_storage_class_name }}" with_sequence: count={{ openshift_logging_es_cluster_size | int - openshift_logging_facts.elasticsearch.deploymentconfigs.keys() | count }} + loop_control: + loop_var: outer_item - set_fact: es_ops_indices={{ es_ops_indices | default([]) + [item | int - 1] }} with_sequence: count={{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count }} @@ -123,8 +139,8 @@ vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}" - openshift_logging_elasticsearch_deployment_name: "{{ item.0 }}" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix ~ '-' ~ item.2 if item.1 is none else item.1 }}" + openshift_logging_elasticsearch_deployment_name: "{{ outer_item.0.name }}" + openshift_logging_elasticsearch_pvc_name: "{{ outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim.claimName if outer_item.0.volumes['elasticsearch-storage'].persistentVolumeClaim is defined else openshift_logging_es_ops_pvc_prefix ~ '-' ~ outer_item.2 if outer_item.1 is none else outer_item.1 }}" openshift_logging_elasticsearch_ops_deployment: true openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}" @@ -132,20 +148,30 @@ openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic }}" openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" + openshift_logging_elasticsearch_pvc_storage_class_name: "{{ openshift_logging_es_ops_pvc_storage_class_name }}" openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_ops_memory_limit }}" openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_ops_cpu_limit }}" - openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_ops_nodeselector }}" + openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_ops_cpu_request }}" + openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_ops_nodeselector if outer_item.0.nodeSelector | default(None) is none else outer_item.0.nodeSelector }}" + openshift_logging_elasticsearch_storage_group: "{{ [openshift_logging_es_ops_storage_group] if outer_item.0.storageGroups | default([]) | length == 0 else outer_item.0.storageGroups }}" openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}" openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}" openshift_logging_es_ca_ext: "{{ openshift_logging_es_ops_ca_ext }}" openshift_logging_es_hostname: "{{ openshift_logging_es_ops_hostname }}" openshift_logging_es_edge_term_policy: "{{ openshift_logging_es_ops_edge_term_policy | default('') }}" openshift_logging_es_allow_external: "{{ openshift_logging_es_ops_allow_external }}" + openshift_logging_es_number_of_shards: "{{ openshift_logging_es_ops_number_of_shards | default(None) }}" + openshift_logging_es_number_of_replicas: "{{ openshift_logging_es_ops_number_of_replicas | default(None) }}" + _es_containers: "{{ outer_item.0.containers}}" + _es_configmap: "{{ openshift_logging_facts | walk('elasticsearch_ops#configmaps#logging-elasticsearch-ops#elasticsearch.yml', '{}', delimiter='#') | from_yaml }}" with_together: - - "{{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs }}" + - "{{ openshift_logging_facts.elasticsearch_ops.deploymentconfigs.values() }}" - "{{ openshift_logging_facts.elasticsearch_ops.pvcs }}" - "{{ es_ops_indices }}" + loop_control: + loop_var: outer_item + when: - openshift_logging_use_ops | bool - openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count > 0 @@ -156,7 +182,7 @@ vars: generated_certs_dir: "{{openshift.common.config_base}}/logging" openshift_logging_elasticsearch_namespace: "{{ openshift_logging_namespace }}" - openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix }}-{{ item | int + openshift_logging_facts.elasticsearch_ops.deploymentconfigs | count - 1 }}" + openshift_logging_elasticsearch_pvc_name: "{{ openshift_logging_es_ops_pvc_prefix }}-{{ outer_item | int + openshift_logging_facts.elasticsearch_ops.deploymentconfigs | count - 1 }}" openshift_logging_elasticsearch_ops_deployment: true openshift_logging_elasticsearch_replica_count: "{{ openshift_logging_es_ops_cluster_size | int }}" @@ -164,8 +190,10 @@ openshift_logging_elasticsearch_pvc_size: "{{ openshift_logging_es_ops_pvc_size }}" openshift_logging_elasticsearch_pvc_dynamic: "{{ openshift_logging_es_ops_pvc_dynamic }}" openshift_logging_elasticsearch_pvc_pv_selector: "{{ openshift_logging_es_ops_pv_selector }}" + openshift_logging_elasticsearch_pvc_storage_class_name: "{{ openshift_logging_es_ops_pvc_storage_class_name }}" openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_ops_memory_limit }}" openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_ops_cpu_limit }}" + openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_ops_cpu_request }}" openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_ops_nodeselector }}" openshift_logging_es_key: "{{ openshift_logging_es_ops_key }}" openshift_logging_es_cert: "{{ openshift_logging_es_ops_cert }}" @@ -175,6 +203,8 @@ openshift_logging_es_allow_external: "{{ openshift_logging_es_ops_allow_external }}" with_sequence: count={{ openshift_logging_es_ops_cluster_size | int - openshift_logging_facts.elasticsearch_ops.deploymentconfigs.keys() | count }} + loop_control: + loop_var: outer_item when: - openshift_logging_use_ops | bool @@ -206,11 +236,13 @@ openshift_logging_kibana_es_port: "{{ openshift_logging_es_ops_port }}" openshift_logging_kibana_nodeselector: "{{ openshift_logging_kibana_ops_nodeselector }}" openshift_logging_kibana_cpu_limit: "{{ openshift_logging_kibana_ops_cpu_limit }}" + openshift_logging_kibana_cpu_request: "{{ openshift_logging_kibana_ops_cpu_request }}" openshift_logging_kibana_memory_limit: "{{ openshift_logging_kibana_ops_memory_limit }}" openshift_logging_kibana_hostname: "{{ openshift_logging_kibana_ops_hostname }}" openshift_logging_kibana_replicas: "{{ openshift_logging_kibana_ops_replica_count }}" openshift_logging_kibana_proxy_debug: "{{ openshift_logging_kibana_ops_proxy_debug }}" openshift_logging_kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_ops_proxy_cpu_limit }}" + openshift_logging_kibana_proxy_cpu_request: "{{ openshift_logging_kibana_ops_proxy_cpu_request }}" openshift_logging_kibana_proxy_memory_limit: "{{ openshift_logging_kibana_ops_proxy_memory_limit }}" openshift_logging_kibana_cert: "{{ openshift_logging_kibana_ops_cert }}" openshift_logging_kibana_key: "{{ openshift_logging_kibana_ops_key }}" @@ -242,6 +274,7 @@ openshift_logging_curator_master_url: "{{ openshift_logging_master_url }}" openshift_logging_curator_image_pull_secret: "{{ openshift_logging_image_pull_secret }}" openshift_logging_curator_cpu_limit: "{{ openshift_logging_curator_ops_cpu_limit }}" + openshift_logging_curator_cpu_request: "{{ openshift_logging_curator_ops_cpu_request }}" openshift_logging_curator_memory_limit: "{{ openshift_logging_curator_ops_memory_limit }}" openshift_logging_curator_nodeselector: "{{ openshift_logging_curator_ops_nodeselector }}" when: diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml index 15f6a23e6..7f8e88036 100644 --- a/roles/openshift_logging/tasks/main.yaml +++ b/roles/openshift_logging/tasks/main.yaml @@ -3,17 +3,6 @@ msg: Only one Fluentd nodeselector key pair should be provided when: openshift_logging_fluentd_nodeselector.keys() | count > 1 -- name: Set default image variables based on deployment_type - include_vars: "{{ item }}" - with_first_found: - - "{{ openshift_deployment_type | default(deployment_type) }}.yml" - - "default_images.yml" - -- name: Set logging image facts - set_fact: - openshift_logging_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" - openshift_logging_image_version: "{{ openshift_logging_image_version | default(__openshift_logging_image_version) }}" - - name: Create temp directory for doing work in command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX register: mktemp diff --git a/roles/openshift_logging/templates/jks_pod.j2 b/roles/openshift_logging/templates/jks_pod.j2 index 8b1c74211..e4110b7b3 100644 --- a/roles/openshift_logging/templates/jks_pod.j2 +++ b/roles/openshift_logging/templates/jks_pod.j2 @@ -8,7 +8,7 @@ spec: containers: - name: jks-cert-gen image: {{openshift_logging_image_prefix}}logging-deployer:{{openshift_logging_image_version}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent command: ["sh", "{{generated_certs_dir}}/generate-jks.sh"] securityContext: privileged: true diff --git a/roles/openshift_logging/vars/default_images.yml b/roles/openshift_logging/vars/default_images.yml deleted file mode 100644 index 1a77808f6..000000000 --- a/roles/openshift_logging/vars/default_images.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -__openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}" -__openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}" diff --git a/roles/openshift_logging/vars/openshift-enterprise.yml b/roles/openshift_logging/vars/openshift-enterprise.yml deleted file mode 100644 index 49e8a18af..000000000 --- a/roles/openshift_logging/vars/openshift-enterprise.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -__openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('registry.access.redhat.com/openshift3/') }}" -__openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default ('v3.6') }}" diff --git a/roles/openshift_logging_curator/defaults/main.yml b/roles/openshift_logging_curator/defaults/main.yml index 17807b644..a0d221c32 100644 --- a/roles/openshift_logging_curator/defaults/main.yml +++ b/roles/openshift_logging_curator/defaults/main.yml @@ -1,7 +1,5 @@ --- ### General logging settings -openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_curator_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_curator_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_curator_master_url: "https://kubernetes.default.svc.cluster.local" @@ -9,8 +7,9 @@ openshift_logging_curator_namespace: logging ### Common settings openshift_logging_curator_nodeselector: "" -openshift_logging_curator_cpu_limit: 100m -openshift_logging_curator_memory_limit: null +openshift_logging_curator_cpu_limit: null +openshift_logging_curator_cpu_request: 100m +openshift_logging_curator_memory_limit: 256Mi openshift_logging_curator_es_host: "logging-es" openshift_logging_curator_es_port: 9200 diff --git a/roles/openshift_logging_curator/tasks/determine_version.yaml b/roles/openshift_logging_curator/tasks/determine_version.yaml index 94f8b4a97..2013f4e38 100644 --- a/roles/openshift_logging_curator/tasks/determine_version.yaml +++ b/roles/openshift_logging_curator/tasks/determine_version.yaml @@ -1,16 +1,16 @@ --- # debating making this a module instead? - fail: - msg: Missing version to install provided by 'openshift_logging_image_version' - when: not openshift_logging_image_version or openshift_logging_image_version == '' + msg: Missing version to install provided by 'openshift_logging_curator_image_version' + when: not openshift_logging_curator_image_version or openshift_logging_curator_image_version == '' - set_fact: curator_version: "{{ __latest_curator_version }}" - when: openshift_logging_image_version == 'latest' + when: openshift_logging_curator_image_version == 'latest' # should we just assume that we will have the correct major version? -- set_fact: curator_version="{{ openshift_logging_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" - when: openshift_logging_image_version != 'latest' +- set_fact: curator_version="{{ openshift_logging_curator_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" + when: openshift_logging_curator_image_version != 'latest' - fail: msg: Invalid version specified for Curator diff --git a/roles/openshift_logging_curator/tasks/main.yaml b/roles/openshift_logging_curator/tasks/main.yaml index 6e8fab2b5..7ddf57450 100644 --- a/roles/openshift_logging_curator/tasks/main.yaml +++ b/roles/openshift_logging_curator/tasks/main.yaml @@ -1,4 +1,17 @@ --- +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set curator image facts + set_fact: + openshift_logging_curator_image_prefix: "{{ openshift_logging_curator_image_prefix | default(__openshift_logging_curator_image_prefix) }}" + openshift_logging_curator_image_version: "{{ openshift_logging_curator_image_version | default(__openshift_logging_curator_image_version) }}" + - include: determine_version.yaml # allow passing in a tempdir @@ -35,7 +48,7 @@ name: "aggregated-logging-curator" namespace: "{{ openshift_logging_namespace }}" when: - - openshift_logging_image_pull_secret == '' + - openshift_logging_image_pull_secret == '' # configmap - copy: @@ -65,12 +78,12 @@ name: "logging-curator" namespace: "{{ openshift_logging_namespace }}" files: - - name: ca - path: "{{ generated_certs_dir }}/ca.crt" - - name: key - path: "{{ generated_certs_dir }}/system.logging.curator.key" - - name: cert - path: "{{ generated_certs_dir }}/system.logging.curator.crt" + - name: ca + path: "{{ generated_certs_dir }}/ca.crt" + - name: key + path: "{{ generated_certs_dir }}/system.logging.curator.key" + - name: cert + path: "{{ generated_certs_dir }}/system.logging.curator.crt" - set_fact: curator_name: "{{ 'logging-curator' ~ ( (openshift_logging_curator_ops_deployment | default(false) | bool) | ternary('-ops', '') ) }}" @@ -90,6 +103,7 @@ es_host: "{{ openshift_logging_curator_es_host }}" es_port: "{{ openshift_logging_curator_es_port }}" curator_cpu_limit: "{{ openshift_logging_curator_cpu_limit }}" + curator_cpu_request: "{{ openshift_logging_curator_cpu_request | min_cpu(openshift_logging_curator_cpu_limit | default(none)) }}" curator_memory_limit: "{{ openshift_logging_curator_memory_limit }}" curator_replicas: "{{ openshift_logging_curator_replicas | default (1) }}" curator_node_selector: "{{openshift_logging_curator_nodeselector | default({})}}" @@ -103,7 +117,7 @@ namespace: "{{ openshift_logging_namespace }}" kind: dc files: - - "{{ tempdir }}/templates/curator-dc.yaml" + - "{{ tempdir }}/templates/curator-dc.yaml" delete_after: true - name: Delete temp directory diff --git a/roles/openshift_logging_curator/templates/curator.j2 b/roles/openshift_logging_curator/templates/curator.j2 index e74918a40..462128366 100644 --- a/roles/openshift_logging_curator/templates/curator.j2 +++ b/roles/openshift_logging_curator/templates/curator.j2 @@ -38,14 +38,27 @@ spec: - name: "curator" image: {{image}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent +{% if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "") or (curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "") %} resources: +{% if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "") %} limits: +{% if curator_cpu_limit is defined and curator_cpu_limit is not none and curator_cpu_limit != "" %} cpu: "{{curator_cpu_limit}}" -{% if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %} +{% endif %} +{% if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %} memory: "{{curator_memory_limit}}" +{% endif %} +{% endif %} +{% if (curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "") or (curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "") %} requests: +{% if curator_cpu_request is defined and curator_cpu_request is not none and curator_cpu_request != "" %} + cpu: "{{curator_cpu_request}}" +{% endif %} +{% if curator_memory_limit is defined and curator_memory_limit is not none and curator_memory_limit != "" %} memory: "{{curator_memory_limit}}" +{% endif %} +{% endif %} {% endif %} env: - diff --git a/roles/openshift_logging_curator/vars/default_images.yml b/roles/openshift_logging_curator/vars/default_images.yml new file mode 100644 index 000000000..208b41afa --- /dev/null +++ b/roles/openshift_logging_curator/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_curator_image_version: "{{ openshift_logging_image_version | default('latest') }}" diff --git a/roles/openshift_logging_curator/vars/openshift-enterprise.yml b/roles/openshift_logging_curator/vars/openshift-enterprise.yml new file mode 100644 index 000000000..79cf131fd --- /dev/null +++ b/roles/openshift_logging_curator/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_curator_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_curator_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_elasticsearch/defaults/main.yml b/roles/openshift_logging_elasticsearch/defaults/main.yml index 75bd479be..0ea913224 100644 --- a/roles/openshift_logging_elasticsearch/defaults/main.yml +++ b/roles/openshift_logging_elasticsearch/defaults/main.yml @@ -1,12 +1,11 @@ --- ### Common settings -openshift_logging_elasticsearch_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_elasticsearch_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_elasticsearch_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_elasticsearch_namespace: logging openshift_logging_elasticsearch_nodeselector: "{{ openshift_logging_es_nodeselector | default('') }}" -openshift_logging_elasticsearch_cpu_limit: 1000m +openshift_logging_elasticsearch_cpu_limit: "{{ openshift_logging_es_cpu_limit | default('') }}" +openshift_logging_elasticsearch_cpu_request: "{{ openshift_logging_es_cpu_request | default('1000m') }}" openshift_logging_elasticsearch_memory_limit: "{{ openshift_logging_es_memory_limit | default('1Gi') }}" openshift_logging_elasticsearch_recover_after_time: "{{ openshift_logging_es_recover_after_time | default('5m') }}" @@ -32,14 +31,19 @@ openshift_logging_elasticsearch_pvc_name: "" openshift_logging_elasticsearch_pvc_size: "" openshift_logging_elasticsearch_pvc_dynamic: false openshift_logging_elasticsearch_pvc_pv_selector: {} +openshift_logging_elasticsearch_pvc_storage_class_name: "" openshift_logging_elasticsearch_pvc_access_modes: ['ReadWriteOnce'] -openshift_logging_elasticsearch_storage_group: '65534' +openshift_logging_elasticsearch_storage_group: ['65534'] openshift_logging_es_pvc_prefix: "{{ openshift_hosted_logging_elasticsearch_pvc_prefix | default('logging-es') }}" # config the es plugin to write kibana index based on the index mode openshift_logging_elasticsearch_kibana_index_mode: 'unique' +openshift_logging_elasticsearch_proxy_cpu_request: "100m" +openshift_logging_elasticsearch_proxy_memory_limit: "64Mi" +openshift_logging_elasticsearch_prometheus_sa: "system:serviceaccount:{{openshift_prometheus_namespace | default('prometheus')}}:prometheus" + # this is used to determine if this is an operations deployment or a non-ops deployment # simply used for naming purposes openshift_logging_elasticsearch_ops_deployment: false diff --git a/roles/openshift_logging_elasticsearch/files/es_migration.sh b/roles/openshift_logging_elasticsearch/files/es_migration.sh deleted file mode 100644 index 339b5a1b2..000000000 --- a/roles/openshift_logging_elasticsearch/files/es_migration.sh +++ /dev/null @@ -1,79 +0,0 @@ -CA=${1:-/etc/openshift/logging/ca.crt} -KEY=${2:-/etc/openshift/logging/system.admin.key} -CERT=${3:-/etc/openshift/logging/system.admin.crt} -openshift_logging_es_host=${4:-logging-es} -openshift_logging_es_port=${5:-9200} -namespace=${6:-logging} - -# for each index in _cat/indices -# skip indices that begin with . - .kibana, .operations, etc. -# skip indices that contain a uuid -# get a list of unique project -# daterx - the date regex that matches the .%Y.%m.%d at the end of the indices -# we are interested in - the awk will strip that part off -function get_list_of_indices() { - curl -s --cacert $CA --key $KEY --cert $CERT https://$openshift_logging_es_host:$openshift_logging_es_port/_cat/indices | \ - awk -v daterx='[.]20[0-9]{2}[.][0-1]?[0-9][.][0-9]{1,2}$' \ - '$3 !~ "^[.]" && $3 !~ "^[^.]+[.][^.]+"daterx && $3 !~ "^project." && $3 ~ daterx {print gensub(daterx, "", "", $3)}' | \ - sort -u -} - -# for each index in _cat/indices -# skip indices that begin with . - .kibana, .operations, etc. -# get a list of unique project.uuid -# daterx - the date regex that matches the .%Y.%m.%d at the end of the indices -# we are interested in - the awk will strip that part off -function get_list_of_proj_uuid_indices() { - curl -s --cacert $CA --key $KEY --cert $CERT https://$openshift_logging_es_host:$openshift_logging_es_port/_cat/indices | \ - awk -v daterx='[.]20[0-9]{2}[.][0-1]?[0-9][.][0-9]{1,2}$' \ - '$3 !~ "^[.]" && $3 ~ "^[^.]+[.][^.]+"daterx && $3 !~ "^project." && $3 ~ daterx {print gensub(daterx, "", "", $3)}' | \ - sort -u -} - -if [[ -z "$(oc get pods -l component=es -o jsonpath='{.items[?(@.status.phase == "Running")].metadata.name}')" ]]; then - echo "No Elasticsearch pods found running. Cannot update common data model." - exit 1 -fi - -count=$(get_list_of_indices | wc -l) -if [ $count -eq 0 ]; then - echo No matching indices found - skipping update_for_uuid -else - echo Creating aliases for $count index patterns . . . - { - echo '{"actions":[' - get_list_of_indices | \ - while IFS=. read proj ; do - # e.g. make test.uuid.* an alias of test.* so we can search for - # /test.uuid.*/_search and get both the test.uuid.* and - # the test.* indices - uid=$(oc get project "$proj" -o jsonpath='{.metadata.uid}' 2>/dev/null) - [ -n "$uid" ] && echo "{\"add\":{\"index\":\"$proj.*\",\"alias\":\"$proj.$uuid.*\"}}" - done - echo ']}' - } | curl -s --cacert $CA --key $KEY --cert $CERT -XPOST -d @- "https://$openshift_logging_es_host:$openshift_logging_es_port/_aliases" -fi - -count=$(get_list_of_proj_uuid_indices | wc -l) -if [ $count -eq 0 ] ; then - echo No matching indexes found - skipping update_for_common_data_model - exit 0 -fi - -echo Creating aliases for $count index patterns . . . -# for each index in _cat/indices -# skip indices that begin with . - .kibana, .operations, etc. -# get a list of unique project.uuid -# daterx - the date regex that matches the .%Y.%m.%d at the end of the indices -# we are interested in - the awk will strip that part off -{ - echo '{"actions":[' - get_list_of_proj_uuid_indices | \ - while IFS=. read proj uuid ; do - # e.g. make project.test.uuid.* and alias of test.uuid.* so we can search for - # /project.test.uuid.*/_search and get both the test.uuid.* and - # the project.test.uuid.* indices - echo "{\"add\":{\"index\":\"$proj.$uuid.*\",\"alias\":\"${PROJ_PREFIX}$proj.$uuid.*\"}}" - done - echo ']}' -} | curl -s --cacert $CA --key $KEY --cert $CERT -XPOST -d @- "https://$openshift_logging_es_host:$openshift_logging_es_port/_aliases" diff --git a/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml b/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml index 1a952b5cf..c53a06019 100644 --- a/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/determine_version.yaml @@ -1,18 +1,16 @@ --- # debating making this a module instead? - fail: - msg: Missing version to install provided by 'openshift_logging_image_version' - when: not openshift_logging_image_version or openshift_logging_image_version == '' + msg: Missing version to install provided by 'openshift_logging_elasticsearch_image_version' + when: not openshift_logging_elasticsearch_image_version or openshift_logging_elasticsearch_image_version == '' - set_fact: es_version: "{{ __latest_es_version }}" - when: openshift_logging_image_version == 'latest' - -- debug: var=openshift_logging_image_version + when: openshift_logging_elasticsearch_image_version == 'latest' # should we just assume that we will have the correct major version? -- set_fact: es_version="{{ openshift_logging_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" - when: openshift_logging_image_version != 'latest' +- set_fact: es_version="{{ openshift_logging_elasticsearch_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" + when: openshift_logging_elasticsearch_image_version != 'latest' - fail: msg: Invalid version specified for Elasticsearch diff --git a/roles/openshift_logging_elasticsearch/tasks/main.yaml b/roles/openshift_logging_elasticsearch/tasks/main.yaml index 1e800b1d6..770892d52 100644 --- a/roles/openshift_logging_elasticsearch/tasks/main.yaml +++ b/roles/openshift_logging_elasticsearch/tasks/main.yaml @@ -15,6 +15,21 @@ elasticsearch_name: "{{ 'logging-elasticsearch' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}" es_component: "{{ 'es' ~ ( (openshift_logging_elasticsearch_ops_deployment | default(false) | bool) | ternary('-ops', '') ) }}" +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set elasticsearch image facts + set_fact: + openshift_logging_elasticsearch_proxy_image_prefix: "{{ openshift_logging_elasticsearch_proxy_image_prefix | default(__openshift_logging_elasticsearch_proxy_image_prefix) }}" + openshift_logging_elasticsearch_proxy_image_version: "{{ openshift_logging_elasticsearch_proxy_image_version | default(__openshift_logging_elasticsearch_proxy_image_version) }}" + openshift_logging_elasticsearch_image_prefix: "{{ openshift_logging_elasticsearch_image_prefix | default(__openshift_logging_elasticsearch_image_prefix) }}" + openshift_logging_elasticsearch_image_version: "{{ openshift_logging_elasticsearch_image_version | default(__openshift_logging_elasticsearch_image_version) }}" + - include: determine_version.yaml # allow passing in a tempdir @@ -37,6 +52,7 @@ # we want to make sure we have all the necessary components here # service account + - name: Create ES service account oc_serviceaccount: state: present @@ -51,7 +67,7 @@ name: "aggregated-logging-elasticsearch" namespace: "{{ openshift_logging_elasticsearch_namespace }}" when: - - openshift_logging_image_pull_secret == '' + - openshift_logging_image_pull_secret == '' # rolebinding reader - copy: @@ -65,7 +81,7 @@ kind: clusterrole namespace: "{{ openshift_logging_elasticsearch_namespace }}" files: - - "{{ tempdir }}/rolebinding-reader.yml" + - "{{ tempdir }}/rolebinding-reader.yml" delete_after: true # SA roles @@ -77,6 +93,38 @@ resource_name: rolebinding-reader user: "system:serviceaccount:{{ openshift_logging_elasticsearch_namespace }}:aggregated-logging-elasticsearch" +- oc_adm_policy_user: + state: present + namespace: "{{ openshift_logging_elasticsearch_namespace }}" + resource_kind: cluster-role + resource_name: system:auth-delegator + user: "system:serviceaccount:{{ openshift_logging_elasticsearch_namespace}}:aggregated-logging-elasticsearch" + +# logging-metrics-reader role +- template: + src: logging-metrics-role.j2 + dest: "{{mktemp.stdout}}/templates/logging-metrics-role.yml" + vars: + namespace: "{{ openshift_logging_elasticsearch_namespace }}" + role_namespace: "{{ openshift_logging_elasticsearch_prometheus_sa | serviceaccount_namespace(openshift_logging_elasticsearch_namespace) }}" + role_user: "{{ openshift_logging_elasticsearch_prometheus_sa | serviceaccount_name }}" + +- name: Create logging-metrics-reader-role + command: > + {{ openshift.common.client_binary }} + --config={{ openshift.common.config_base }}/master/admin.kubeconfig + -n "{{ openshift_logging_elasticsearch_namespace }}" + create -f "{{mktemp.stdout}}/templates/logging-metrics-role.yml" + register: prometheus_out + check_mode: no + ignore_errors: yes + +- fail: + msg: "There was an error creating the logging-metrics-role and binding: {{prometheus_out}}" + when: + - "prometheus_out.stderr | length > 0" + - "'already exists' not in prometheus_out.stderr" + # View role and binding - name: Generate logging-elasticsearch-view-role template: @@ -87,8 +135,8 @@ roleRef: name: view subjects: - - kind: ServiceAccount - name: aggregated-logging-elasticsearch + - kind: ServiceAccount + name: aggregated-logging-elasticsearch changed_when: no - name: Set logging-elasticsearch-view-role role @@ -98,18 +146,18 @@ kind: rolebinding namespace: "{{ openshift_logging_elasticsearch_namespace }}" files: - - "{{ tempdir }}/logging-elasticsearch-view-role.yaml" + - "{{ tempdir }}/logging-elasticsearch-view-role.yaml" delete_after: true # configmap - assert: that: - - openshift_logging_elasticsearch_kibana_index_mode in __kibana_index_modes + - openshift_logging_elasticsearch_kibana_index_mode in __kibana_index_modes msg: "The openshift_logging_elasticsearch_kibana_index_mode '{{ openshift_logging_elasticsearch_kibana_index_mode }}' only supports one of: {{ __kibana_index_modes | join(', ') }}" - assert: that: - - "{{ openshift_logging_es_log_appenders | length > 0 }}" + - "{{ openshift_logging_es_log_appenders | length > 0 }}" msg: "The openshift_logging_es_log_appenders '{{ openshift_logging_es_log_appenders }}' has an unrecognized option and only supports the following as a list: {{ __es_log_appenders | join(', ') }}" - template: @@ -120,13 +168,17 @@ when: es_logging_contents is undefined changed_when: no +- set_fact: + __es_num_of_shards: "{{ _es_configmap | default({}) | walk('index.number_of_shards', '1') }}" + __es_num_of_replicas: "{{ _es_configmap | default({}) | walk('index.number_of_replicas', '0') }}" + - template: src: elasticsearch.yml.j2 dest: "{{ tempdir }}/elasticsearch.yml" vars: allow_cluster_reader: "{{ openshift_logging_elasticsearch_ops_allow_cluster_reader | lower | default('false') }}" - es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(1) }}" - es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas | default(0) }}" + es_number_of_shards: "{{ openshift_logging_es_number_of_shards | default(None) or __es_num_of_shards }}" + es_number_of_replicas: "{{ openshift_logging_es_number_of_replicas | default(None) or __es_num_of_replicas }}" es_kibana_index_mode: "{{ openshift_logging_elasticsearch_kibana_index_mode | default('unique') }}" when: es_config_contents is undefined @@ -161,22 +213,22 @@ name: "logging-elasticsearch" namespace: "{{ openshift_logging_elasticsearch_namespace }}" files: - - name: key - path: "{{ generated_certs_dir }}/logging-es.jks" - - name: truststore - path: "{{ generated_certs_dir }}/truststore.jks" - - name: searchguard.key - path: "{{ generated_certs_dir }}/elasticsearch.jks" - - name: searchguard.truststore - path: "{{ generated_certs_dir }}/truststore.jks" - - name: admin-key - path: "{{ generated_certs_dir }}/system.admin.key" - - name: admin-cert - path: "{{ generated_certs_dir }}/system.admin.crt" - - name: admin-ca - path: "{{ generated_certs_dir }}/ca.crt" - - name: admin.jks - path: "{{ generated_certs_dir }}/system.admin.jks" + - name: key + path: "{{ generated_certs_dir }}/logging-es.jks" + - name: truststore + path: "{{ generated_certs_dir }}/truststore.jks" + - name: searchguard.key + path: "{{ generated_certs_dir }}/elasticsearch.jks" + - name: searchguard.truststore + path: "{{ generated_certs_dir }}/truststore.jks" + - name: admin-key + path: "{{ generated_certs_dir }}/system.admin.key" + - name: admin-cert + path: "{{ generated_certs_dir }}/system.admin.crt" + - name: admin-ca + path: "{{ generated_certs_dir }}/ca.crt" + - name: admin.jks + path: "{{ generated_certs_dir }}/system.admin.jks" # services - name: Set logging-{{ es_component }}-cluster service @@ -190,7 +242,7 @@ labels: logging-infra: 'support' ports: - - port: 9300 + - port: 9300 - name: Set logging-{{ es_component }} service oc_service: @@ -203,8 +255,34 @@ labels: logging-infra: 'support' ports: - - port: 9200 - targetPort: "restapi" + - port: 9200 + targetPort: "restapi" + +- name: Set logging-{{ es_component}}-prometheus service + oc_service: + state: present + name: "logging-{{es_component}}-prometheus" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" + labels: + logging-infra: 'support' + ports: + - name: proxy + port: 443 + targetPort: 4443 + selector: + component: "{{ es_component }}" + provider: openshift + +- oc_edit: + kind: service + name: "logging-{{es_component}}-prometheus" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" + separator: '#' + content: + metadata#annotations#service.alpha.openshift.io/serving-cert-secret-name: "prometheus-tls" + metadata#annotations#prometheus.io/scrape: "true" + metadata#annotations#prometheus.io/scheme: "https" + metadata#annotations#prometheus.io/path: "_prometheus/metrics" - name: Check to see if PVC already exists oc_obj: @@ -218,49 +296,49 @@ # so we check for the presence of 'stderr' to determine if the obj exists or not # the RC for existing and not existing is both 0 - when: - - logging_elasticsearch_pvc.results.stderr is defined - - openshift_logging_elasticsearch_storage_type == "pvc" + - logging_elasticsearch_pvc.results.stderr is defined + - openshift_logging_elasticsearch_storage_type == "pvc" block: - # storageclasses are used by default but if static then disable - # storageclasses with the storageClassName set to "" in pvc.j2 - - name: Creating ES storage template - static - template: - src: pvc.j2 - dest: "{{ tempdir }}/templates/logging-es-pvc.yml" - vars: - obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}" - size: "{{ (openshift_logging_elasticsearch_pvc_size | trim | length == 0) | ternary('10Gi', openshift_logging_elasticsearch_pvc_size) }}" - access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}" - pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}" - storage_class_name: "{{ openshift_logging_elasticsearch_pvc_storage_class_name | default('', true) }}" - when: - - not openshift_logging_elasticsearch_pvc_dynamic | bool - - # Storageclasses are used by default if configured - - name: Creating ES storage template - dynamic - template: - src: pvc.j2 - dest: "{{ tempdir }}/templates/logging-es-pvc.yml" - vars: - obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}" - size: "{{ (openshift_logging_elasticsearch_pvc_size | trim | length == 0) | ternary('10Gi', openshift_logging_elasticsearch_pvc_size) }}" - access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}" - pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}" - when: - - openshift_logging_elasticsearch_pvc_dynamic | bool - - - name: Set ES storage - oc_obj: - state: present - kind: pvc - name: "{{ openshift_logging_elasticsearch_pvc_name }}" - namespace: "{{ openshift_logging_elasticsearch_namespace }}" - files: - - "{{ tempdir }}/templates/logging-es-pvc.yml" - delete_after: true + # storageclasses are used by default but if static then disable + # storageclasses with the storageClassName set to "" in pvc.j2 + - name: Creating ES storage template - static + template: + src: pvc.j2 + dest: "{{ tempdir }}/templates/logging-es-pvc.yml" + vars: + obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}" + size: "{{ (openshift_logging_elasticsearch_pvc_size | trim | length == 0) | ternary('10Gi', openshift_logging_elasticsearch_pvc_size) }}" + access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}" + pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}" + storage_class_name: "{{ openshift_logging_elasticsearch_pvc_storage_class_name | default('', true) }}" + when: + - not openshift_logging_elasticsearch_pvc_dynamic | bool + + # Storageclasses are used by default if configured + - name: Creating ES storage template - dynamic + template: + src: pvc.j2 + dest: "{{ tempdir }}/templates/logging-es-pvc.yml" + vars: + obj_name: "{{ openshift_logging_elasticsearch_pvc_name }}" + size: "{{ (openshift_logging_elasticsearch_pvc_size | trim | length == 0) | ternary('10Gi', openshift_logging_elasticsearch_pvc_size) }}" + access_modes: "{{ openshift_logging_elasticsearch_pvc_access_modes | list }}" + pv_selector: "{{ openshift_logging_elasticsearch_pvc_pv_selector }}" + when: + - openshift_logging_elasticsearch_pvc_dynamic | bool + + - name: Set ES storage + oc_obj: + state: present + kind: pvc + name: "{{ openshift_logging_elasticsearch_pvc_name }}" + namespace: "{{ openshift_logging_elasticsearch_namespace }}" + files: + - "{{ tempdir }}/templates/logging-es-pvc.yml" + delete_after: true - set_fact: - es_deploy_name: "logging-{{ es_component }}-{{ openshift_logging_elasticsearch_deployment_type }}-{{ 'abcdefghijklmnopqrstuvwxyz0123456789' | random_word(8) }}" + es_deploy_name: "logging-{{ es_component }}-{{ openshift_logging_elasticsearch_deployment_type }}-{{ 8 | oo_random_word('abcdefghijklmnopqrstuvwxyz0123456789') }}" when: openshift_logging_elasticsearch_deployment_name == "" - set_fact: @@ -278,9 +356,13 @@ logging_component: elasticsearch deploy_name: "{{ es_deploy_name }}" image: "{{ openshift_logging_elasticsearch_image_prefix }}logging-elasticsearch:{{ openshift_logging_elasticsearch_image_version }}" - es_cpu_limit: "{{ openshift_logging_elasticsearch_cpu_limit }}" + proxy_image: "{{ openshift_logging_elasticsearch_proxy_image_prefix }}oauth-proxy:{{ openshift_logging_elasticsearch_proxy_image_version }}" + es_cpu_limit: "{{ openshift_logging_elasticsearch_cpu_limit | default('') }}" + es_cpu_request: "{{ openshift_logging_elasticsearch_cpu_request | min_cpu(openshift_logging_elasticsearch_cpu_limit | default(none)) }}" es_memory_limit: "{{ openshift_logging_elasticsearch_memory_limit }}" es_node_selector: "{{ openshift_logging_elasticsearch_nodeselector | default({}) }}" + es_storage_groups: "{{ openshift_logging_elasticsearch_storage_group | default([]) }}" + es_container_security_context: "{{ _es_containers.elasticsearch.securityContext if _es_containers is defined and 'elasticsearch' in _es_containers and 'securityContext' in _es_containers.elasticsearch else None }}" deploy_type: "{{ openshift_logging_elasticsearch_deployment_type }}" es_replicas: 1 @@ -291,7 +373,7 @@ namespace: "{{ openshift_logging_elasticsearch_namespace }}" kind: dc files: - - "{{ tempdir }}/templates/logging-es-dc.yml" + - "{{ tempdir }}/templates/logging-es-dc.yml" delete_after: true - name: Retrieving the cert to use when generating secrets for the {{ es_component }} component @@ -299,37 +381,37 @@ src: "{{ generated_certs_dir }}/{{ item.file }}" register: key_pairs with_items: - - { name: "ca_file", file: "ca.crt" } - - { name: "es_key", file: "system.logging.es.key" } - - { name: "es_cert", file: "system.logging.es.crt" } + - { name: "ca_file", file: "ca.crt" } + - { name: "es_key", file: "system.logging.es.key" } + - { name: "es_cert", file: "system.logging.es.crt" } when: openshift_logging_es_allow_external | bool - set_fact: es_key: "{{ lookup('file', openshift_logging_es_key) | b64encode }}" when: - - openshift_logging_es_key | trim | length > 0 - - openshift_logging_es_allow_external | bool + - openshift_logging_es_key | trim | length > 0 + - openshift_logging_es_allow_external | bool changed_when: false - set_fact: es_cert: "{{ lookup('file', openshift_logging_es_cert) | b64encode }}" when: - - openshift_logging_es_cert | trim | length > 0 - - openshift_logging_es_allow_external | bool + - openshift_logging_es_cert | trim | length > 0 + - openshift_logging_es_allow_external | bool changed_when: false - set_fact: es_ca: "{{ lookup('file', openshift_logging_es_ca_ext) | b64encode }}" when: - - openshift_logging_es_ca_ext | trim | length > 0 - - openshift_logging_es_allow_external | bool + - openshift_logging_es_ca_ext | trim | length > 0 + - openshift_logging_es_allow_external | bool changed_when: false - set_fact: es_ca: "{{ key_pairs | entry_from_named_pair('ca_file') }}" when: - - es_ca is not defined - - openshift_logging_es_allow_external | bool + - es_ca is not defined + - openshift_logging_es_allow_external | bool changed_when: false - name: Generating Elasticsearch {{ es_component }} route template @@ -360,7 +442,7 @@ namespace: "{{ openshift_logging_elasticsearch_namespace }}" kind: route files: - - "{{ tempdir }}/templates/logging-{{ es_component }}-route.yaml" + - "{{ tempdir }}/templates/logging-{{ es_component }}-route.yaml" when: openshift_logging_es_allow_external | bool ## Placeholder for migration when necessary ## diff --git a/roles/openshift_logging_elasticsearch/templates/es.j2 b/roles/openshift_logging_elasticsearch/templates/es.j2 index 3c8f390c4..0c7d8b46e 100644 --- a/roles/openshift_logging_elasticsearch/templates/es.j2 +++ b/roles/openshift_logging_elasticsearch/templates/es.j2 @@ -29,7 +29,9 @@ spec: serviceAccountName: aggregated-logging-elasticsearch securityContext: supplementalGroups: - - {{openshift_logging_elasticsearch_storage_group}} +{% for group in es_storage_groups %} + - {{group}} +{% endfor %} {% if es_node_selector is iterable and es_node_selector | length > 0 %} nodeSelector: {% for key, value in es_node_selector.iteritems() %} @@ -37,18 +39,56 @@ spec: {% endfor %} {% endif %} containers: + - name: proxy + image: {{ proxy_image }} + imagePullPolicy: IfNotPresent + args: + - --upstream-ca=/etc/elasticsearch/secret/admin-ca + - --https-address=:4443 + - -provider=openshift + - -client-id={{openshift_logging_elasticsearch_prometheus_sa}} + - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token + - -cookie-secret={{ 16 | oo_random_word | b64encode }} + - -upstream=https://localhost:9200 + - '-openshift-sar={"namespace": "{{ openshift_logging_elasticsearch_namespace}}", "verb": "view", "resource": "prometheus", "group": "metrics.openshift.io"}' + - '-openshift-delegate-urls={"/": {"resource": "prometheus", "verb": "view", "group": "metrics.openshift.io", "namespace": "{{ openshift_logging_elasticsearch_namespace}}"}}' + - --tls-cert=/etc/tls/private/tls.crt + - --tls-key=/etc/tls/private/tls.key + - -pass-access-token + - -pass-user-headers + ports: + - containerPort: 4443 + name: proxy + protocol: TCP + volumeMounts: + - mountPath: /etc/tls/private + name: proxy-tls + readOnly: true + - mountPath: /etc/elasticsearch/secret + name: elasticsearch + readOnly: true + resources: + limits: + memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}" + requests: + cpu: "{{openshift_logging_elasticsearch_proxy_cpu_request }}" + memory: "{{openshift_logging_elasticsearch_proxy_memory_limit }}" - name: "elasticsearch" image: {{image}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent resources: limits: - memory: "{{es_memory_limit}}" -{% if es_cpu_limit is defined and es_cpu_limit is not none %} +{% if es_cpu_limit is defined and es_cpu_limit is not none and es_cpu_limit != '' %} cpu: "{{es_cpu_limit}}" {% endif %} + memory: "{{es_memory_limit}}" requests: + cpu: "{{es_cpu_request}}" memory: "{{es_memory_limit}}" +{% if es_container_security_context %} + securityContext: {{ es_container_security_context | to_yaml }} +{% endif %} ports: - containerPort: 9200 @@ -94,7 +134,7 @@ spec: value: "30" - name: "POD_LABEL" - value: "component={{component}}" + value: "component={{component}}" - name: "IS_MASTER" value: "{% if deploy_type in ['data-master', 'master'] %}true{% else %}false{% endif %}" @@ -102,6 +142,9 @@ spec: - name: "HAS_DATA" value: "{% if deploy_type in ['data-master', 'data-client'] %}true{% else %}false{% endif %}" + - + name: "PROMETHEUS_USER" + value: "{{openshift_logging_elasticsearch_prometheus_sa}}" volumeMounts: - name: elasticsearch @@ -120,6 +163,9 @@ spec: timeoutSeconds: 30 periodSeconds: 5 volumes: + - name: proxy-tls + secret: + secretName: prometheus-tls - name: elasticsearch secret: secretName: logging-elasticsearch diff --git a/roles/openshift_logging_elasticsearch/templates/logging-metrics-role.j2 b/roles/openshift_logging_elasticsearch/templates/logging-metrics-role.j2 new file mode 100644 index 000000000..d9800e5a5 --- /dev/null +++ b/roles/openshift_logging_elasticsearch/templates/logging-metrics-role.j2 @@ -0,0 +1,31 @@ +--- +apiVersion: v1 +kind: List +items: +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: Role + metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: prometheus-metrics-viewer + namespace: {{ namespace }} + rules: + - apiGroups: + - metrics.openshift.io + resources: + - prometheus + verbs: + - view +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: RoleBinding + metadata: + name: prometheus-metrics-viewer + namespace: {{ namespace }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: prometheus-metrics-viewer + subjects: + - kind: ServiceAccount + namespace: {{ role_namespace }} + name: {{ role_user }} diff --git a/roles/openshift_logging_elasticsearch/vars/default_images.yml b/roles/openshift_logging_elasticsearch/vars/default_images.yml new file mode 100644 index 000000000..cef49dd92 --- /dev/null +++ b/roles/openshift_logging_elasticsearch/vars/default_images.yml @@ -0,0 +1,5 @@ +--- +__openshift_logging_elasticsearch_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_elasticsearch_image_version: "{{ openshift_logging_image_version | default('latest') }}" +__openshift_logging_elasticsearch_proxy_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/') }}" +__openshift_logging_elasticsearch_proxy_image_version: "{{ openshift_logging_image_version | default('v1.0.0') }}" diff --git a/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml b/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml new file mode 100644 index 000000000..07d92896f --- /dev/null +++ b/roles/openshift_logging_elasticsearch/vars/openshift-enterprise.yml @@ -0,0 +1,5 @@ +--- +__openshift_logging_elasticsearch_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_elasticsearch_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" +__openshift_logging_elasticsearch_proxy_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_elasticsearch_proxy_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_eventrouter/README.md b/roles/openshift_logging_eventrouter/README.md index da313d68b..611bdaee0 100644 --- a/roles/openshift_logging_eventrouter/README.md +++ b/roles/openshift_logging_eventrouter/README.md @@ -3,9 +3,9 @@ Event router A pod forwarding kubernetes events to EFK aggregated logging stack. -- **eventrouter** is deployed to logging project, has a service account and its own role to read events +- **eventrouter** is deployed to default project, has a service account and its own role to read events - **eventrouter** watches kubernetes events, marshalls them to JSON and outputs to its sink, currently only various formatting to STDOUT -- **fluentd** picks them up and inserts to elasticsearch *.operations* index +- **fluentd** ingests as logs from **eventrouter** container (as it would any other container), and writes them to the appropriate index for the **eventrouter**'s namespace (in the 'default' namespace, the *.operations* index is used) - `openshift_logging_install_eventrouter`: When 'True', eventrouter will be installed. When 'False', eventrouter will be uninstalled. @@ -15,6 +15,6 @@ Configuration variables: - `openshift_logging_eventrouter_image_version`: The image version for the logging eventrouter. Defaults to 'latest'. - `openshift_logging_eventrouter_sink`: Select a sink for eventrouter, supported 'stdout' and 'glog'. Defaults to 'stdout'. - `openshift_logging_eventrouter_nodeselector`: A map of labels (e.g. {"node":"infra","region":"west"} to select the nodes where the pod will land. -- `openshift_logging_eventrouter_cpu_limit`: The amount of CPU to allocate to eventrouter. Defaults to '100m'. +- `openshift_logging_eventrouter_cpu_request`: The minimum amount of CPU to allocate to eventrouter. Defaults to '100m'. - `openshift_logging_eventrouter_memory_limit`: The memory limit for eventrouter pods. Defaults to '128Mi'. - `openshift_logging_eventrouter_namespace`: The namespace where eventrouter is deployed. Defaults to 'default'. diff --git a/roles/openshift_logging_eventrouter/defaults/main.yaml b/roles/openshift_logging_eventrouter/defaults/main.yaml index 34e33f75f..62542f496 100644 --- a/roles/openshift_logging_eventrouter/defaults/main.yaml +++ b/roles/openshift_logging_eventrouter/defaults/main.yaml @@ -1,9 +1,8 @@ --- -openshift_logging_eventrouter_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_eventrouter_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_eventrouter_replicas: 1 openshift_logging_eventrouter_sink: stdout openshift_logging_eventrouter_nodeselector: "" -openshift_logging_eventrouter_cpu_limit: 100m +openshift_logging_eventrouter_cpu_limit: null +openshift_logging_eventrouter_cpu_request: 100m openshift_logging_eventrouter_memory_limit: 128Mi openshift_logging_eventrouter_namespace: default diff --git a/roles/openshift_logging_eventrouter/files/eventrouter-template.yaml b/roles/openshift_logging_eventrouter/files/eventrouter-template.yaml index 91708e54b..cc01c010d 100644 --- a/roles/openshift_logging_eventrouter/files/eventrouter-template.yaml +++ b/roles/openshift_logging_eventrouter/files/eventrouter-template.yaml @@ -56,7 +56,7 @@ objects: containers: - name: kube-eventrouter image: ${IMAGE} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent resources: limits: memory: ${MEMORY} diff --git a/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml b/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml index 8df7435e2..cbbc6a8ec 100644 --- a/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml +++ b/roles/openshift_logging_eventrouter/tasks/install_eventrouter.yaml @@ -45,7 +45,7 @@ params: IMAGE: "{{openshift_logging_eventrouter_image_prefix}}logging-eventrouter:{{openshift_logging_eventrouter_image_version}}" REPLICAS: "{{ openshift_logging_eventrouter_replicas }}" - CPU: "{{ openshift_logging_eventrouter_cpu_limit }}" + CPU: "{{ openshift_logging_eventrouter_cpu_request }}" MEMORY: "{{ openshift_logging_eventrouter_memory_limit }}" NAMESPACE: "{{ openshift_logging_eventrouter_namespace }}" SINK: "{{ openshift_logging_eventrouter_sink }}" diff --git a/roles/openshift_logging_eventrouter/tasks/main.yaml b/roles/openshift_logging_eventrouter/tasks/main.yaml index 58e5a559f..b1f93eeb9 100644 --- a/roles/openshift_logging_eventrouter/tasks/main.yaml +++ b/roles/openshift_logging_eventrouter/tasks/main.yaml @@ -1,4 +1,17 @@ --- +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set eventrouter image facts + set_fact: + openshift_logging_eventrouter_image_prefix: "{{ openshift_logging_eventrouter_image_prefix | default(__openshift_logging_eventrouter_image_prefix) }}" + openshift_logging_eventrouter_image_version: "{{ openshift_logging_eventrouter_image_version | default(__openshift_logging_eventrouter_image_version) }}" + - include: "{{ role_path }}/tasks/install_eventrouter.yaml" when: openshift_logging_install_eventrouter | default(false) | bool diff --git a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 index 9ff4c7e80..5a4f7f762 100644 --- a/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 +++ b/roles/openshift_logging_eventrouter/templates/eventrouter-template.j2 @@ -25,7 +25,7 @@ objects: metadata: name: logging-eventrouter data: - config.json: |- + config.json: |- { "sink": "${SINK}" } @@ -54,20 +54,20 @@ objects: serviceAccount: aggregated-logging-eventrouter serviceAccountName: aggregated-logging-eventrouter {% if node_selector is iterable and node_selector | length > 0 %} - nodeSelector: + nodeSelector: {% for key, value in node_selector.iteritems() %} - {{ key }}: "{{ value }}" + {{ key }}: "{{ value }}" {% endfor %} {% endif %} containers: - name: kube-eventrouter image: ${IMAGE} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent resources: limits: - memory: ${MEMORY} - cpu: ${CPU} + memory: ${MEMORY} requires: + cpu: ${CPU} memory: ${MEMORY} volumeMounts: - name: config-volume diff --git a/roles/openshift_logging_eventrouter/vars/default_images.yml b/roles/openshift_logging_eventrouter/vars/default_images.yml new file mode 100644 index 000000000..dbfe2d697 --- /dev/null +++ b/roles/openshift_logging_eventrouter/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_eventrouter_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_eventrouter_image_version: "{{ openshift_logging_image_version | default('latest') }}" diff --git a/roles/openshift_logging_eventrouter/vars/openshift-enterprise.yml b/roles/openshift_logging_eventrouter/vars/openshift-enterprise.yml new file mode 100644 index 000000000..bb7dc6455 --- /dev/null +++ b/roles/openshift_logging_eventrouter/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_eventrouter_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_eventrouter_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_fluentd/defaults/main.yml b/roles/openshift_logging_fluentd/defaults/main.yml index 82326bdd1..9b58e4456 100644 --- a/roles/openshift_logging_fluentd/defaults/main.yml +++ b/roles/openshift_logging_fluentd/defaults/main.yml @@ -1,14 +1,13 @@ --- ### General logging settings -openshift_logging_fluentd_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_fluentd_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_fluentd_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_fluentd_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" openshift_logging_fluentd_namespace: logging ### Common settings openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}" -openshift_logging_fluentd_cpu_limit: 100m +openshift_logging_fluentd_cpu_limit: null +openshift_logging_fluentd_cpu_request: 100m openshift_logging_fluentd_memory_limit: 512Mi openshift_logging_fluentd_hosts: ['--all'] @@ -55,4 +54,8 @@ openshift_logging_fluentd_aggregating_passphrase: none #fluentd_throttle_contents: #fluentd_secureforward_contents: -openshift_logging_fluentd_file_buffer_limit: 1Gi +openshift_logging_fluentd_file_buffer_limit: 256Mi + +# Configure fluentd to tail audit log file and filter out container engine's logs from there +# These logs are then stored in ES operation index +openshift_logging_fluentd_audit_container_engine: False diff --git a/roles/openshift_logging_fluentd/tasks/determine_version.yaml b/roles/openshift_logging_fluentd/tasks/determine_version.yaml index a1ba71b1b..6848eb512 100644 --- a/roles/openshift_logging_fluentd/tasks/determine_version.yaml +++ b/roles/openshift_logging_fluentd/tasks/determine_version.yaml @@ -1,16 +1,16 @@ --- # debating making this a module instead? - fail: - msg: Missing version to install provided by 'openshift_logging_image_version' - when: not openshift_logging_image_version or openshift_logging_image_version == '' + msg: Missing version to install provided by 'openshift_logging_fluentd_image_version' + when: not openshift_logging_fluentd_image_version or openshift_logging_fluentd_image_version == '' - set_fact: fluentd_version: "{{ __latest_fluentd_version }}" - when: openshift_logging_image_version == 'latest' + when: openshift_logging_fluentd_image_version == 'latest' # should we just assume that we will have the correct major version? -- set_fact: fluentd_version="{{ openshift_logging_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" - when: openshift_logging_image_version != 'latest' +- set_fact: fluentd_version="{{ openshift_logging_fluentd_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" + when: openshift_logging_fluentd_image_version != 'latest' - fail: msg: Invalid version specified for Fluentd diff --git a/roles/openshift_logging_fluentd/tasks/main.yaml b/roles/openshift_logging_fluentd/tasks/main.yaml index 37960afd1..f8683ab75 100644 --- a/roles/openshift_logging_fluentd/tasks/main.yaml +++ b/roles/openshift_logging_fluentd/tasks/main.yaml @@ -34,6 +34,19 @@ msg: WARNING Use of openshift_logging_mux_client_mode=minimal is not recommended due to current scaling issues when: openshift_logging_mux_client_mode is defined and openshift_logging_mux_client_mode == 'minimal' +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set fluentd image facts + set_fact: + openshift_logging_fluentd_image_prefix: "{{ openshift_logging_fluentd_image_prefix | default(__openshift_logging_fluentd_image_prefix) }}" + openshift_logging_fluentd_image_version: "{{ openshift_logging_fluentd_image_version | default(__openshift_logging_fluentd_image_version) }}" + - include: determine_version.yaml # allow passing in a tempdir @@ -69,7 +82,7 @@ name: "aggregated-logging-fluentd" namespace: "{{ openshift_logging_fluentd_namespace }}" when: - - openshift_logging_image_pull_secret == '' + - openshift_logging_image_pull_secret == '' # set service account scc - name: Set privileged permissions for Fluentd @@ -108,7 +121,6 @@ src: secure-forward.conf dest: "{{ tempdir }}/secure-forward.conf" when: fluentd_secureforward_contents is undefined - changed_when: no - copy: @@ -147,15 +159,14 @@ name: logging-fluentd namespace: "{{ openshift_logging_fluentd_namespace }}" files: - - name: ca - path: "{{ generated_certs_dir }}/ca.crt" - - name: key - path: "{{ generated_certs_dir }}/system.logging.fluentd.key" - - name: cert - path: "{{ generated_certs_dir }}/system.logging.fluentd.crt" + - name: ca + path: "{{ generated_certs_dir }}/ca.crt" + - name: key + path: "{{ generated_certs_dir }}/system.logging.fluentd.key" + - name: cert + path: "{{ generated_certs_dir }}/system.logging.fluentd.crt" # create Fluentd daemonset - # this should change based on the type of fluentd deployment to be done... # TODO: pass in aggregation configurations - name: Generate logging-fluentd daemonset definition @@ -173,6 +184,12 @@ ops_port: "{{ openshift_logging_fluentd_ops_port }}" fluentd_nodeselector_key: "{{ openshift_logging_fluentd_nodeselector.keys()[0] }}" fluentd_nodeselector_value: "{{ openshift_logging_fluentd_nodeselector.values()[0] }}" + fluentd_cpu_limit: "{{ openshift_logging_fluentd_cpu_limit }}" + fluentd_cpu_request: "{{ openshift_logging_fluentd_cpu_request | min_cpu(openshift_logging_fluentd_cpu_limit | default(none)) }}" + fluentd_memory_limit: "{{ openshift_logging_fluentd_memory_limit }}" + audit_container_engine: "{{ openshift_logging_fluentd_audit_container_engine | default(False) | bool }}" + audit_log_file: "{{ openshift_logging_fluentd_audit_file | default() }}" + audit_pos_log_file: "{{ openshift_logging_fluentd_audit_pos_file | default() }}" check_mode: no changed_when: no @@ -183,7 +200,7 @@ namespace: "{{ openshift_logging_fluentd_namespace }}" kind: daemonset files: - - "{{ tempdir }}/templates/logging-fluentd.yaml" + - "{{ tempdir }}/templates/logging-fluentd.yaml" delete_after: true # Scale up Fluentd diff --git a/roles/openshift_logging_fluentd/templates/fluentd.j2 b/roles/openshift_logging_fluentd/templates/fluentd.j2 index b5f27b60d..10283316c 100644 --- a/roles/openshift_logging_fluentd/templates/fluentd.j2 +++ b/roles/openshift_logging_fluentd/templates/fluentd.j2 @@ -29,15 +29,30 @@ spec: containers: - name: "{{ daemonset_container_name }}" image: "{{ openshift_logging_fluentd_image_prefix }}{{ daemonset_name }}:{{ openshift_logging_fluentd_image_version }}" - imagePullPolicy: Always + imagePullPolicy: IfNotPresent securityContext: privileged: true +{% if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_limit is defined and fluentd_cpu_limit is not none) or (fluentd_cpu_request is defined and fluentd_cpu_request is not none) %} resources: +{% if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_limit is defined and fluentd_cpu_limit is not none) %} limits: - cpu: {{ openshift_logging_fluentd_cpu_limit }} - memory: {{ openshift_logging_fluentd_memory_limit }} +{% if fluentd_cpu_limit is not none %} + cpu: "{{fluentd_cpu_limit}}" +{% endif %} +{% if fluentd_memory_limit is not none %} + memory: "{{fluentd_memory_limit}}" +{% endif %} +{% endif %} +{% if (fluentd_memory_limit is defined and fluentd_memory_limit is not none) or (fluentd_cpu_request is defined and fluentd_cpu_request is not none) %} requests: - memory: {{ openshift_logging_fluentd_memory_limit }} +{% if fluentd_cpu_request is not none %} + cpu: "{{fluentd_cpu_request}}" +{% endif %} +{% if fluentd_memory_limit is not none %} + memory: "{{fluentd_memory_limit}}" +{% endif %} +{% endif %} +{% endif %} volumeMounts: - name: runlogjournal mountPath: /run/log/journal @@ -66,7 +81,9 @@ spec: readOnly: true - name: filebufferstorage mountPath: /var/lib/fluentd -{% if openshift_logging_mux_client_mode is defined %} +{% if openshift_logging_mux_client_mode is defined and + ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or + (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %} - name: muxcerts mountPath: /etc/fluent/muxkeys readOnly: true @@ -113,8 +130,10 @@ spec: containerName: "{{ daemonset_container_name }}" resource: limits.memory - name: "FILE_BUFFER_LIMIT" - value: "{{ openshift_logging_fluentd_file_buffer_limit | default('1Gi') }}" -{% if openshift_logging_mux_client_mode is defined %} + value: "{{ openshift_logging_fluentd_file_buffer_limit | default('256i') }}" +{% if openshift_logging_mux_client_mode is defined and + ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or + (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %} - name: "MUX_CLIENT_MODE" value: "{{ openshift_logging_mux_client_mode }}" {% endif %} @@ -168,6 +187,28 @@ spec: value: "{{ openshift_logging_fluentd_remote_syslog_payload_key }}" {% endif %} +{% if audit_container_engine %} + - name: "AUDIT_CONTAINER_ENGINE" + value: "{{ audit_container_engine | lower }}" +{% endif %} + +{% if audit_container_engine %} + - name: "NODE_NAME" + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{% endif %} + +{% if audit_log_file != '' %} + - name: AUDIT_FILE + value: "{{ audit_log_file }}" +{% endif %} + +{% if audit_pos_log_file != '' %} + - name: AUDIT_POS_FILE + value: "{{ audit_pos_log_file }}" +{% endif %} + volumes: - name: runlogjournal hostPath: @@ -196,7 +237,9 @@ spec: - name: dockerdaemoncfg hostPath: path: /etc/docker -{% if openshift_logging_mux_client_mode is defined %} +{% if openshift_logging_mux_client_mode is defined and + ((openshift_logging_mux_allow_external is defined and openshift_logging_mux_allow_external | bool) or + (openshift_logging_use_mux is defined and openshift_logging_use_mux | bool)) %} - name: muxcerts secret: secretName: logging-mux diff --git a/roles/openshift_logging_fluentd/vars/default_images.yml b/roles/openshift_logging_fluentd/vars/default_images.yml new file mode 100644 index 000000000..6d127b730 --- /dev/null +++ b/roles/openshift_logging_fluentd/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_fluentd_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_fluentd_image_version: "{{ openshift_logging_image_version | default('latest') }}" diff --git a/roles/openshift_logging_fluentd/vars/openshift-enterprise.yml b/roles/openshift_logging_fluentd/vars/openshift-enterprise.yml new file mode 100644 index 000000000..d0c74f1fb --- /dev/null +++ b/roles/openshift_logging_fluentd/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_fluentd_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_fluentd_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_kibana/defaults/main.yml b/roles/openshift_logging_kibana/defaults/main.yml index ee265bb14..6cdf7c8f3 100644 --- a/roles/openshift_logging_kibana/defaults/main.yml +++ b/roles/openshift_logging_kibana/defaults/main.yml @@ -2,13 +2,12 @@ ### Common settings openshift_logging_kibana_master_url: "https://kubernetes.default.svc.cluster.local" openshift_logging_kibana_master_public_url: "https://kubernetes.default.svc.cluster.local" -openshift_logging_kibana_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_kibana_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_kibana_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_kibana_namespace: logging openshift_logging_kibana_nodeselector: "" openshift_logging_kibana_cpu_limit: null +openshift_logging_kibana_cpu_request: 100m openshift_logging_kibana_memory_limit: 736Mi openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}" @@ -24,10 +23,9 @@ openshift_logging_kibana_edge_term_policy: Redirect openshift_logging_kibana_ops_deployment: false # Proxy settings -openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_kibana_proxy_debug: false openshift_logging_kibana_proxy_cpu_limit: null +openshift_logging_kibana_proxy_cpu_request: 100m openshift_logging_kibana_proxy_memory_limit: 256Mi #The absolute path on the control node to the cert file to use diff --git a/roles/openshift_logging_kibana/tasks/determine_version.yaml b/roles/openshift_logging_kibana/tasks/determine_version.yaml index 53e15af5f..63e5a89f1 100644 --- a/roles/openshift_logging_kibana/tasks/determine_version.yaml +++ b/roles/openshift_logging_kibana/tasks/determine_version.yaml @@ -1,16 +1,16 @@ --- # debating making this a module instead? - fail: - msg: Missing version to install provided by 'openshift_logging_image_version' - when: not openshift_logging_image_version or openshift_logging_image_version == '' + msg: Missing version to install provided by 'openshift_logging_kibana_image_version' + when: not openshift_logging_kibana_image_version or openshift_logging_kibana_image_version == '' - set_fact: kibana_version: "{{ __latest_kibana_version }}" - when: openshift_logging_image_version == 'latest' + when: openshift_logging_kibana_image_version == 'latest' # should we just assume that we will have the correct major version? -- set_fact: kibana_version="{{ openshift_logging_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" - when: openshift_logging_image_version != 'latest' +- set_fact: kibana_version="{{ openshift_logging_kibana_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" + when: openshift_logging_kibana_image_version != 'latest' - fail: msg: Invalid version specified for Kibana diff --git a/roles/openshift_logging_kibana/tasks/main.yaml b/roles/openshift_logging_kibana/tasks/main.yaml index e17e8c1f2..9d99114c5 100644 --- a/roles/openshift_logging_kibana/tasks/main.yaml +++ b/roles/openshift_logging_kibana/tasks/main.yaml @@ -1,5 +1,19 @@ --- # fail is we don't have an endpoint for ES to connect to? +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set kibana image facts + set_fact: + openshift_logging_kibana_image_prefix: "{{ openshift_logging_kibana_image_prefix | default(__openshift_logging_kibana_image_prefix) }}" + openshift_logging_kibana_image_version: "{{ openshift_logging_kibana_image_version | default(__openshift_logging_kibana_image_version) }}" + openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_kibana_proxy_image_prefix | default(__openshift_logging_kibana_proxy_image_prefix) }}" + openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_kibana_proxy_image_version | default(__openshift_logging_kibana_proxy_image_version) }}" - include: determine_version.yaml @@ -37,7 +51,7 @@ name: "aggregated-logging-kibana" namespace: "{{ openshift_logging_namespace }}" when: - - openshift_logging_image_pull_secret == '' + - openshift_logging_image_pull_secret == '' - set_fact: kibana_name: "{{ 'logging-kibana' ~ ( (openshift_logging_kibana_ops_deployment | default(false) | bool) | ternary('-ops', '')) }}" @@ -58,7 +72,7 @@ content: "{{ 200 | oo_random_word }}" dest: "{{ generated_certs_dir }}/session_secret" when: - - not session_secret_file.stat.exists + - not session_secret_file.stat.exists # gen oauth_secret if necessary - name: Generate oauth secret @@ -66,19 +80,19 @@ content: "{{ 64 | oo_random_word }}" dest: "{{ generated_certs_dir }}/oauth_secret" when: - - not oauth_secret_file.stat.exists + - not oauth_secret_file.stat.exists - name: Retrieving the cert to use when generating secrets for the logging components slurp: src: "{{ generated_certs_dir }}/{{ item.file }}" register: key_pairs with_items: - - { name: "ca_file", file: "ca.crt" } - - { name: "kibana_internal_key", file: "kibana-internal.key"} - - { name: "kibana_internal_cert", file: "kibana-internal.crt"} - - { name: "server_tls", file: "server-tls.json"} - - { name: "session_secret", file: "session_secret" } - - { name: "oauth_secret", file: "oauth_secret" } + - { name: "ca_file", file: "ca.crt" } + - { name: "kibana_internal_key", file: "kibana-internal.key"} + - { name: "kibana_internal_cert", file: "kibana-internal.crt"} + - { name: "server_tls", file: "server-tls.json"} + - { name: "session_secret", file: "session_secret" } + - { name: "oauth_secret", file: "oauth_secret" } # services - name: Set {{ kibana_name }} service @@ -92,8 +106,8 @@ labels: logging-infra: 'support' ports: - - port: 443 - targetPort: "oaproxy" + - port: 443 + targetPort: "oaproxy" # create routes # TODO: set up these certs differently? @@ -144,7 +158,7 @@ namespace: "{{ openshift_logging_namespace }}" kind: route files: - - "{{ tempdir }}/templates/kibana-route.yaml" + - "{{ tempdir }}/templates/kibana-route.yaml" # preserve list of current hostnames - name: Get current oauthclient hostnames @@ -173,7 +187,7 @@ namespace: "{{ openshift_logging_namespace }}" kind: oauthclient files: - - "{{ tempdir }}/templates/oauth-client.yml" + - "{{ tempdir }}/templates/oauth-client.yml" delete_after: true # create Kibana secret @@ -183,12 +197,12 @@ name: "logging-kibana" namespace: "{{ openshift_logging_namespace }}" files: - - name: ca - path: "{{ generated_certs_dir }}/ca.crt" - - name: key - path: "{{ generated_certs_dir }}/system.logging.kibana.key" - - name: cert - path: "{{ generated_certs_dir }}/system.logging.kibana.crt" + - name: ca + path: "{{ generated_certs_dir }}/ca.crt" + - name: key + path: "{{ generated_certs_dir }}/system.logging.kibana.key" + - name: cert + path: "{{ generated_certs_dir }}/system.logging.kibana.crt" # create Kibana-proxy secret - name: Set Kibana Proxy secret @@ -205,16 +219,16 @@ #- name: server-tls.json # path: "{{ generated_certs_dir }}/server-tls.json" contents: - - path: oauth-secret - data: "{{ key_pairs | entry_from_named_pair('oauth_secret') | b64decode }}" - - path: session-secret - data: "{{ key_pairs | entry_from_named_pair('session_secret') | b64decode }}" - - path: server-key - data: "{{ key_pairs | entry_from_named_pair('kibana_internal_key') | b64decode }}" - - path: server-cert - data: "{{ key_pairs | entry_from_named_pair('kibana_internal_cert') | b64decode }}" - - path: server-tls.json - data: "{{ key_pairs | entry_from_named_pair('server_tls') | b64decode }}" + - path: oauth-secret + data: "{{ key_pairs | entry_from_named_pair('oauth_secret') | b64decode }}" + - path: session-secret + data: "{{ key_pairs | entry_from_named_pair('session_secret') | b64decode }}" + - path: server-key + data: "{{ key_pairs | entry_from_named_pair('kibana_internal_key') | b64decode }}" + - path: server-cert + data: "{{ key_pairs | entry_from_named_pair('kibana_internal_cert') | b64decode }}" + - path: server-tls.json + data: "{{ key_pairs | entry_from_named_pair('server_tls') | b64decode }}" # create Kibana DC - name: Generate Kibana DC template @@ -230,8 +244,10 @@ es_host: "{{ openshift_logging_kibana_es_host }}" es_port: "{{ openshift_logging_kibana_es_port }}" kibana_cpu_limit: "{{ openshift_logging_kibana_cpu_limit }}" + kibana_cpu_request: "{{ openshift_logging_kibana_cpu_request | min_cpu(openshift_logging_kibana_cpu_limit | default(none)) }}" kibana_memory_limit: "{{ openshift_logging_kibana_memory_limit }}" kibana_proxy_cpu_limit: "{{ openshift_logging_kibana_proxy_cpu_limit }}" + kibana_proxy_cpu_request: "{{ openshift_logging_kibana_proxy_cpu_request | min_cpu(openshift_logging_kibana_proxy_cpu_limit | default(none)) }}" kibana_proxy_memory_limit: "{{ openshift_logging_kibana_proxy_memory_limit }}" kibana_replicas: "{{ openshift_logging_kibana_replicas | default (1) }}" kibana_node_selector: "{{ openshift_logging_kibana_nodeselector | default({}) }}" @@ -243,7 +259,7 @@ namespace: "{{ openshift_logging_namespace }}" kind: dc files: - - "{{ tempdir }}/templates/kibana-dc.yaml" + - "{{ tempdir }}/templates/kibana-dc.yaml" delete_after: true # update master configs? diff --git a/roles/openshift_logging_kibana/templates/kibana.j2 b/roles/openshift_logging_kibana/templates/kibana.j2 index da1386d3e..4ff86729a 100644 --- a/roles/openshift_logging_kibana/templates/kibana.j2 +++ b/roles/openshift_logging_kibana/templates/kibana.j2 @@ -37,18 +37,27 @@ spec: - name: "kibana" image: {{ image }} - imagePullPolicy: Always -{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") %} + imagePullPolicy: IfNotPresent +{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") or (kibana_cpu_request is defined and kibana_cpu_request is not none and kibana_cpu_request != "") %} resources: +{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_limit is defined and kibana_cpu_limit is not none and kibana_cpu_limit != "") %} limits: -{% if kibana_cpu_limit is not none and kibana_cpu_limit != "" %} +{% if kibana_cpu_limit is not none and kibana_cpu_limit != "" %} cpu: "{{ kibana_cpu_limit }}" -{% endif %} -{% if kibana_memory_limit is not none and kibana_memory_limit != "" %} +{% endif %} +{% if kibana_memory_limit is not none and kibana_memory_limit != "" %} memory: "{{ kibana_memory_limit }}" +{% endif %} +{% endif %} +{% if (kibana_memory_limit is defined and kibana_memory_limit is not none and kibana_memory_limit != "") or (kibana_cpu_request is defined and kibana_cpu_request is not none and kibana_cpu_request != "") %} requests: +{% if kibana_cpu_request is not none and kibana_cpu_request != "" %} + cpu: "{{ kibana_cpu_request }}" +{% endif %} +{% if kibana_memory_limit is not none and kibana_memory_limit != "" %} memory: "{{ kibana_memory_limit }}" -{% endif %} +{% endif %} +{% endif %} {% endif %} env: - name: "ES_HOST" @@ -75,18 +84,27 @@ spec: - name: "kibana-proxy" image: {{ proxy_image }} - imagePullPolicy: Always -{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") %} + imagePullPolicy: IfNotPresent +{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %} resources: +{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_limit is defined and kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "") %} limits: -{% if kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "" %} +{% if kibana_proxy_cpu_limit is not none and kibana_proxy_cpu_limit != "" %} cpu: "{{ kibana_proxy_cpu_limit }}" -{% endif %} -{% if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %} +{% endif %} +{% if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %} memory: "{{ kibana_proxy_memory_limit }}" +{% endif %} +{% endif %} +{% if (kibana_proxy_memory_limit is defined and kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "") or (kibana_proxy_cpu_request is defined and kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "") %} requests: +{% if kibana_proxy_cpu_request is not none and kibana_proxy_cpu_request != "" %} + cpu: "{{ kibana_proxy_cpu_request }}" +{% endif %} +{% if kibana_proxy_memory_limit is not none and kibana_proxy_memory_limit != "" %} memory: "{{ kibana_proxy_memory_limit }}" -{% endif %} +{% endif %} +{% endif %} {% endif %} ports: - diff --git a/roles/openshift_logging_kibana/vars/default_images.yml b/roles/openshift_logging_kibana/vars/default_images.yml new file mode 100644 index 000000000..db0f9b622 --- /dev/null +++ b/roles/openshift_logging_kibana/vars/default_images.yml @@ -0,0 +1,5 @@ +--- +__openshift_logging_kibana_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_kibana_image_version: "{{ openshift_logging_image_version | default('latest') }}" +__openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_image_version | default('latest') }}" diff --git a/roles/openshift_logging_kibana/vars/openshift-enterprise.yml b/roles/openshift_logging_kibana/vars/openshift-enterprise.yml new file mode 100644 index 000000000..0be2e7252 --- /dev/null +++ b/roles/openshift_logging_kibana/vars/openshift-enterprise.yml @@ -0,0 +1,5 @@ +--- +__openshift_logging_kibana_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_kibana_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" +__openshift_logging_kibana_proxy_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_kibana_proxy_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_logging_mux/defaults/main.yml b/roles/openshift_logging_mux/defaults/main.yml index 68412aec8..cd15da939 100644 --- a/roles/openshift_logging_mux/defaults/main.yml +++ b/roles/openshift_logging_mux/defaults/main.yml @@ -1,7 +1,5 @@ --- ### General logging settings -openshift_logging_mux_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" -openshift_logging_mux_image_version: "{{ openshift_logging_image_version | default('latest') }}" openshift_logging_mux_image_pull_secret: "{{ openshift_hosted_logging_image_pull_secret | default('') }}" openshift_logging_mux_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" openshift_logging_mux_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true))) }}" @@ -9,10 +7,11 @@ openshift_logging_mux_namespace: logging ### Common settings openshift_logging_mux_nodeselector: "{{ openshift_hosted_logging_mux_nodeselector_label | default('') | map_from_pairs }}" -openshift_logging_mux_cpu_limit: 500m -openshift_logging_mux_memory_limit: 2Gi -openshift_logging_mux_buffer_queue_limit: 1024 -openshift_logging_mux_buffer_size_limit: 1m +openshift_logging_mux_cpu_limit: null +openshift_logging_mux_cpu_request: 100m +openshift_logging_mux_memory_limit: 512Mi +openshift_logging_mux_buffer_queue_limit: 32 +openshift_logging_mux_buffer_size_limit: 8m openshift_logging_mux_replicas: 1 @@ -57,11 +56,11 @@ openshift_logging_mux_file_buffer_storage_type: "emptydir" openshift_logging_mux_file_buffer_pvc_name: "logging-mux-pvc" # required if the PVC does not already exist -openshift_logging_mux_file_buffer_pvc_size: 4Gi +openshift_logging_mux_file_buffer_pvc_size: 1Gi openshift_logging_mux_file_buffer_pvc_dynamic: false openshift_logging_mux_file_buffer_pvc_pv_selector: {} openshift_logging_mux_file_buffer_pvc_access_modes: ['ReadWriteOnce'] openshift_logging_mux_file_buffer_storage_group: '65534' openshift_logging_mux_file_buffer_pvc_prefix: "logging-mux" -openshift_logging_mux_file_buffer_limit: 2Gi +openshift_logging_mux_file_buffer_limit: 256Mi diff --git a/roles/openshift_logging_mux/tasks/determine_version.yaml b/roles/openshift_logging_mux/tasks/determine_version.yaml index 229bcf3d5..769475dd5 100644 --- a/roles/openshift_logging_mux/tasks/determine_version.yaml +++ b/roles/openshift_logging_mux/tasks/determine_version.yaml @@ -1,16 +1,16 @@ --- # debating making this a module instead? - fail: - msg: Missing version to install provided by 'openshift_logging_image_version' - when: not openshift_logging_image_version or openshift_logging_image_version == '' + msg: Missing version to install provided by 'openshift_logging_mux_image_version' + when: not openshift_logging_mux_image_version or openshift_logging_mux_image_version == '' - set_fact: mux_version: "{{ __latest_mux_version }}" - when: openshift_logging_image_version == 'latest' + when: openshift_logging_mux_image_version == 'latest' # should we just assume that we will have the correct major version? -- set_fact: mux_version="{{ openshift_logging_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" - when: openshift_logging_image_version != 'latest' +- set_fact: mux_version="{{ openshift_logging_mux_image_version | regex_replace('^v?(?P<major>\d)\.(?P<minor>\d).*$', '3_\\g<minor>') }}" + when: openshift_logging_mux_image_version != 'latest' - fail: msg: Invalid version specified for mux diff --git a/roles/openshift_logging_mux/tasks/main.yaml b/roles/openshift_logging_mux/tasks/main.yaml index 2ec863afa..242d92188 100644 --- a/roles/openshift_logging_mux/tasks/main.yaml +++ b/roles/openshift_logging_mux/tasks/main.yaml @@ -7,6 +7,19 @@ msg: Operations logs destination is required when: not openshift_logging_mux_ops_host or openshift_logging_mux_ops_host == '' +- name: Set default image variables based on deployment_type + include_vars: "{{ var_file_name }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + loop_control: + loop_var: var_file_name + +- name: Set mux image facts + set_fact: + openshift_logging_mux_image_prefix: "{{ openshift_logging_mux_image_prefix | default(__openshift_logging_mux_image_prefix) }}" + openshift_logging_mux_image_version: "{{ openshift_logging_mux_image_version | default(__openshift_logging_mux_image_version) }}" + - include: determine_version.yaml # allow passing in a tempdir @@ -42,7 +55,7 @@ name: "aggregated-logging-mux" namespace: "{{ openshift_logging_mux_namespace }}" when: - - openshift_logging_image_pull_secret == '' + - openshift_logging_image_pull_secret == '' # set service account scc - name: Set privileged permissions for Mux @@ -112,14 +125,14 @@ name: logging-mux namespace: "{{ openshift_logging_mux_namespace }}" files: - - name: ca - path: "{{ generated_certs_dir }}/ca.crt" - - name: key - path: "{{ generated_certs_dir }}/system.logging.mux.key" - - name: cert - path: "{{ generated_certs_dir }}/system.logging.mux.crt" - - name: shared_key - path: "{{ generated_certs_dir }}/mux_shared_key" + - name: ca + path: "{{ generated_certs_dir }}/ca.crt" + - name: key + path: "{{ generated_certs_dir }}/system.logging.mux.key" + - name: cert + path: "{{ generated_certs_dir }}/system.logging.mux.crt" + - name: shared_key + path: "{{ generated_certs_dir }}/mux_shared_key" # services - name: Set logging-mux service for external communication @@ -133,11 +146,11 @@ labels: logging-infra: 'support' ports: - - name: mux-forward - port: "{{ openshift_logging_mux_port }}" - targetPort: "mux-forward" + - name: mux-forward + port: "{{ openshift_logging_mux_port }}" + targetPort: "mux-forward" external_ips: - - "{{ ansible_eth0.ipv4.address }}" + - "{{ ansible_eth0.ipv4.address }}" when: openshift_logging_mux_allow_external | bool - name: Set logging-mux service for internal communication @@ -151,9 +164,9 @@ labels: logging-infra: 'support' ports: - - name: mux-forward - port: "{{ openshift_logging_mux_port }}" - targetPort: "mux-forward" + - name: mux-forward + port: "{{ openshift_logging_mux_port }}" + targetPort: "mux-forward" when: not openshift_logging_mux_allow_external | bool # create Mux DC @@ -171,6 +184,7 @@ ops_host: "{{ openshift_logging_mux_ops_host }}" ops_port: "{{ openshift_logging_mux_ops_port }}" mux_cpu_limit: "{{ openshift_logging_mux_cpu_limit }}" + mux_cpu_request: "{{ openshift_logging_mux_cpu_request | min_cpu(openshift_logging_mux_cpu_limit | default(none)) }}" mux_memory_limit: "{{ openshift_logging_mux_memory_limit }}" mux_replicas: "{{ openshift_logging_mux_replicas | default(1) }}" mux_node_selector: "{{ openshift_logging_mux_nodeselector | default({}) }}" @@ -187,7 +201,7 @@ selector: "{{ openshift_logging_mux_file_buffer_pvc_pv_selector }}" storage_class_name: "{{ openshift_logging_mux_file_buffer_pvc_storage_class_name | default('', true) }}" when: - - openshift_logging_mux_file_buffer_storage_type == "pvc" + - openshift_logging_mux_file_buffer_storage_type == "pvc" - name: Set logging-mux DC oc_obj: @@ -196,7 +210,7 @@ namespace: "{{ openshift_logging_mux_namespace }}" kind: dc files: - - "{{ tempdir }}/templates/logging-mux-dc.yaml" + - "{{ tempdir }}/templates/logging-mux-dc.yaml" delete_after: true - name: Add mux namespaces diff --git a/roles/openshift_logging_mux/templates/mux.j2 b/roles/openshift_logging_mux/templates/mux.j2 index 4cc48139f..cfb13d59b 100644 --- a/roles/openshift_logging_mux/templates/mux.j2 +++ b/roles/openshift_logging_mux/templates/mux.j2 @@ -36,18 +36,27 @@ spec: containers: - name: "mux" image: {{image}} - imagePullPolicy: Always -{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %} + imagePullPolicy: IfNotPresent +{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) or (mux_cpu_request is defined and mux_cpu_request is not none) %} resources: +{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_limit is defined and mux_cpu_limit is not none) %} limits: -{% if mux_cpu_limit is not none %} +{% if mux_cpu_limit is not none %} cpu: "{{mux_cpu_limit}}" -{% endif %} -{% if mux_memory_limit is not none %} +{% endif %} +{% if mux_memory_limit is not none %} memory: "{{mux_memory_limit}}" +{% endif %} +{% endif %} +{% if (mux_memory_limit is defined and mux_memory_limit is not none) or (mux_cpu_request is defined and mux_cpu_request is not none) %} requests: +{% if mux_cpu_request is not none %} + cpu: "{{mux_cpu_request}}" +{% endif %} +{% if mux_memory_limit is not none %} memory: "{{mux_memory_limit}}" -{% endif %} +{% endif %} +{% endif %} {% endif %} ports: - containerPort: "{{ openshift_logging_mux_port }}" diff --git a/roles/openshift_logging_mux/vars/default_images.yml b/roles/openshift_logging_mux/vars/default_images.yml new file mode 100644 index 000000000..bd5dc4504 --- /dev/null +++ b/roles/openshift_logging_mux/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_mux_image_prefix: "{{ openshift_logging_image_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_mux_image_version: "{{ openshift_logging_image_version | default('latest') }}" diff --git a/roles/openshift_logging_mux/vars/openshift-enterprise.yml b/roles/openshift_logging_mux/vars/openshift-enterprise.yml new file mode 100644 index 000000000..1e7eb9d8d --- /dev/null +++ b/roles/openshift_logging_mux/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_mux_image_prefix: "{{ openshift_logging_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_mux_image_version: "{{ openshift_logging_image_version | default ('v3.7') }}" diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml index f67aee88b..fbbac1176 100644 --- a/roles/openshift_manage_node/tasks/main.yml +++ b/roles/openshift_manage_node/tasks/main.yml @@ -7,11 +7,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift_node_master_api_url }}/healthz/ready args: # Disables the following warning: diff --git a/roles/openshift_manageiq/tasks/main.yaml b/roles/openshift_manageiq/tasks/main.yaml index 7789d2232..088d0b171 100644 --- a/roles/openshift_manageiq/tasks/main.yaml +++ b/roles/openshift_manageiq/tasks/main.yaml @@ -1,8 +1,4 @@ --- -- fail: - msg: "The openshift_manageiq role requires OpenShift Enterprise 3.1 or Origin 1.1." - when: not openshift.common.version_gte_3_1_or_1_1 | bool - - name: Add Management Infrastructure project oc_project: name: management-infra @@ -61,4 +57,3 @@ resource_kind: "{{ item.resource_kind }}" user: "{{ item.user }}" with_items: "{{manage_iq_openshift_3_2_tasks}}" - when: openshift.common.version_gte_3_2_or_1_2 | bool diff --git a/roles/openshift_management/README.md b/roles/openshift_management/README.md new file mode 100644 index 000000000..96de82669 --- /dev/null +++ b/roles/openshift_management/README.md @@ -0,0 +1,629 @@ +# CloudForms Availability + +As noted in [Limitations - Product Choice](#product-choice), +[CloudForms](https://www.redhat.com/en/technologies/management/cloudforms) +(CFME) 4.6 is not yet released. Until such time, this role is limited +to installing [ManageIQ](http://manageiq.org) (MIQ), the open source +project that CFME is based on. + +After CFME 4.6 is available to customers this role will enable +(optional) logic which will install CFME or MIQ based on your +deployment type (`openshift_deployment_type`): + +* `openshift-enterprise` → CloudForms +* `origin` → ManageIQ + + +# Table of Contents + + * [Introduction](#introduction) + * [Important Notes](#important-notes) + * [Requirements](#requirements) + * [Role Variables](#role-variables) + * [Getting Started](#getting-started) + * [All Defaults](#all-defaults) + * [External NFS Storage](#external-nfs-storage) + * [Override PV sizes](#override-pv-sizes) + * [Override Memory Requirements](#override-memory-requirements) + * [External PostgreSQL Database](#external-postgresql-database) + * [Limitations](#limitations) + * [Product Choice](#product-choice) + * [Configuration](#configuration) + * [Database](#database) + * [Podified](#podified) + * [External](#external) + * [Storage Classes](#storage-classes) + * [NFS (Default)](#nfs-default) + * [NFS External](#nfs-external) + * [Cloud Provider](#cloud-provider) + * [Preconfigured (Expert Configuration Only)](#preconfigured-expert-configuration-only) + * [Customization](#customization) + * [Container Provider](#container-provider) + * [Manually](#manually) + * [Automatically](#automatically) + * [Multiple Providers](#multiple-providers) + * [Uninstall](#uninstall) + * [Additional Information](#additional-information) + +# Introduction + +This role will allow a user to install CFME 4.6 or MIQ on an OCP +3.7 cluster. The role provides customization options for overriding +default deployment parameters. This role allows the user to deploy +different installation flavors: + +* **Fully Podified** - In this way all application services are ran as + pods in the container platform. +* **External Database** - In this way the application utilizes an + externally hosted database server. All other services are ran in the + container platform. + +This role includes the following storage class options: + +* NFS - **Default** - local, on cluster +* NFS External - NFS somewhere else, like a storage appliance +* Cloud Provider - Use automatic storage provisioning from your cloud + provider (*gce* or *aws*) +* Preconfigured - **expert only**, assumes you created everything ahead + of time + +You may skip ahead to the [Getting Started](#getting-started) section +now for examples of how to set up your Ansible inventory for various +deployment configurations. However, you are **strongly urged** to +first read through the [Configuration](#configuration) and +[Customization](#customization) sections as well as the following +[Important Notes](#important-notes). + +## Important Notes + +Not all parameters are present in **both** template versions (podified +db and external db). For example, while the podified database template +has a `POSTGRESQL_MEM_REQ` parameter, no such parameter is present in +the external db template, as there is no need for this information due +to there being no databases that require pods. + +*Be extra careful* if you are overriding template +parameters. Including parameters not defined in a template **will +cause errors**. If you do receive an error during the `Ensure the CFME +App is created` task, we recommend running the +[uninstall scripts](#uninstall) first before running the installer +again. + +### Beta + +Only required for enterprise +(`openshift_deployment_type=openshift-enterprise`) users: + +* `openshift_management_install_beta` - by setting this value to + `true` you acknowledge that this software is currently in BETA and + support may be limited nonexistent. This is required to begin the + installation. + + +# Requirements + +The **default** requirements are listed in the table below. These can +be overridden through customization parameters (See +[Customization](#customization), below). + +**Note** that the application performance will suffer, or possibly +even fail to deploy, if these requirements are not satisfied. + + +| Item | Requirement | Description | Customization Parameter | +|---------------------|---------------|----------------------------------------------|-------------------------------| +| Application Memory | `≥ 4.0 Gi` | Minimum required memory for the application | `APPLICATION_MEM_REQ` | +| Application Storage | `≥ 5.0 Gi` | Minimum PV size required for the application | `APPLICATION_VOLUME_CAPACITY` | +| PostgreSQL Memory | `≥ 6.0 Gi` | Minimum required memory for the database | `POSTGRESQL_MEM_REQ` | +| PostgreSQL Storage | `≥ 15.0 Gi` | Minimum PV size required for the database | `DATABASE_VOLUME_CAPACITY` | +| Cluster Hosts | `≥ 3` | Number of hosts in your cluster | | + +The implications of this table are summarized below: + +* You need several cluster nodes +* Your cluster nodes must have lots of memory available +* You will need several GiB's of storage available, either locally or + on your cloud provider +* PV sizes can be changed by providing override values to template + parameters (see also: [Customization](#customization)) + +# Role Variables + +The following is a table of the publicly exposed variables that may be +used in your Ansible inventory to control the behavior of this +installer. + + +| Variable | Required | Default | Description | +|------------------------------------------------------|:--------:|:------------------------------:|-------------------------------------| +| `openshift_management_project` | **No** | `openshift-management` | Namespace for the installation. | +| `openshift_management_project_description` | **No** | *CloudForms Management Engine* | Namespace/project description. | +| `openshift_management_install_management` | **No** | `false` | Boolean, set to `true` to install the application | +| `openshift_management_install_beta` | **No** | `false` | Boolean, by setting this value to `true` you acknowledge that this software is currently in BETA and support may be limited. Only required for *openshift-enterprise* users. | +| `openshift_management_username` | **No** | `admin` | Default management username. Changing this values **does not change the username**. Only change this value if you have changed the name already and are running integration scripts (such as the [add container provider](#container-provider) script) | +| `openshift_management_password` | **No** | `smartvm` | Default management password. Changing this values **does not change the password**. Only change this value if you have changed the password already and are running integration scripts (such as the [add-container-provider](#container-provider) script) | +| **PRODUCT CHOICE** | | | | | +| `openshift_management_app_template` | **No** | `miq-template` | The project flavor to install. Choices: <ul><li>`miq-template`: ManageIQ using a podified database</li> <li> `miq-template-ext-db`: ManageIQ using an external database</li> <li>`cfme-template`: CloudForms using a podified database<sup>[1]</sup></li> <li> `cfme-template-ext-db`: CloudForms using an external database.<sup>[1]</sup></li></ul> | +| **STORAGE CLASSES** | | | | | +| `openshift_management_storage_class` | **No** | `nfs` | Storage type to use, choices: <ul><li>`nfs` - Best used for proof-of-concept installs. Will setup NFS on a cluster host (defaults to your first master in the inventory file) to back the required PVCs. The application requires a PVC and the database (which may be hosted externally) may require a second. PVC minimum required sizes are 5GiB for the MIQ application, and 15GiB for the PostgreSQL database (20GiB minimum available space on a volume/partition if used specifically for NFS purposes)</li> <li>`nfs_external` - You are using an external NFS server, such as a netapp appliance. See the [Configuration - Storage Classes](#storage-classes) section below for required information.</li> <li>`preconfigured` - This CFME role will do NOTHING to modify storage settings. This option assumes expert knowledge and that you have done everything required ahead of time.</li> <li>`cloudprovider` - You are using an OCP cloudprovider integration for your storage class. For this to work you must have already configured the required inventory parameters for your cloud provider. Ensure `openshift_cloudprovider_kind` is defined (aws or gce) and that the applicable cloudprovider parameters are provided. | +| `openshift_management_storage_nfs_external_hostname` | **No** | `false` | If you are using an *external NFS server*, such as a netapp appliance, then you must set the hostname here. Leave the value as `false` if you are not using external NFS. <br /> *Additionally*: **External NFS REQUIRES** that you create the NFS exports that will back the application PV and optionally the database PV. +| `openshift_management_storage_nfs_base_dir` | **No** | `/exports/` | If you are using **External NFS** then you may set the base path to the exports location here. <br />**Local NFS Note**: You *may* also change this value if you want to change the default path used for local NFS exports. | +| `openshift_management_storage_nfs_local_hostname` | **No** | `false` | If you do not have an `[nfs]` group in your inventory, or want to simply manually define the local NFS host in your cluster, set this parameter to the hostname of the preferred NFS server. The server must be a part of your OCP/Origin cluster. | +| **CUSTOMIZATION OPTIONS** | | | | | +| `openshift_management_template_parameters` | **No** | `{}` | A dictionary of any parameters you want to override in the application/pv templates. + +* <sup>[1]</sup> The `cfme-template`s will be available and + automatically detected once CFME 4.6 is released + + +# Getting Started + +Below are some inventory snippets that can help you get started right +away. + +If you want to install CFME/MIQ at the same time you install your +OCP/Origin cluster, ensure that `openshift_management_install_management` is set +to `true` in your inventory. Call the standard +`playbooks/byo/config.yml` playbook to begin the cluster and CFME/MIQ +installation. + +If you are installing CFME/MIQ on an *already provisioned cluster* +then you can call the CFME/MIQ playbook directly: + +``` +$ ansible-playbook -v -i <YOUR_INVENTORY> playbooks/byo/openshift-management/config.yml +``` + +*Note: Use `miq-template` in the following examples for ManageIQ installs* + +## All Defaults + +This example is the simplest. All of the default values and choices +are used. This will result in a fully podified CFME installation. All +application components, as well as the PostgreSQL database will be +created as pods in the container platform. + +```ini +[OSEv3:vars] +openshift_management_app_template=cfme-template +``` + +## External NFS Storage + +This is as the previous example, except that instead of using local +NFS services in the cluster it will use an external NFS server (such +as a storage appliance). Note the two new parameters: + +* `openshift_management_storage_class` - set to `nfs_external` +* `openshift_management_storage_nfs_external_hostname` - set to the hostname + of the NFS server + +```ini +[OSEv3:vars] +openshift_management_app_template=cfme-template +openshift_management_storage_class=nfs_external +openshift_management_storage_nfs_external_hostname=nfs.example.com +``` + +If the external NFS host exports directories under a different parent +directory, such as `/exports/hosted/prod` then we would add an +additional parameter, `openshift_management_storage_nfs_base_dir`: + +```ini +# ... +openshift_management_storage_nfs_base_dir=/exports/hosted/prod +``` + +## Override PV sizes + +This example will override the PV sizes. Note that we set the PV sizes +in the template parameters, `openshift_management_template_parameters`. This +ensures that the application/db will be able to make claims on created +PVs without clobbering each other. + +```ini +[OSEv3:vars] +openshift_management_app_template=cfme-template +openshift_management_template_parameters={'APPLICATION_VOLUME_CAPACITY': '10Gi', 'DATABASE_VOLUME_CAPACITY': '25Gi'} +``` + +## Override Memory Requirements + +In a test or proof-of-concept installation you may need to reduce the +application/database memory requirements to fit within your +capacity. Note that reducing memory limits can result in reduced +performance or a complete failure to initialize the application. + +```ini +[OSEv3:vars] +openshift_management_app_template=cfme-template +openshift_management_template_parameters={'APPLICATION_MEM_REQ': '3000Mi', 'POSTGRESQL_MEM_REQ': '1Gi', 'ANSIBLE_MEM_REQ': '512Mi'} +``` + +Here we have instructed the installer to process the application +template with the parameter `APPLICATION_MEM_REQ` set to `3000Mi`, +`POSTGRESQL_MEM_REQ` set to `1Gi`, and `ANSIBLE_MEM_REQ` set to +`512Mi`. + +These parameters can be combined with the PV size override parameters +displayed in the previous example. + +## External PostgreSQL Database + +To use an external database you must change the +`openshift_management_app_template` parameter value to `miq-template-ext-db` +or `cfme-template-ext-db`. + +Additionally, database connection information **must** be supplied in +the `openshift_management_template_parameters` customization parameter. See +[Customization - Database - External](#external) for more +information. + +```ini +[OSEv3:vars] +openshift_management_app_template=cfme-template-ext-db +openshift_management_template_parameters={'DATABASE_USER': 'root', 'DATABASE_PASSWORD': 'r1ck&M0r7y', 'DATABASE_IP': '10.10.10.10', 'DATABASE_PORT': '5432', 'DATABASE_NAME': 'cfme'} +``` + +**NOTE:** Ensure your are running PostgreSQL 9.5 or you may not be +able to deploy the app successfully. + +# Limitations + +This release is the first OpenShift CFME release in the OCP 3.7 +series. It is not complete yet. + +## Product Choice + +Due to staggered release dates, **CFME support is not +integrated**. Presently this role will only deploy a ManageIQ +installation. This role will be updated once CFME 4.6 is released and +this limitation note will be removed. + +# Configuration + +Before you can deploy CFME you must decide *how* you want to deploy +it. There are two major decisions to make: + +1. Do you want an external, or a podified database? +1. Which storage class will back your PVs? + +## Database + +### Podified + +Any `POSTGRES_*` or `DATABASE_*` template parameters in +[miq-template.yaml](files/templates/manageiq/miq-template.yaml) or +[cfme-template.yaml](files/templates/cloudforms/cfme-template.yaml) +may be customized through the `openshift_management_template_parameters` +hash. + +### External + +Any `POSTGRES_*` or `DATABASE_*` template parameters in +[miq-template-ext-db.yaml](files/templates/manageiq/miq-template-ext-db.yaml) +or +[cfme-template-ext-db.yaml](files/templates/cloudforms/cfme-template-ext-db.yaml) +may be customized through the `openshift_management_template_parameters` +hash. + +External PostgreSQL databases require you to provide database +connection parameters. You must set the required connection keys in +the `openshift_management_template_parameters` parameter in your +inventory. The following keys are required: + +* `DATABASE_USER` +* `DATABASE_PASSWORD` +* `DATABASE_IP` +* `DATABASE_PORT` - *note: Most PostgreSQL servers run on port `5432`* +* `DATABASE_NAME` + +**NOTE:** Ensure your are running PostgreSQL 9.5 or you may not be +able to deploy the app successfully. + +Your inventory would contain lines similar to this: + +```ini +[OSEv3:vars] +openshift_management_app_template=cfme-template-ext-db +openshift_management_template_parameters={'DATABASE_USER': 'root', 'DATABASE_PASSWORD': 'r1ck&M0r7y', 'DATABASE_IP': '10.10.10.10', 'DATABASE_PORT': '5432', 'DATABASE_NAME': 'cfme'} +``` + +**Note** the new value for the `openshift_management_app_template` +parameter, `cfme-template-ext-db` (ManageIQ installations would use +`miq-template-ext-db` instead). + +At run time you may run into errors similar to this: + +``` +TASK [openshift_management : Ensure the CFME App is created] *********************************** +task path: /home/tbielawa/rhat/os/openshift-ansible/roles/openshift_management/tasks/main.yml:74 +Tuesday 03 October 2017 15:30:44 -0400 (0:00:00.056) 0:00:12.278 ******* +{"cmd": "/usr/bin/oc create -f /tmp/postgresql-ZPEWQS -n openshift-management", + "kind": "Endpoints", "results": {}, "returncode": 1, "stderr": "Error from server + (BadRequest): error when creating \"/tmp/postgresql-ZPEWQS\": Endpoints in version + \"v1\" cannot be handled as a Endpoints: [pos 218]: json: decNum: got first char + 'f'\n", "stdout": ""} +``` + +Or like this: + +``` +TASK [openshift_management : Ensure the CFME App is created] *********************************** +task path: /home/tbielawa/rhat/os/openshift-ansible/roles/openshift_management/tasks/main.yml:74 +Tuesday 03 October 2017 16:05:36 -0400 (0:00:00.052) 0:00:18.948 ******* +fatal: [m01.example.com]: FAILED! => {"changed": true, "failed": true, "msg": +{"cmd": "/usr/bin/oc create -f /tmp/postgresql-igS5sx -n openshift-management", "kind": + "Endpoints", "results": {}, "returncode": 1, "stderr": "The Endpoints \"postgresql\" + is invalid: subsets[0].addresses[0].ip: Invalid value: \"doo\": must be a valid IP + address, (e.g. 10.9.8.7)\n", "stdout": ""}, +``` + +While intimidating at first, there are useful bits of information in +here. Examine the error output closely and we can tell exactly what is +wrong. + +In the first example we see `Endpoints in version \"v1\" cannot be +handled as a Endpoints: [pos 218]: json: decNum: got first char +...`. This is because in my example I used the value `foo` for the +parameter `DATABASE_PORT`. + +In the second example we see `The Endpoints \"postgresql\" is invalid: +subsets[0].addresses[0].ip: Invalid value: \"doo\": must be a valid IP +address ...`. This is because in my example I used the value `doo` in +the `DATABASE_IP` field. + +Luckily for us when the templates are processed behind the scenes they +are also running type checking validation. So, don't worry, just look +closely at the errors and ensure you are providing the correct values +for each parameter. + +## Storage Classes + +OpenShift CFME supports several storage class options. + +### NFS (Default) + +The NFS storage class is best suited for proof-of-concept and +test/demo deployments. It is also the **default** storage class for +deployments. No additional configuration is required for this +choice. + +Customization is provided through the following role variables: + +* `openshift_management_storage_nfs_base_dir` +* `openshift_management_storage_nfs_local_hostname` + +### NFS External + +External NFS leans on pre-configured NFS servers to provide exports +for the required PVs. For external NFS you must have: + +* For CFME: a `cfme-app` and optionally a `cfme-db` (for podified database) exports +* For ManageIQ: an `miq-app` and optionally an `miq-db` (for podified database) exports + +Configuration is provided through the following role variables: + +* `openshift_management_storage_nfs_external_hostname` +* `openshift_management_storage_nfs_base_dir` + +The `openshift_management_storage_nfs_external_hostname` parameter must be +set to the hostname or IP of your external NFS server. + +If `/exports` is not the parent directory to your exports then you +must set the base directory via the +`openshift_management_storage_nfs_base_dir` parameter. + +For example, if your server export is `/exports/hosted/prod/cfme-app` +then you must set +`openshift_management_storage_nfs_base_dir=/exports/hosted/prod`. + +### Cloud Provider + +CFME can also use a cloud provider storage to back required PVs. For +this functionality to work you must have also configured the +`openshift_cloudprovider_kind` variable and all associated parameters +specific to your chosen cloud provider. + +Using this storage class, when the application is created the required +PVs will automatically be provisioned using the configured cloud +provider storage integration. + +There are no additional variables to configure the behavior of this +storage class. + +### Preconfigured (Expert Configuration Only) + +The *preconfigured* storage class implies that you know exactly what +you're doing and that all storage requirements have been taken care +ahead of time. Typically this means that you've already created the +correctly sized PVs. + +There are no additional variables to configure the behavior of this +storage class. + +# Customization + +Application and database parameters may be customized by means of the +`openshift_management_template_parameters` inventory parameter. + +**For example**, if you wanted to reduce the memory requirement of the +PostgreSQL pod then you could configure the parameter like this: + +`openshift_management_template_parameters={'POSTGRESQL_MEM_REQ': '1Gi'}` + +When the CFME template is processed `1Gi` will be used for the value +of the `POSTGRESQL_MEM_REQ` template parameter. + +Any parameter in the `parameters` section of the +[miq-template.yaml](files/templates/manageiq/miq-template.yaml) or +[miq-template-ext-db.yaml](files/templates/manageiq/miq-template-ext-db.yaml) +may be overridden through the `openshift_management_template_parameters` +hash. This applies to **CloudForms** installations as well: +[cfme-template.yaml](files/templates/cloudforms/cfme-template.yaml), +[cfme-template-ext-db.yaml](files/templates/cloudforms/cfme-template-ext-db.yaml). + +# Container Provider + +There are two methods for enabling container provider integration. You +can manually add OCP/Origin as a container provider, or you can try +the playbooks included with this role. + +## Manually + +See the online documentation for steps to manually add you cluster as +a container provider: + +* [Container Providers](http://manageiq.org/docs/reference/latest/doc-Managing_Providers/miq/#containers-providers) + +## Automatically + +Automated container provider integration can be accomplished using the +playbooks included with this role. + +This playbook will: + +1. Gather the necessary authentication secrets +1. Find the public routes to the Management app and the cluster API +1. Make a REST call to add this cluster as a container provider + + +``` +$ ansible-playbook -v -i <YOUR_INVENTORY> playbooks/byo/openshift-management/add_container_provider.yml +``` + +## Multiple Providers + +As well as providing playbooks to integrate your *current* container +platform into the management service, this role includes a **tech +preview** script which allows you to add multiple container platforms +as container providers in any arbitrary MIQ/CFME server. + +Using the multiple-provider script requires manual configuration and +setting an `EXTRA_VARS` parameter on the command-line. + + +1. Copy the + [container_providers.yml](files/examples/container_providers.yml) + example somewhere, such as `/tmp/cp.yml` +1. If you changed your CFME/MIQ name or password, update the + `hostname`, `user`, and `password` parameters in the + `management_server` key in the `container_providers.yml` file copy +1. Fill in an entry under the `container_providers` key for *each* OCP + or Origin cluster you want to add as container providers + +**Parameters Which MUST Be Configured:** + +* `auth_key` - This is the token of a service account which has admin capabilities on the cluster. +* `hostname` - This is the hostname that points to the cluster API. Each container provider must have a unique hostname. +* `name` - This is the name of the cluster as displayed in the management server container providers overview. This must be unique. + +*Note*: You can obtain the `auth_key` bearer token from your clusters + with this command: `oc serviceaccounts get-token -n management-infra + management-admin` + +**Parameters Which MAY Be Configured:** + +* `port` - Update this key if your OCP/Origin cluster runs the API on a port other than `8443` +* `endpoint` - You may enable SSL verification (`verify_ssl`) or change the validation setting to `ssl-with-validation`. Support for custom trusted CA certificates is not available at this time. + + +Let's see an example describing the following scenario: + +* You copied `files/examples/container_providers.yml` to `/tmp/cp.yml` +* You're adding two OCP clusters +* Your management server runs on `mgmt.example.com` + +You would customize `/tmp/cp.yml` as such: + +```yaml +--- +container_providers: + - connection_configurations: + - authentication: {auth_key: "management-token-for-this-cluster", authtype: bearer, type: AuthToken} + endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0} + hostname: "ocp-prod.example.com" + name: OCP Production + port: 8443 + type: "ManageIQ::Providers::Openshift::ContainerManager" + - connection_configurations: + - authentication: {auth_key: "management-token-for-this-cluster", authtype: bearer, type: AuthToken} + endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0} + hostname: "ocp-test.example.com" + name: OCP Testing + port: 8443 + type: "ManageIQ::Providers::Openshift::ContainerManager" +management_server: + hostname: "mgmt.example.com" + user: admin + password: b3tt3r_p4SSw0rd +``` + +Then you will run the many-container-providers integration script. You +**must** provide the path to the container providers configuration +file as an `EXTRA_VARS` parameter to `ansible-playbook`. Use the `-e` +(or `--extra-vars`) parameter to set `container_providers_config` to +the config file path. + +``` +$ ansible-playbook -v -e container_providers_config=/tmp/cp.yml \ + playbooks/byo/openshift-management/add_many_container_providers.yml +``` + +Afterwards you will find two new container providers in your +management service. Navigate to `Compute` → `Containers` → `Providers` +to see an overview. + +# Uninstall + +This role includes a playbook to uninstall and erase the CFME/MIQ +installation: + +* `playbooks/byo/openshift-management/uninstall.yml` + +NFS export definitions and data stored on NFS exports are not +automatically removed. You are urged to manually erase any data from +old application or database deployments before attempting to +initialize a new deployment. + +Failure to erase old PostgreSQL data can result in cascading +errors. The postgres pod may enter a `crashloopbackoff` state. This +will block the management pod from ever starting. The cause of the +`crashloopbackoff` is due to incorrect file permissions on the +database NFS export created during a previous deployment. + +To continue, erase all data from the postgres export and delete the +pod (**not** the deployer pod). For example, if you have pods like +such: + +``` +# oc get pods +NAME READY STATUS RESTARTS AGE +httpd-1-cx7fk 1/1 Running 1 21h +manageiq-0 0/1 Running 1 21h +memcached-1-vkc7p 1/1 Running 1 21h +postgresql-1-deploy 1/1 Running 1 21h +postgresql-1-6w2t4 0/1 CrashLoopBackOff 1 21h +``` + +Then you would: + +1. Erase the data from the database NFS export +2. `oc delete postgresql-1-6w2t4` + +The postgres deployer pod will try to scale up a new postgres pod to +replace the one you deleted. Once the postgres pod is running the +manageiq pod will stop blocking and begin application initialization. + +# Additional Information + +The upstream project, +[@manageiq/manageiq-pods](https://github.com/ManageIQ/manageiq-pods), +contains a wealth of additional information useful for managing and +operating your CFME installation. Topics include: + +* [Verifying Successful Installation](https://github.com/ManageIQ/manageiq-pods#verifying-the-setup-was-successful) +* [Disabling Image Change Triggers](https://github.com/ManageIQ/manageiq-pods#disable-image-change-triggers) +* [Scaling CFME](https://github.com/ManageIQ/manageiq-pods#scale-miq) +* [Backing up and Restoring the DB](https://github.com/ManageIQ/manageiq-pods#backup-and-restore-of-the-miq-database) +* [Troubleshooting](https://github.com/ManageIQ/manageiq-pods#troubleshooting) diff --git a/roles/openshift_management/defaults/main.yml b/roles/openshift_management/defaults/main.yml new file mode 100644 index 000000000..8ba65b386 --- /dev/null +++ b/roles/openshift_management/defaults/main.yml @@ -0,0 +1,104 @@ +--- +# Namespace for the CFME project +openshift_management_project: openshift-management +# Namespace/project description +openshift_management_project_description: CloudForms Management Engine + +###################################################################### +# BASE TEMPLATE AND DATABASE OPTIONS +###################################################################### +# Which flavor of CFME would you like? You may install CFME using a +# podified PostgreSQL server, or you may choose to use an existing +# PostgreSQL server. +# +# Choose 'miq-template' for a podified database install +# Choose 'miq-template-ext-db' for an external database install +openshift_management_app_template: miq-template +# If you are using the miq-template-ext-db template then you must add +# the required database parameters to the +# openshift_management_template_parameters variable. + +###################################################################### +# STORAGE OPTIONS +###################################################################### +# DEFAULT - 'nfs' +# Allowed options: nfs, nfs_external, preconfigured, cloudprovider. +openshift_management_storage_class: nfs +# * nfs - Best used for proof-of-concept installs. Will setup NFS on a +# cluster host (defaults to your first master in the inventory file) +# to back the required PVCs. The application requires a PVC and the +# database (which may be hosted externally) may require a +# second. PVC minimum required sizes are: 5GiB for the MIQ +# application, and 15GiB for the PostgreSQL database (20GiB minimum +# available space on an volume/partition if used specifically for +# NFS purposes) +# +# * nfs_external - You are using an external NFS server, such as a +# netapp appliance. See the STORAGE - NFS OPTIONS section below for +# required information. +# +# * preconfigured - This CFME role will do NOTHING to modify storage +# settings. This option assumes expert knowledge and that you have +# done everything required ahead of time. +# +# * cloudprovider - You are using an OCP cloudprovider integration for +# your storage class. For this to work you must have already +# configured the required inventory parameters for your cloud +# provider +# +# Ensure 'openshift_cloudprovider_kind' is defined (aws or gce) and +# that the applicable cloudprovider parameters are provided. + +#--------------------------------------------------------------------- +# STORAGE - NFS OPTIONS +#--------------------------------------------------------------------- +# [OPTIONAL] - If you are using an EXTERNAL NFS server, such as a +# netapp appliance, then you must set the hostname here. Leave the +# value as 'false' if you are not using external NFS. +openshift_management_storage_nfs_external_hostname: false +# [OPTIONAL] - If you are using external NFS then you must set the base +# path to the exports location here. +# +# Additionally: EXTERNAL NFS REQUIRES that YOU CREATE the nfs exports +# that will back the application PV and optionally the database +# pv. Export path definitions, relative to +# {{ openshift_management_storage_nfs_base_dir }} +# +# LOCAL NFS NOTE: +# +# You may may also change this value if you want to change the default +# path used for local NFS exports. +openshift_management_storage_nfs_base_dir: /exports +# +# LOCAL NFS NOTE: +# +# You may override the automatically selected LOCAL NFS server by +# setting this variable. Useful for testing specific task files. +openshift_management_storage_nfs_local_hostname: false + +###################################################################### +# DEFAULT ACCOUNT INFORMATION +###################################################################### +# These are the default values for the username and password of the +# management app. Changing these values in your inventory will not +# change your username or password. You should only need to change +# these values in your inventory if you already changed the actual +# name and password AND are trying to use integration scripts. +# +# For example, adding this cluster as a container provider, +# playbooks/byo/openshift-management/add_container_provider.yml +openshift_management_username: admin +openshift_management_password: smartvm + +###################################################################### +# SCAFFOLDING - These are parameters we pre-seed that a user may or +# may not set later +###################################################################### +# A hash of parameters you want to override or set in the +# miq-template.yaml or miq-template-ext-db.yaml templates. Set this in +# your inventory file as a simple hash. Acceptable values are defined +# under the .parameters list in files/miq-template{-ext-db}.yaml +# Example: +# +# openshift_management_template_parameters={'APPLICATION_MEM_REQ': '512Mi'} +openshift_management_template_parameters: {} diff --git a/roles/openshift_management/files/examples/container_providers.yml b/roles/openshift_management/files/examples/container_providers.yml new file mode 100644 index 000000000..661f62e4d --- /dev/null +++ b/roles/openshift_management/files/examples/container_providers.yml @@ -0,0 +1,22 @@ +--- +container_providers: + - connection_configurations: + - authentication: {auth_key: "management-admin-token-here", authtype: bearer, type: AuthToken} + endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0} + hostname: "OCP/Origin cluster hostname (providing API access)" + name: openshift-management + port: 8443 + type: "ManageIQ::Providers::Openshift::ContainerManager" +# Copy and update for as many OCP or Origin providers as you want to +# add to your management service + # - connection_configurations: + # - authentication: {auth_key: "management-admin-token-here", authtype: bearer, type: AuthToken} + # endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0} + # hostname: "OCP/Origin cluster hostname (providing API access)" + # name: openshift-management + # port: 8443 + # type: "ManageIQ::Providers::Openshift::ContainerManager" +management_server: + hostname: "Management server hostname (providing API access)" + user: admin + password: smartvm diff --git a/roles/openshift_management/files/templates/cloudforms/cfme-backup-job.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-backup-job.yaml new file mode 100644 index 000000000..c3bc1d20c --- /dev/null +++ b/roles/openshift_management/files/templates/cloudforms/cfme-backup-job.yaml @@ -0,0 +1,28 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cloudforms-backup +spec: + template: + metadata: + name: cloudforms-backup + spec: + containers: + - name: postgresql + image: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-postgresql:latest + command: + - "/opt/rh/cfme-container-scripts/backup_db" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: cloudforms-secrets + key: database-url + volumeMounts: + - name: cfme-backup-vol + mountPath: "/backups" + volumes: + - name: cfme-backup-vol + persistentVolumeClaim: + claimName: cloudforms-backup + restartPolicy: Never diff --git a/roles/openshift_management/files/templates/cloudforms/cfme-backup-pvc.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-backup-pvc.yaml new file mode 100644 index 000000000..92598ce82 --- /dev/null +++ b/roles/openshift_management/files/templates/cloudforms/cfme-backup-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: cloudforms-backup +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 15Gi diff --git a/roles/openshift_management/files/templates/cloudforms/cfme-pv-backup-example.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-pv-backup-example.yaml new file mode 100644 index 000000000..4fe349897 --- /dev/null +++ b/roles/openshift_management/files/templates/cloudforms/cfme-pv-backup-example.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: cfme-pv03 +spec: + capacity: + storage: 15Gi + accessModes: + - ReadWriteOnce + nfs: + path: "/exports/cfme-pv03" + server: "<your-nfs-host-here>" + persistentVolumeReclaimPolicy: Retain diff --git a/roles/openshift_management/files/templates/cloudforms/cfme-pv-db-example.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-pv-db-example.yaml new file mode 100644 index 000000000..0cdd821b5 --- /dev/null +++ b/roles/openshift_management/files/templates/cloudforms/cfme-pv-db-example.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Template +labels: + template: cloudforms-db-pv +metadata: + name: cloudforms-db-pv + annotations: + description: PV Template for CFME PostgreSQL DB + tags: PVS, CFME +objects: +- apiVersion: v1 + kind: PersistentVolume + metadata: + name: cfme-db + spec: + capacity: + storage: "${PV_SIZE}" + accessModes: + - ReadWriteOnce + nfs: + path: "${BASE_PATH}/cfme-db" + server: "${NFS_HOST}" + persistentVolumeReclaimPolicy: Retain +parameters: +- name: PV_SIZE + displayName: PV Size for DB + required: true + description: The size of the CFME DB PV given in Gi + value: 15Gi +- name: BASE_PATH + displayName: Exports Directory Base Path + required: true + description: The parent directory of your NFS exports + value: "/exports" +- name: NFS_HOST + displayName: NFS Server Hostname + required: true + description: The hostname or IP address of the NFS server diff --git a/roles/openshift_management/files/templates/cloudforms/cfme-pv-server-example.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-pv-server-example.yaml new file mode 100644 index 000000000..527090ae8 --- /dev/null +++ b/roles/openshift_management/files/templates/cloudforms/cfme-pv-server-example.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Template +labels: + template: cloudforms-app-pv +metadata: + name: cloudforms-app-pv + annotations: + description: PV Template for CFME Server + tags: PVS, CFME +objects: +- apiVersion: v1 + kind: PersistentVolume + metadata: + name: cfme-app + spec: + capacity: + storage: "${PV_SIZE}" + accessModes: + - ReadWriteOnce + nfs: + path: "${BASE_PATH}/cfme-app" + server: "${NFS_HOST}" + persistentVolumeReclaimPolicy: Retain +parameters: +- name: PV_SIZE + displayName: PV Size for App + required: true + description: The size of the CFME APP PV given in Gi + value: 5Gi +- name: BASE_PATH + displayName: Exports Directory Base Path + required: true + description: The parent directory of your NFS exports + value: "/exports" +- name: NFS_HOST + displayName: NFS Server Hostname + required: true + description: The hostname or IP address of the NFS server diff --git a/roles/openshift_management/files/templates/cloudforms/cfme-restore-job.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-restore-job.yaml new file mode 100644 index 000000000..8b23f8a33 --- /dev/null +++ b/roles/openshift_management/files/templates/cloudforms/cfme-restore-job.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: cloudforms-restore +spec: + template: + metadata: + name: cloudforms-restore + spec: + containers: + - name: postgresql + image: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-postgresql:latest + command: + - "/opt/rh/cfme-container-scripts/restore_db" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: cloudforms-secrets + key: database-url + - name: BACKUP_VERSION + value: latest + volumeMounts: + - name: cfme-backup-vol + mountPath: "/backups" + - name: cfme-prod-vol + mountPath: "/restore" + volumes: + - name: cfme-backup-vol + persistentVolumeClaim: + claimName: cloudforms-backup + - name: cfme-prod-vol + persistentVolumeClaim: + claimName: cloudforms-postgresql + restartPolicy: Never diff --git a/roles/openshift_management/files/templates/cloudforms/cfme-scc-sysadmin.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-scc-sysadmin.yaml new file mode 100644 index 000000000..d2ece9298 --- /dev/null +++ b/roles/openshift_management/files/templates/cloudforms/cfme-scc-sysadmin.yaml @@ -0,0 +1,38 @@ +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegedContainer: false +allowedCapabilities: +apiVersion: v1 +defaultAddCapabilities: +- SYS_ADMIN +fsGroup: + type: RunAsAny +groups: +- system:cluster-admins +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: cfme-sysadmin provides all features of the anyuid SCC but allows users to have SYS_ADMIN capabilities. This is the required scc for Pods requiring to run with systemd and the message bus. + creationTimestamp: + name: cfme-sysadmin +priority: 10 +readOnlyRootFilesystem: false +requiredDropCapabilities: +- MKNOD +- SYS_CHROOT +runAsUser: + type: RunAsAny +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +users: +volumes: +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- secret diff --git a/roles/openshift_management/files/templates/cloudforms/cfme-template-ext-db.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-template-ext-db.yaml new file mode 100644 index 000000000..4a04f3372 --- /dev/null +++ b/roles/openshift_management/files/templates/cloudforms/cfme-template-ext-db.yaml @@ -0,0 +1,763 @@ +apiVersion: v1 +kind: Template +labels: + template: cloudforms-ext-db +metadata: + name: cloudforms-ext-db + annotations: + description: CloudForms appliance with persistent storage using a external DB host + tags: instant-app,cloudforms,cfme + iconClass: icon-rails +objects: +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: cfme-orchestrator +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: cfme-anyuid +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: cfme-privileged +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: cfme-httpd +- apiVersion: v1 + kind: Secret + metadata: + name: "${NAME}-secrets" + stringData: + pg-password: "${DATABASE_PASSWORD}" + database-url: postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_SERVICE_NAME}/${DATABASE_NAME}?encoding=utf8&pool=5&wait_timeout=5 + v2-key: "${V2_KEY}" +- apiVersion: v1 + kind: Secret + metadata: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + stringData: + rabbit-password: "${ANSIBLE_RABBITMQ_PASSWORD}" + secret-key: "${ANSIBLE_SECRET_KEY}" + admin-password: "${ANSIBLE_ADMIN_PASSWORD}" +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Exposes and load balances CloudForms pods + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"},{"name":"${MEMCACHED_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: "${NAME}" + spec: + clusterIP: None + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + selector: + name: "${NAME}" +- apiVersion: v1 + kind: Route + metadata: + name: "${HTTPD_SERVICE_NAME}" + spec: + host: "${APPLICATION_DOMAIN}" + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + name: "${HTTPD_SERVICE_NAME}" +- apiVersion: apps/v1beta1 + kind: StatefulSet + metadata: + name: "${NAME}" + annotations: + description: Defines how to deploy the CloudForms appliance + spec: + serviceName: "${NAME}" + replicas: "${APPLICATION_REPLICA_COUNT}" + template: + metadata: + labels: + name: "${NAME}" + name: "${NAME}" + spec: + containers: + - name: cloudforms + image: "${FRONTEND_APPLICATION_IMG_NAME}:${FRONTEND_APPLICATION_IMG_TAG}" + livenessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: "/" + port: 80 + scheme: HTTP + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + volumeMounts: + - name: "${NAME}-server" + mountPath: "/persistent" + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: APPLICATION_INIT_DELAY + value: "${APPLICATION_INIT_DELAY}" + - name: DATABASE_REGION + value: "${DATABASE_REGION}" + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: database-url + - name: V2_KEY + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: v2-key + - name: ANSIBLE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + resources: + requests: + memory: "${APPLICATION_MEM_REQ}" + cpu: "${APPLICATION_CPU_REQ}" + limits: + memory: "${APPLICATION_MEM_LIMIT}" + lifecycle: + preStop: + exec: + command: + - "/opt/rh/cfme-container-scripts/sync-pv-data" + serviceAccount: cfme-orchestrator + serviceAccountName: cfme-orchestrator + terminationGracePeriodSeconds: 90 + volumeClaimTemplates: + - metadata: + name: "${NAME}-server" + annotations: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${APPLICATION_VOLUME_CAPACITY}" +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Headless service for CloudForms backend pods + name: "${NAME}-backend" + spec: + clusterIP: None + selector: + name: "${NAME}-backend" +- apiVersion: apps/v1beta1 + kind: StatefulSet + metadata: + name: "${NAME}-backend" + annotations: + description: Defines how to deploy the CloudForms appliance + spec: + serviceName: "${NAME}-backend" + replicas: 0 + template: + metadata: + labels: + name: "${NAME}-backend" + name: "${NAME}-backend" + spec: + containers: + - name: cloudforms + image: "${BACKEND_APPLICATION_IMG_NAME}:${BACKEND_APPLICATION_IMG_TAG}" + livenessProbe: + exec: + command: + - pidof + - MIQ Server + initialDelaySeconds: 480 + timeoutSeconds: 3 + volumeMounts: + - name: "${NAME}-server" + mountPath: "/persistent" + env: + - name: APPLICATION_INIT_DELAY + value: "${APPLICATION_INIT_DELAY}" + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: database-url + - name: MIQ_SERVER_DEFAULT_ROLES + value: database_operations,event,reporting,scheduler,smartstate,ems_operations,ems_inventory,automate + - name: FRONTEND_SERVICE_NAME + value: "${NAME}" + - name: V2_KEY + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: v2-key + - name: ANSIBLE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + resources: + requests: + memory: "${APPLICATION_MEM_REQ}" + cpu: "${APPLICATION_CPU_REQ}" + limits: + memory: "${APPLICATION_MEM_LIMIT}" + lifecycle: + preStop: + exec: + command: + - "/opt/rh/cfme-container-scripts/sync-pv-data" + serviceAccount: cfme-orchestrator + serviceAccountName: cfme-orchestrator + terminationGracePeriodSeconds: 90 + volumeClaimTemplates: + - metadata: + name: "${NAME}-server" + annotations: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${APPLICATION_VOLUME_CAPACITY}" +- apiVersion: v1 + kind: Service + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: Exposes the memcached server + spec: + ports: + - name: memcached + port: 11211 + targetPort: 11211 + selector: + name: "${MEMCACHED_SERVICE_NAME}" +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: Defines how to deploy memcached + spec: + strategy: + type: Recreate + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "${MEMCACHED_SERVICE_NAME}" + template: + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + labels: + name: "${MEMCACHED_SERVICE_NAME}" + spec: + volumes: [] + containers: + - name: memcached + image: "${MEMCACHED_IMG_NAME}:${MEMCACHED_IMG_TAG}" + ports: + - containerPort: 11211 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + tcpSocket: + port: 11211 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + tcpSocket: + port: 11211 + volumeMounts: [] + env: + - name: MEMCACHED_MAX_MEMORY + value: "${MEMCACHED_MAX_MEMORY}" + - name: MEMCACHED_MAX_CONNECTIONS + value: "${MEMCACHED_MAX_CONNECTIONS}" + - name: MEMCACHED_SLAB_PAGE_SIZE + value: "${MEMCACHED_SLAB_PAGE_SIZE}" + resources: + requests: + memory: "${MEMCACHED_MEM_REQ}" + cpu: "${MEMCACHED_CPU_REQ}" + limits: + memory: "${MEMCACHED_MEM_LIMIT}" +- apiVersion: v1 + kind: Service + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: Remote database service + spec: + ports: + - name: postgresql + port: 5432 + targetPort: "${{DATABASE_PORT}}" + selector: {} +- apiVersion: v1 + kind: Endpoints + metadata: + name: "${DATABASE_SERVICE_NAME}" + subsets: + - addresses: + - ip: "${DATABASE_IP}" + ports: + - port: "${{DATABASE_PORT}}" + name: postgresql +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Exposes and load balances Ansible pods + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: "${ANSIBLE_SERVICE_NAME}" + spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + name: "${ANSIBLE_SERVICE_NAME}" +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${ANSIBLE_SERVICE_NAME}" + annotations: + description: Defines how to deploy the Ansible appliance + spec: + strategy: + type: Recreate + serviceName: "${ANSIBLE_SERVICE_NAME}" + replicas: 0 + template: + metadata: + labels: + name: "${ANSIBLE_SERVICE_NAME}" + name: "${ANSIBLE_SERVICE_NAME}" + spec: + containers: + - name: ansible + image: "${ANSIBLE_IMG_NAME}:${ANSIBLE_IMG_TAG}" + livenessProbe: + tcpSocket: + port: 443 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: "/" + port: 443 + scheme: HTTPS + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP + securityContext: + privileged: true + env: + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + - name: RABBITMQ_USER_NAME + value: "${ANSIBLE_RABBITMQ_USER_NAME}" + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: rabbit-password + - name: ANSIBLE_SECRET_KEY + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: secret-key + - name: DATABASE_SERVICE_NAME + value: "${DATABASE_SERVICE_NAME}" + - name: POSTGRESQL_USER + value: "${DATABASE_USER}" + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: pg-password + - name: POSTGRESQL_DATABASE + value: "${ANSIBLE_DATABASE_NAME}" + resources: + requests: + memory: "${ANSIBLE_MEM_REQ}" + cpu: "${ANSIBLE_CPU_REQ}" + limits: + memory: "${ANSIBLE_MEM_LIMIT}" + serviceAccount: cfme-privileged + serviceAccountName: cfme-privileged +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "${HTTPD_SERVICE_NAME}-configs" + data: + application.conf: | + # Timeout: The number of seconds before receives and sends time out. + Timeout 120 + + RewriteEngine On + Options SymLinksIfOwnerMatch + + <VirtualHost *:80> + KeepAlive on + ProxyPreserveHost on + ProxyPass /ws/ ws://${NAME}/ws/ + ProxyPassReverse /ws/ ws://${NAME}/ws/ + ProxyPass / http://${NAME}/ + ProxyPassReverse / http://${NAME}/ + </VirtualHost> +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + data: + auth-type: internal + auth-configuration.conf: | + # External Authentication Configuration File + # + # For details on usage please see https://github.com/ManageIQ/manageiq-pods/blob/master/README.md#configuring-external-authentication +- apiVersion: v1 + kind: Service + metadata: + name: "${HTTPD_SERVICE_NAME}" + annotations: + description: Exposes the httpd server + service.alpha.openshift.io/dependencies: '[{"name":"${NAME}","namespace":"","kind":"Service"}]' + spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + name: httpd +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${HTTPD_SERVICE_NAME}" + annotations: + description: Defines how to deploy httpd + spec: + strategy: + type: Recreate + recreateParams: + timeoutSeconds: 1200 + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "${HTTPD_SERVICE_NAME}" + template: + metadata: + name: "${HTTPD_SERVICE_NAME}" + labels: + name: "${HTTPD_SERVICE_NAME}" + spec: + volumes: + - name: httpd-config + configMap: + name: "${HTTPD_SERVICE_NAME}-configs" + - name: httpd-auth-config + configMap: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + containers: + - name: httpd + image: "${HTTPD_IMG_NAME}:${HTTPD_IMG_TAG}" + ports: + - containerPort: 80 + livenessProbe: + exec: + command: + - pidof + - httpd + initialDelaySeconds: 15 + timeoutSeconds: 3 + readinessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 10 + timeoutSeconds: 3 + volumeMounts: + - name: httpd-config + mountPath: "${HTTPD_CONFIG_DIR}" + - name: httpd-auth-config + mountPath: "${HTTPD_AUTH_CONFIG_DIR}" + resources: + requests: + memory: "${HTTPD_MEM_REQ}" + cpu: "${HTTPD_CPU_REQ}" + limits: + memory: "${HTTPD_MEM_LIMIT}" + env: + - name: HTTPD_AUTH_TYPE + valueFrom: + configMapKeyRef: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + key: auth-type + lifecycle: + postStart: + exec: + command: + - "/usr/bin/save-container-environment" + serviceAccount: cfme-httpd + serviceAccountName: cfme-httpd +parameters: +- name: NAME + displayName: Name + required: true + description: The name assigned to all of the frontend objects defined in this template. + value: cloudforms +- name: V2_KEY + displayName: CloudForms Encryption Key + required: true + description: Encryption Key for CloudForms Passwords + from: "[a-zA-Z0-9]{43}" + generate: expression +- name: DATABASE_SERVICE_NAME + displayName: PostgreSQL Service Name + required: true + description: The name of the OpenShift Service exposed for the PostgreSQL container. + value: postgresql +- name: DATABASE_USER + displayName: PostgreSQL User + required: true + description: PostgreSQL user that will access the database. + value: root +- name: DATABASE_PASSWORD + displayName: PostgreSQL Password + required: true + description: Password for the PostgreSQL user. + from: "[a-zA-Z0-9]{8}" + generate: expression +- name: DATABASE_IP + displayName: PostgreSQL Server IP + required: true + description: PostgreSQL external server IP used to configure service. + value: '' +- name: DATABASE_PORT + displayName: PostgreSQL Server Port + required: true + description: PostgreSQL external server port used to configure service. + value: '5432' +- name: DATABASE_NAME + required: true + displayName: PostgreSQL Database Name + description: Name of the PostgreSQL database accessed. + value: vmdb_production +- name: DATABASE_REGION + required: true + displayName: Application Database Region + description: Database region that will be used for application. + value: '0' +- name: ANSIBLE_DATABASE_NAME + displayName: Ansible PostgreSQL database name + required: true + description: The database to be used by the Ansible continer + value: awx +- name: MEMCACHED_SERVICE_NAME + required: true + displayName: Memcached Service Name + description: The name of the OpenShift Service exposed for the Memcached container. + value: memcached +- name: MEMCACHED_MAX_MEMORY + displayName: Memcached Max Memory + description: Memcached maximum memory for memcached object storage in MB. + value: '64' +- name: MEMCACHED_MAX_CONNECTIONS + displayName: Memcached Max Connections + description: Memcached maximum number of connections allowed. + value: '1024' +- name: MEMCACHED_SLAB_PAGE_SIZE + displayName: Memcached Slab Page Size + description: Memcached size of each slab page. + value: 1m +- name: ANSIBLE_SERVICE_NAME + displayName: Ansible Service Name + description: The name of the OpenShift Service exposed for the Ansible container. + value: ansible +- name: ANSIBLE_ADMIN_PASSWORD + displayName: Ansible admin User password + required: true + description: The password for the Ansible container admin user + from: "[a-zA-Z0-9]{32}" + generate: expression +- name: ANSIBLE_SECRET_KEY + displayName: Ansible Secret Key + required: true + description: Encryption key for the Ansible container + from: "[a-f0-9]{32}" + generate: expression +- name: ANSIBLE_RABBITMQ_USER_NAME + displayName: RabbitMQ Username + required: true + description: Username for the Ansible RabbitMQ Server + value: ansible +- name: ANSIBLE_RABBITMQ_PASSWORD + displayName: RabbitMQ Server Password + required: true + description: Password for the Ansible RabbitMQ Server + from: "[a-zA-Z0-9]{32}" + generate: expression +- name: APPLICATION_CPU_REQ + displayName: Application Min CPU Requested + required: true + description: Minimum amount of CPU time the Application container will need (expressed in millicores). + value: 1000m +- name: MEMCACHED_CPU_REQ + displayName: Memcached Min CPU Requested + required: true + description: Minimum amount of CPU time the Memcached container will need (expressed in millicores). + value: 200m +- name: ANSIBLE_CPU_REQ + displayName: Ansible Min CPU Requested + required: true + description: Minimum amount of CPU time the Ansible container will need (expressed in millicores). + value: 1000m +- name: APPLICATION_MEM_REQ + displayName: Application Min RAM Requested + required: true + description: Minimum amount of memory the Application container will need. + value: 6144Mi +- name: MEMCACHED_MEM_REQ + displayName: Memcached Min RAM Requested + required: true + description: Minimum amount of memory the Memcached container will need. + value: 64Mi +- name: ANSIBLE_MEM_REQ + displayName: Ansible Min RAM Requested + required: true + description: Minimum amount of memory the Ansible container will need. + value: 2048Mi +- name: APPLICATION_MEM_LIMIT + displayName: Application Max RAM Limit + required: true + description: Maximum amount of memory the Application container can consume. + value: 16384Mi +- name: MEMCACHED_MEM_LIMIT + displayName: Memcached Max RAM Limit + required: true + description: Maximum amount of memory the Memcached container can consume. + value: 256Mi +- name: ANSIBLE_MEM_LIMIT + displayName: Ansible Max RAM Limit + required: true + description: Maximum amount of memory the Ansible container can consume. + value: 8096Mi +- name: MEMCACHED_IMG_NAME + displayName: Memcached Image Name + description: This is the Memcached image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-memcached +- name: MEMCACHED_IMG_TAG + displayName: Memcached Image Tag + description: This is the Memcached image tag/version requested to deploy. + value: latest +- name: FRONTEND_APPLICATION_IMG_NAME + displayName: Frontend Application Image Name + description: This is the Frontend Application image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-app-ui +- name: BACKEND_APPLICATION_IMG_NAME + displayName: Backend Application Image Name + description: This is the Backend Application image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-app +- name: FRONTEND_APPLICATION_IMG_TAG + displayName: Front end Application Image Tag + description: This is the CloudForms Frontend Application image tag/version requested to deploy. + value: latest +- name: BACKEND_APPLICATION_IMG_TAG + displayName: Back end Application Image Tag + description: This is the CloudForms Backend Application image tag/version requested to deploy. + value: latest +- name: ANSIBLE_IMG_NAME + displayName: Ansible Image Name + description: This is the Ansible image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-embedded-ansible +- name: ANSIBLE_IMG_TAG + displayName: Ansible Image Tag + description: This is the Ansible image tag/version requested to deploy. + value: latest +- name: APPLICATION_DOMAIN + displayName: Application Hostname + description: The exposed hostname that will route to the application service, if left blank a value will be defaulted. + value: '' +- name: APPLICATION_REPLICA_COUNT + displayName: Application Replica Count + description: This is the number of Application replicas requested to deploy. + value: '1' +- name: APPLICATION_INIT_DELAY + displayName: Application Init Delay + required: true + description: Delay in seconds before we attempt to initialize the application. + value: '15' +- name: APPLICATION_VOLUME_CAPACITY + displayName: Application Volume Capacity + required: true + description: Volume space available for application data. + value: 5Gi +- name: HTTPD_SERVICE_NAME + required: true + displayName: Apache httpd Service Name + description: The name of the OpenShift Service exposed for the httpd container. + value: httpd +- name: HTTPD_IMG_NAME + displayName: Apache httpd Image Name + description: This is the httpd image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-httpd +- name: HTTPD_IMG_TAG + displayName: Apache httpd Image Tag + description: This is the httpd image tag/version requested to deploy. + value: latest +- name: HTTPD_CONFIG_DIR + displayName: Apache httpd Configuration Directory + description: Directory used to store the Apache configuration files. + value: "/etc/httpd/conf.d" +- name: HTTPD_AUTH_CONFIG_DIR + displayName: External Authentication Configuration Directory + description: Directory used to store the external authentication configuration files. + value: "/etc/httpd/auth-conf.d" +- name: HTTPD_CPU_REQ + displayName: Apache httpd Min CPU Requested + required: true + description: Minimum amount of CPU time the httpd container will need (expressed in millicores). + value: 500m +- name: HTTPD_MEM_REQ + displayName: Apache httpd Min RAM Requested + required: true + description: Minimum amount of memory the httpd container will need. + value: 512Mi +- name: HTTPD_MEM_LIMIT + displayName: Apache httpd Max RAM Limit + required: true + description: Maximum amount of memory the httpd container can consume. + value: 8192Mi diff --git a/roles/openshift_management/files/templates/cloudforms/cfme-template.yaml b/roles/openshift_management/files/templates/cloudforms/cfme-template.yaml new file mode 100644 index 000000000..d7c9f5af7 --- /dev/null +++ b/roles/openshift_management/files/templates/cloudforms/cfme-template.yaml @@ -0,0 +1,940 @@ +apiVersion: v1 +kind: Template +labels: + template: cloudforms +metadata: + name: cloudforms + annotations: + description: CloudForms appliance with persistent storage + tags: instant-app,cloudforms,cfme + iconClass: icon-rails +objects: +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: cfme-orchestrator +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: cfme-anyuid +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: cfme-privileged +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: cfme-httpd +- apiVersion: v1 + kind: Secret + metadata: + name: "${NAME}-secrets" + stringData: + pg-password: "${DATABASE_PASSWORD}" + database-url: postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_SERVICE_NAME}/${DATABASE_NAME}?encoding=utf8&pool=5&wait_timeout=5 + v2-key: "${V2_KEY}" +- apiVersion: v1 + kind: Secret + metadata: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + stringData: + rabbit-password: "${ANSIBLE_RABBITMQ_PASSWORD}" + secret-key: "${ANSIBLE_SECRET_KEY}" + admin-password: "${ANSIBLE_ADMIN_PASSWORD}" +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "${DATABASE_SERVICE_NAME}-configs" + data: + 01_miq_overrides.conf: | + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + tcp_keepalives_count = 9 + tcp_keepalives_idle = 3 + tcp_keepalives_interval = 75 + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + shared_preload_libraries = 'pglogical,repmgr_funcs' + max_worker_processes = 10 + + #------------------------------------------------------------------------------ + # WRITE AHEAD LOG + #------------------------------------------------------------------------------ + + wal_level = 'logical' + wal_log_hints = on + wal_buffers = 16MB + checkpoint_completion_target = 0.9 + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + max_wal_senders = 10 + wal_sender_timeout = 0 + max_replication_slots = 10 + hot_standby = on + + #------------------------------------------------------------------------------ + # ERROR REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + log_filename = 'postgresql.log' + log_rotation_age = 0 + log_min_duration_statement = 5000 + log_connections = on + log_disconnections = on + log_line_prefix = '%t:%r:%c:%u@%d:[%p]:' + log_lock_waits = on + + #------------------------------------------------------------------------------ + # AUTOVACUUM PARAMETERS + #------------------------------------------------------------------------------ + + log_autovacuum_min_duration = 0 + autovacuum_naptime = 5min + autovacuum_vacuum_threshold = 500 + autovacuum_analyze_threshold = 500 + autovacuum_vacuum_scale_factor = 0.05 + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + deadlock_timeout = 5s + + #------------------------------------------------------------------------------ + # VERSION/PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + escape_string_warning = off + standard_conforming_strings = off +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "${HTTPD_SERVICE_NAME}-configs" + data: + application.conf: | + # Timeout: The number of seconds before receives and sends time out. + Timeout 120 + + RewriteEngine On + Options SymLinksIfOwnerMatch + + <VirtualHost *:80> + KeepAlive on + ProxyPreserveHost on + ProxyPass /ws/ ws://${NAME}/ws/ + ProxyPassReverse /ws/ ws://${NAME}/ws/ + ProxyPass / http://${NAME}/ + ProxyPassReverse / http://${NAME}/ + </VirtualHost> +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + data: + auth-type: internal + auth-configuration.conf: | + # External Authentication Configuration File + # + # For details on usage please see https://github.com/ManageIQ/manageiq-pods/blob/master/README.md#configuring-external-authentication +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Exposes and load balances CloudForms pods + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"},{"name":"${MEMCACHED_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: "${NAME}" + spec: + clusterIP: None + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + selector: + name: "${NAME}" +- apiVersion: v1 + kind: Route + metadata: + name: "${HTTPD_SERVICE_NAME}" + spec: + host: "${APPLICATION_DOMAIN}" + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + name: "${HTTPD_SERVICE_NAME}" +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: "${NAME}-${DATABASE_SERVICE_NAME}" + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${DATABASE_VOLUME_CAPACITY}" +- apiVersion: apps/v1beta1 + kind: StatefulSet + metadata: + name: "${NAME}" + annotations: + description: Defines how to deploy the CloudForms appliance + spec: + serviceName: "${NAME}" + replicas: "${APPLICATION_REPLICA_COUNT}" + template: + metadata: + labels: + name: "${NAME}" + name: "${NAME}" + spec: + containers: + - name: cloudforms + image: "${FRONTEND_APPLICATION_IMG_NAME}:${FRONTEND_APPLICATION_IMG_TAG}" + livenessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: "/" + port: 80 + scheme: HTTP + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + volumeMounts: + - name: "${NAME}-server" + mountPath: "/persistent" + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: APPLICATION_INIT_DELAY + value: "${APPLICATION_INIT_DELAY}" + - name: DATABASE_REGION + value: "${DATABASE_REGION}" + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: database-url + - name: V2_KEY + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: v2-key + - name: ANSIBLE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + resources: + requests: + memory: "${APPLICATION_MEM_REQ}" + cpu: "${APPLICATION_CPU_REQ}" + limits: + memory: "${APPLICATION_MEM_LIMIT}" + lifecycle: + preStop: + exec: + command: + - "/opt/rh/cfme-container-scripts/sync-pv-data" + serviceAccount: cfme-orchestrator + serviceAccountName: cfme-orchestrator + terminationGracePeriodSeconds: 90 + volumeClaimTemplates: + - metadata: + name: "${NAME}-server" + annotations: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${APPLICATION_VOLUME_CAPACITY}" +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Headless service for CloudForms backend pods + name: "${NAME}-backend" + spec: + clusterIP: None + selector: + name: "${NAME}-backend" +- apiVersion: apps/v1beta1 + kind: StatefulSet + metadata: + name: "${NAME}-backend" + annotations: + description: Defines how to deploy the CloudForms appliance + spec: + serviceName: "${NAME}-backend" + replicas: 0 + template: + metadata: + labels: + name: "${NAME}-backend" + name: "${NAME}-backend" + spec: + containers: + - name: cloudforms + image: "${BACKEND_APPLICATION_IMG_NAME}:${BACKEND_APPLICATION_IMG_TAG}" + livenessProbe: + exec: + command: + - pidof + - MIQ Server + initialDelaySeconds: 480 + timeoutSeconds: 3 + volumeMounts: + - name: "${NAME}-server" + mountPath: "/persistent" + env: + - name: APPLICATION_INIT_DELAY + value: "${APPLICATION_INIT_DELAY}" + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: database-url + - name: MIQ_SERVER_DEFAULT_ROLES + value: database_operations,event,reporting,scheduler,smartstate,ems_operations,ems_inventory,automate + - name: FRONTEND_SERVICE_NAME + value: "${NAME}" + - name: V2_KEY + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: v2-key + - name: ANSIBLE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + resources: + requests: + memory: "${APPLICATION_MEM_REQ}" + cpu: "${APPLICATION_CPU_REQ}" + limits: + memory: "${APPLICATION_MEM_LIMIT}" + lifecycle: + preStop: + exec: + command: + - "/opt/rh/cfme-container-scripts/sync-pv-data" + serviceAccount: cfme-orchestrator + serviceAccountName: cfme-orchestrator + terminationGracePeriodSeconds: 90 + volumeClaimTemplates: + - metadata: + name: "${NAME}-server" + annotations: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${APPLICATION_VOLUME_CAPACITY}" +- apiVersion: v1 + kind: Service + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: Exposes the memcached server + spec: + ports: + - name: memcached + port: 11211 + targetPort: 11211 + selector: + name: "${MEMCACHED_SERVICE_NAME}" +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: Defines how to deploy memcached + spec: + strategy: + type: Recreate + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "${MEMCACHED_SERVICE_NAME}" + template: + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + labels: + name: "${MEMCACHED_SERVICE_NAME}" + spec: + volumes: [] + containers: + - name: memcached + image: "${MEMCACHED_IMG_NAME}:${MEMCACHED_IMG_TAG}" + ports: + - containerPort: 11211 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + tcpSocket: + port: 11211 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + tcpSocket: + port: 11211 + volumeMounts: [] + env: + - name: MEMCACHED_MAX_MEMORY + value: "${MEMCACHED_MAX_MEMORY}" + - name: MEMCACHED_MAX_CONNECTIONS + value: "${MEMCACHED_MAX_CONNECTIONS}" + - name: MEMCACHED_SLAB_PAGE_SIZE + value: "${MEMCACHED_SLAB_PAGE_SIZE}" + resources: + requests: + memory: "${MEMCACHED_MEM_REQ}" + cpu: "${MEMCACHED_CPU_REQ}" + limits: + memory: "${MEMCACHED_MEM_LIMIT}" +- apiVersion: v1 + kind: Service + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: Exposes the database server + spec: + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + selector: + name: "${DATABASE_SERVICE_NAME}" +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: Defines how to deploy the database + spec: + strategy: + type: Recreate + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "${DATABASE_SERVICE_NAME}" + template: + metadata: + name: "${DATABASE_SERVICE_NAME}" + labels: + name: "${DATABASE_SERVICE_NAME}" + spec: + volumes: + - name: cfme-pgdb-volume + persistentVolumeClaim: + claimName: "${NAME}-${DATABASE_SERVICE_NAME}" + - name: cfme-pg-configs + configMap: + name: "${DATABASE_SERVICE_NAME}-configs" + containers: + - name: postgresql + image: "${POSTGRESQL_IMG_NAME}:${POSTGRESQL_IMG_TAG}" + ports: + - containerPort: 5432 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 15 + exec: + command: + - "/bin/sh" + - "-i" + - "-c" + - psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1' + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 60 + tcpSocket: + port: 5432 + volumeMounts: + - name: cfme-pgdb-volume + mountPath: "/var/lib/pgsql/data" + - name: cfme-pg-configs + mountPath: "${POSTGRESQL_CONFIG_DIR}" + env: + - name: POSTGRESQL_USER + value: "${DATABASE_USER}" + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: pg-password + - name: POSTGRESQL_DATABASE + value: "${DATABASE_NAME}" + - name: POSTGRESQL_MAX_CONNECTIONS + value: "${POSTGRESQL_MAX_CONNECTIONS}" + - name: POSTGRESQL_SHARED_BUFFERS + value: "${POSTGRESQL_SHARED_BUFFERS}" + - name: POSTGRESQL_CONFIG_DIR + value: "${POSTGRESQL_CONFIG_DIR}" + resources: + requests: + memory: "${POSTGRESQL_MEM_REQ}" + cpu: "${POSTGRESQL_CPU_REQ}" + limits: + memory: "${POSTGRESQL_MEM_LIMIT}" +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Exposes and load balances Ansible pods + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: "${ANSIBLE_SERVICE_NAME}" + spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + name: "${ANSIBLE_SERVICE_NAME}" +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${ANSIBLE_SERVICE_NAME}" + annotations: + description: Defines how to deploy the Ansible appliance + spec: + strategy: + type: Recreate + serviceName: "${ANSIBLE_SERVICE_NAME}" + replicas: 0 + template: + metadata: + labels: + name: "${ANSIBLE_SERVICE_NAME}" + name: "${ANSIBLE_SERVICE_NAME}" + spec: + containers: + - name: ansible + image: "${ANSIBLE_IMG_NAME}:${ANSIBLE_IMG_TAG}" + livenessProbe: + tcpSocket: + port: 443 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: "/" + port: 443 + scheme: HTTPS + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP + securityContext: + privileged: true + env: + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + - name: RABBITMQ_USER_NAME + value: "${ANSIBLE_RABBITMQ_USER_NAME}" + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: rabbit-password + - name: ANSIBLE_SECRET_KEY + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: secret-key + - name: DATABASE_SERVICE_NAME + value: "${DATABASE_SERVICE_NAME}" + - name: POSTGRESQL_USER + value: "${DATABASE_USER}" + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: pg-password + - name: POSTGRESQL_DATABASE + value: "${ANSIBLE_DATABASE_NAME}" + resources: + requests: + memory: "${ANSIBLE_MEM_REQ}" + cpu: "${ANSIBLE_CPU_REQ}" + limits: + memory: "${ANSIBLE_MEM_LIMIT}" + serviceAccount: cfme-privileged + serviceAccountName: cfme-privileged +- apiVersion: v1 + kind: Service + metadata: + name: "${HTTPD_SERVICE_NAME}" + annotations: + description: Exposes the httpd server + service.alpha.openshift.io/dependencies: '[{"name":"${NAME}","namespace":"","kind":"Service"}]' + spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + name: httpd +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${HTTPD_SERVICE_NAME}" + annotations: + description: Defines how to deploy httpd + spec: + strategy: + type: Recreate + recreateParams: + timeoutSeconds: 1200 + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "${HTTPD_SERVICE_NAME}" + template: + metadata: + name: "${HTTPD_SERVICE_NAME}" + labels: + name: "${HTTPD_SERVICE_NAME}" + spec: + volumes: + - name: httpd-config + configMap: + name: "${HTTPD_SERVICE_NAME}-configs" + - name: httpd-auth-config + configMap: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + containers: + - name: httpd + image: "${HTTPD_IMG_NAME}:${HTTPD_IMG_TAG}" + ports: + - containerPort: 80 + livenessProbe: + exec: + command: + - pidof + - httpd + initialDelaySeconds: 15 + timeoutSeconds: 3 + readinessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 10 + timeoutSeconds: 3 + volumeMounts: + - name: httpd-config + mountPath: "${HTTPD_CONFIG_DIR}" + - name: httpd-auth-config + mountPath: "${HTTPD_AUTH_CONFIG_DIR}" + resources: + requests: + memory: "${HTTPD_MEM_REQ}" + cpu: "${HTTPD_CPU_REQ}" + limits: + memory: "${HTTPD_MEM_LIMIT}" + env: + - name: HTTPD_AUTH_TYPE + valueFrom: + configMapKeyRef: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + key: auth-type + lifecycle: + postStart: + exec: + command: + - "/usr/bin/save-container-environment" + serviceAccount: cfme-httpd + serviceAccountName: cfme-httpd +parameters: +- name: NAME + displayName: Name + required: true + description: The name assigned to all of the frontend objects defined in this template. + value: cloudforms +- name: V2_KEY + displayName: CloudForms Encryption Key + required: true + description: Encryption Key for CloudForms Passwords + from: "[a-zA-Z0-9]{43}" + generate: expression +- name: DATABASE_SERVICE_NAME + displayName: PostgreSQL Service Name + required: true + description: The name of the OpenShift Service exposed for the PostgreSQL container. + value: postgresql +- name: DATABASE_USER + displayName: PostgreSQL User + required: true + description: PostgreSQL user that will access the database. + value: root +- name: DATABASE_PASSWORD + displayName: PostgreSQL Password + required: true + description: Password for the PostgreSQL user. + from: "[a-zA-Z0-9]{8}" + generate: expression +- name: DATABASE_NAME + required: true + displayName: PostgreSQL Database Name + description: Name of the PostgreSQL database accessed. + value: vmdb_production +- name: DATABASE_REGION + required: true + displayName: Application Database Region + description: Database region that will be used for application. + value: '0' +- name: ANSIBLE_DATABASE_NAME + displayName: Ansible PostgreSQL database name + required: true + description: The database to be used by the Ansible continer + value: awx +- name: MEMCACHED_SERVICE_NAME + required: true + displayName: Memcached Service Name + description: The name of the OpenShift Service exposed for the Memcached container. + value: memcached +- name: MEMCACHED_MAX_MEMORY + displayName: Memcached Max Memory + description: Memcached maximum memory for memcached object storage in MB. + value: '64' +- name: MEMCACHED_MAX_CONNECTIONS + displayName: Memcached Max Connections + description: Memcached maximum number of connections allowed. + value: '1024' +- name: MEMCACHED_SLAB_PAGE_SIZE + displayName: Memcached Slab Page Size + description: Memcached size of each slab page. + value: 1m +- name: POSTGRESQL_CONFIG_DIR + displayName: PostgreSQL Configuration Overrides + description: Directory used to store PostgreSQL configuration overrides. + value: "/var/lib/pgsql/conf.d" +- name: POSTGRESQL_MAX_CONNECTIONS + displayName: PostgreSQL Max Connections + description: PostgreSQL maximum number of database connections allowed. + value: '1000' +- name: POSTGRESQL_SHARED_BUFFERS + displayName: PostgreSQL Shared Buffer Amount + description: Amount of memory dedicated for PostgreSQL shared memory buffers. + value: 1GB +- name: ANSIBLE_SERVICE_NAME + displayName: Ansible Service Name + description: The name of the OpenShift Service exposed for the Ansible container. + value: ansible +- name: ANSIBLE_ADMIN_PASSWORD + displayName: Ansible admin User password + required: true + description: The password for the Ansible container admin user + from: "[a-zA-Z0-9]{32}" + generate: expression +- name: ANSIBLE_SECRET_KEY + displayName: Ansible Secret Key + required: true + description: Encryption key for the Ansible container + from: "[a-f0-9]{32}" + generate: expression +- name: ANSIBLE_RABBITMQ_USER_NAME + displayName: RabbitMQ Username + required: true + description: Username for the Ansible RabbitMQ Server + value: ansible +- name: ANSIBLE_RABBITMQ_PASSWORD + displayName: RabbitMQ Server Password + required: true + description: Password for the Ansible RabbitMQ Server + from: "[a-zA-Z0-9]{32}" + generate: expression +- name: APPLICATION_CPU_REQ + displayName: Application Min CPU Requested + required: true + description: Minimum amount of CPU time the Application container will need (expressed in millicores). + value: 1000m +- name: POSTGRESQL_CPU_REQ + displayName: PostgreSQL Min CPU Requested + required: true + description: Minimum amount of CPU time the PostgreSQL container will need (expressed in millicores). + value: 500m +- name: MEMCACHED_CPU_REQ + displayName: Memcached Min CPU Requested + required: true + description: Minimum amount of CPU time the Memcached container will need (expressed in millicores). + value: 200m +- name: ANSIBLE_CPU_REQ + displayName: Ansible Min CPU Requested + required: true + description: Minimum amount of CPU time the Ansible container will need (expressed in millicores). + value: 1000m +- name: APPLICATION_MEM_REQ + displayName: Application Min RAM Requested + required: true + description: Minimum amount of memory the Application container will need. + value: 6144Mi +- name: POSTGRESQL_MEM_REQ + displayName: PostgreSQL Min RAM Requested + required: true + description: Minimum amount of memory the PostgreSQL container will need. + value: 4Gi +- name: MEMCACHED_MEM_REQ + displayName: Memcached Min RAM Requested + required: true + description: Minimum amount of memory the Memcached container will need. + value: 64Mi +- name: ANSIBLE_MEM_REQ + displayName: Ansible Min RAM Requested + required: true + description: Minimum amount of memory the Ansible container will need. + value: 2048Mi +- name: APPLICATION_MEM_LIMIT + displayName: Application Max RAM Limit + required: true + description: Maximum amount of memory the Application container can consume. + value: 16384Mi +- name: POSTGRESQL_MEM_LIMIT + displayName: PostgreSQL Max RAM Limit + required: true + description: Maximum amount of memory the PostgreSQL container can consume. + value: 8Gi +- name: MEMCACHED_MEM_LIMIT + displayName: Memcached Max RAM Limit + required: true + description: Maximum amount of memory the Memcached container can consume. + value: 256Mi +- name: ANSIBLE_MEM_LIMIT + displayName: Ansible Max RAM Limit + required: true + description: Maximum amount of memory the Ansible container can consume. + value: 8096Mi +- name: POSTGRESQL_IMG_NAME + displayName: PostgreSQL Image Name + description: This is the PostgreSQL image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-postgresql +- name: POSTGRESQL_IMG_TAG + displayName: PostgreSQL Image Tag + description: This is the PostgreSQL image tag/version requested to deploy. + value: latest +- name: MEMCACHED_IMG_NAME + displayName: Memcached Image Name + description: This is the Memcached image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-memcached +- name: MEMCACHED_IMG_TAG + displayName: Memcached Image Tag + description: This is the Memcached image tag/version requested to deploy. + value: latest +- name: FRONTEND_APPLICATION_IMG_NAME + displayName: Frontend Application Image Name + description: This is the Frontend Application image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-app-ui +- name: BACKEND_APPLICATION_IMG_NAME + displayName: Backend Application Image Name + description: This is the Backend Application image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-app +- name: FRONTEND_APPLICATION_IMG_TAG + displayName: Front end Application Image Tag + description: This is the CloudForms Frontend Application image tag/version requested to deploy. + value: latest +- name: BACKEND_APPLICATION_IMG_TAG + displayName: Back end Application Image Tag + description: This is the CloudForms Backend Application image tag/version requested to deploy. + value: latest +- name: ANSIBLE_IMG_NAME + displayName: Ansible Image Name + description: This is the Ansible image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-embedded-ansible +- name: ANSIBLE_IMG_TAG + displayName: Ansible Image Tag + description: This is the Ansible image tag/version requested to deploy. + value: latest +- name: APPLICATION_DOMAIN + displayName: Application Hostname + description: The exposed hostname that will route to the application service, if left blank a value will be defaulted. + value: '' +- name: APPLICATION_REPLICA_COUNT + displayName: Application Replica Count + description: This is the number of Application replicas requested to deploy. + value: '1' +- name: APPLICATION_INIT_DELAY + displayName: Application Init Delay + required: true + description: Delay in seconds before we attempt to initialize the application. + value: '15' +- name: APPLICATION_VOLUME_CAPACITY + displayName: Application Volume Capacity + required: true + description: Volume space available for application data. + value: 5Gi +- name: DATABASE_VOLUME_CAPACITY + displayName: Database Volume Capacity + required: true + description: Volume space available for database. + value: 15Gi +- name: HTTPD_SERVICE_NAME + required: true + displayName: Apache httpd Service Name + description: The name of the OpenShift Service exposed for the httpd container. + value: httpd +- name: HTTPD_IMG_NAME + displayName: Apache httpd Image Name + description: This is the httpd image name requested to deploy. + value: brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/cloudforms46/cfme-openshift-httpd +- name: HTTPD_IMG_TAG + displayName: Apache httpd Image Tag + description: This is the httpd image tag/version requested to deploy. + value: latest +- name: HTTPD_CONFIG_DIR + displayName: Apache Configuration Directory + description: Directory used to store the Apache configuration files. + value: "/etc/httpd/conf.d" +- name: HTTPD_AUTH_CONFIG_DIR + displayName: External Authentication Configuration Directory + description: Directory used to store the external authentication configuration files. + value: "/etc/httpd/auth-conf.d" +- name: HTTPD_CPU_REQ + displayName: Apache httpd Min CPU Requested + required: true + description: Minimum amount of CPU time the httpd container will need (expressed in millicores). + value: 500m +- name: HTTPD_MEM_REQ + displayName: Apache httpd Min RAM Requested + required: true + description: Minimum amount of memory the httpd container will need. + value: 512Mi +- name: HTTPD_MEM_LIMIT + displayName: Apache httpd Max RAM Limit + required: true + description: Maximum amount of memory the httpd container can consume. + value: 8192Mi diff --git a/roles/openshift_management/files/templates/manageiq/miq-backup-job.yaml b/roles/openshift_management/files/templates/manageiq/miq-backup-job.yaml new file mode 100644 index 000000000..044cb73a5 --- /dev/null +++ b/roles/openshift_management/files/templates/manageiq/miq-backup-job.yaml @@ -0,0 +1,28 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: manageiq-backup +spec: + template: + metadata: + name: manageiq-backup + spec: + containers: + - name: postgresql + image: docker.io/manageiq/postgresql:latest + command: + - "/opt/manageiq/container-scripts/backup_db" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: manageiq-secrets + key: database-url + volumeMounts: + - name: miq-backup-vol + mountPath: "/backups" + volumes: + - name: miq-backup-vol + persistentVolumeClaim: + claimName: manageiq-backup + restartPolicy: Never diff --git a/roles/openshift_management/files/templates/manageiq/miq-backup-pvc.yaml b/roles/openshift_management/files/templates/manageiq/miq-backup-pvc.yaml new file mode 100644 index 000000000..25696ef23 --- /dev/null +++ b/roles/openshift_management/files/templates/manageiq/miq-backup-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: manageiq-backup +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 15Gi diff --git a/roles/openshift_management/files/templates/manageiq/miq-pv-backup-example.yaml b/roles/openshift_management/files/templates/manageiq/miq-pv-backup-example.yaml new file mode 100644 index 000000000..a5cf54d4e --- /dev/null +++ b/roles/openshift_management/files/templates/manageiq/miq-pv-backup-example.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: miq-pv03 +spec: + capacity: + storage: 15Gi + accessModes: + - ReadWriteOnce + nfs: + path: "/exports/miq-pv03" + server: "<your-nfs-host-here>" + persistentVolumeReclaimPolicy: Retain diff --git a/roles/openshift_management/files/templates/manageiq/miq-pv-db-example.yaml b/roles/openshift_management/files/templates/manageiq/miq-pv-db-example.yaml new file mode 100644 index 000000000..a803bebe2 --- /dev/null +++ b/roles/openshift_management/files/templates/manageiq/miq-pv-db-example.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Template +labels: + template: manageiq-db-pv +metadata: + name: manageiq-db-pv + annotations: + description: PV Template for MIQ PostgreSQL DB + tags: PVS, MIQ +objects: +- apiVersion: v1 + kind: PersistentVolume + metadata: + name: miq-db + spec: + capacity: + storage: "${PV_SIZE}" + accessModes: + - ReadWriteOnce + nfs: + path: "${BASE_PATH}/miq-db" + server: "${NFS_HOST}" + persistentVolumeReclaimPolicy: Retain +parameters: +- name: PV_SIZE + displayName: PV Size for DB + required: true + description: The size of the MIQ DB PV given in Gi + value: 15Gi +- name: BASE_PATH + displayName: Exports Directory Base Path + required: true + description: The parent directory of your NFS exports + value: "/exports" +- name: NFS_HOST + displayName: NFS Server Hostname + required: true + description: The hostname or IP address of the NFS server diff --git a/roles/openshift_management/files/templates/manageiq/miq-pv-server-example.yaml b/roles/openshift_management/files/templates/manageiq/miq-pv-server-example.yaml new file mode 100644 index 000000000..1288544d1 --- /dev/null +++ b/roles/openshift_management/files/templates/manageiq/miq-pv-server-example.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Template +labels: + template: manageiq-app-pv +metadata: + name: manageiq-app-pv + annotations: + description: PV Template for MIQ Server + tags: PVS, MIQ +objects: +- apiVersion: v1 + kind: PersistentVolume + metadata: + name: miq-app + spec: + capacity: + storage: "${PV_SIZE}" + accessModes: + - ReadWriteOnce + nfs: + path: "${BASE_PATH}/miq-app" + server: "${NFS_HOST}" + persistentVolumeReclaimPolicy: Retain +parameters: +- name: PV_SIZE + displayName: PV Size for App + required: true + description: The size of the MIQ APP PV given in Gi + value: 5Gi +- name: BASE_PATH + displayName: Exports Directory Base Path + required: true + description: The parent directory of your NFS exports + value: "/exports" +- name: NFS_HOST + displayName: NFS Server Hostname + required: true + description: The hostname or IP address of the NFS server diff --git a/roles/openshift_management/files/templates/manageiq/miq-restore-job.yaml b/roles/openshift_management/files/templates/manageiq/miq-restore-job.yaml new file mode 100644 index 000000000..eea284dd4 --- /dev/null +++ b/roles/openshift_management/files/templates/manageiq/miq-restore-job.yaml @@ -0,0 +1,35 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: manageiq-restore +spec: + template: + metadata: + name: manageiq-restore + spec: + containers: + - name: postgresql + image: docker.io/manageiq/postgresql:latest + command: + - "/opt/manageiq/container-scripts/restore_db" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: manageiq-secrets + key: database-url + - name: BACKUP_VERSION + value: latest + volumeMounts: + - name: miq-backup-vol + mountPath: "/backups" + - name: miq-prod-vol + mountPath: "/restore" + volumes: + - name: miq-backup-vol + persistentVolumeClaim: + claimName: manageiq-backup + - name: miq-prod-vol + persistentVolumeClaim: + claimName: manageiq-postgresql + restartPolicy: Never diff --git a/roles/openshift_management/files/templates/manageiq/miq-template-ext-db.yaml b/roles/openshift_management/files/templates/manageiq/miq-template-ext-db.yaml new file mode 100644 index 000000000..82cd5d49e --- /dev/null +++ b/roles/openshift_management/files/templates/manageiq/miq-template-ext-db.yaml @@ -0,0 +1,771 @@ +apiVersion: v1 +kind: Template +labels: + template: manageiq-ext-db +metadata: + name: manageiq-ext-db + annotations: + description: ManageIQ appliance with persistent storage using a external DB host + tags: instant-app,manageiq,miq + iconClass: icon-rails +objects: +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: miq-orchestrator +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: miq-anyuid +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: miq-privileged +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: miq-httpd +- apiVersion: v1 + kind: Secret + metadata: + name: "${NAME}-secrets" + stringData: + pg-password: "${DATABASE_PASSWORD}" + database-url: postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_SERVICE_NAME}/${DATABASE_NAME}?encoding=utf8&pool=5&wait_timeout=5 + v2-key: "${V2_KEY}" +- apiVersion: v1 + kind: Secret + metadata: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + stringData: + rabbit-password: "${ANSIBLE_RABBITMQ_PASSWORD}" + secret-key: "${ANSIBLE_SECRET_KEY}" + admin-password: "${ANSIBLE_ADMIN_PASSWORD}" +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Exposes and load balances ManageIQ pods + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"},{"name":"${MEMCACHED_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: "${NAME}" + spec: + clusterIP: None + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + selector: + name: "${NAME}" +- apiVersion: v1 + kind: Route + metadata: + name: "${HTTPD_SERVICE_NAME}" + spec: + host: "${APPLICATION_DOMAIN}" + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + name: "${HTTPD_SERVICE_NAME}" +- apiVersion: apps/v1beta1 + kind: StatefulSet + metadata: + name: "${NAME}" + annotations: + description: Defines how to deploy the ManageIQ appliance + spec: + serviceName: "${NAME}" + replicas: "${APPLICATION_REPLICA_COUNT}" + template: + metadata: + labels: + name: "${NAME}" + name: "${NAME}" + spec: + containers: + - name: manageiq + image: "${APPLICATION_IMG_NAME}:${FRONTEND_APPLICATION_IMG_TAG}" + livenessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: "/" + port: 80 + scheme: HTTP + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + volumeMounts: + - name: "${NAME}-server" + mountPath: "/persistent" + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: APPLICATION_INIT_DELAY + value: "${APPLICATION_INIT_DELAY}" + - name: DATABASE_SERVICE_NAME + value: "${DATABASE_SERVICE_NAME}" + - name: DATABASE_REGION + value: "${DATABASE_REGION}" + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: database-url + - name: MEMCACHED_SERVER + value: "${MEMCACHED_SERVICE_NAME}:11211" + - name: MEMCACHED_SERVICE_NAME + value: "${MEMCACHED_SERVICE_NAME}" + - name: V2_KEY + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: v2-key + - name: ANSIBLE_SERVICE_NAME + value: "${ANSIBLE_SERVICE_NAME}" + - name: ANSIBLE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + resources: + requests: + memory: "${APPLICATION_MEM_REQ}" + cpu: "${APPLICATION_CPU_REQ}" + limits: + memory: "${APPLICATION_MEM_LIMIT}" + lifecycle: + preStop: + exec: + command: + - "/opt/manageiq/container-scripts/sync-pv-data" + serviceAccount: miq-orchestrator + serviceAccountName: miq-orchestrator + terminationGracePeriodSeconds: 90 + volumeClaimTemplates: + - metadata: + name: "${NAME}-server" + annotations: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${APPLICATION_VOLUME_CAPACITY}" +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Headless service for ManageIQ backend pods + name: "${NAME}-backend" + spec: + clusterIP: None + selector: + name: "${NAME}-backend" +- apiVersion: apps/v1beta1 + kind: StatefulSet + metadata: + name: "${NAME}-backend" + annotations: + description: Defines how to deploy the ManageIQ appliance + spec: + serviceName: "${NAME}-backend" + replicas: 0 + template: + metadata: + labels: + name: "${NAME}-backend" + name: "${NAME}-backend" + spec: + containers: + - name: manageiq + image: "${APPLICATION_IMG_NAME}:${BACKEND_APPLICATION_IMG_TAG}" + livenessProbe: + exec: + command: + - pidof + - MIQ Server + initialDelaySeconds: 480 + timeoutSeconds: 3 + volumeMounts: + - name: "${NAME}-server" + mountPath: "/persistent" + env: + - name: APPLICATION_INIT_DELAY + value: "${APPLICATION_INIT_DELAY}" + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: database-url + - name: MIQ_SERVER_DEFAULT_ROLES + value: database_operations,event,reporting,scheduler,smartstate,ems_operations,ems_inventory,automate + - name: FRONTEND_SERVICE_NAME + value: "${NAME}" + - name: MEMCACHED_SERVER + value: "${MEMCACHED_SERVICE_NAME}:11211" + - name: V2_KEY + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: v2-key + - name: ANSIBLE_SERVICE_NAME + value: "${ANSIBLE_SERVICE_NAME}" + - name: ANSIBLE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + resources: + requests: + memory: "${APPLICATION_MEM_REQ}" + cpu: "${APPLICATION_CPU_REQ}" + limits: + memory: "${APPLICATION_MEM_LIMIT}" + lifecycle: + preStop: + exec: + command: + - "/opt/manageiq/container-scripts/sync-pv-data" + serviceAccount: miq-orchestrator + serviceAccountName: miq-orchestrator + terminationGracePeriodSeconds: 90 + volumeClaimTemplates: + - metadata: + name: "${NAME}-server" + annotations: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${APPLICATION_VOLUME_CAPACITY}" +- apiVersion: v1 + kind: Service + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: Exposes the memcached server + spec: + ports: + - name: memcached + port: 11211 + targetPort: 11211 + selector: + name: "${MEMCACHED_SERVICE_NAME}" +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: Defines how to deploy memcached + spec: + strategy: + type: Recreate + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "${MEMCACHED_SERVICE_NAME}" + template: + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + labels: + name: "${MEMCACHED_SERVICE_NAME}" + spec: + volumes: [] + containers: + - name: memcached + image: "${MEMCACHED_IMG_NAME}:${MEMCACHED_IMG_TAG}" + ports: + - containerPort: 11211 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + tcpSocket: + port: 11211 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + tcpSocket: + port: 11211 + volumeMounts: [] + env: + - name: MEMCACHED_MAX_MEMORY + value: "${MEMCACHED_MAX_MEMORY}" + - name: MEMCACHED_MAX_CONNECTIONS + value: "${MEMCACHED_MAX_CONNECTIONS}" + - name: MEMCACHED_SLAB_PAGE_SIZE + value: "${MEMCACHED_SLAB_PAGE_SIZE}" + resources: + requests: + memory: "${MEMCACHED_MEM_REQ}" + cpu: "${MEMCACHED_CPU_REQ}" + limits: + memory: "${MEMCACHED_MEM_LIMIT}" +- apiVersion: v1 + kind: Service + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: Remote database service + spec: + ports: + - name: postgresql + port: 5432 + targetPort: "${{DATABASE_PORT}}" + selector: {} +- apiVersion: v1 + kind: Endpoints + metadata: + name: "${DATABASE_SERVICE_NAME}" + subsets: + - addresses: + - ip: "${DATABASE_IP}" + ports: + - port: "${{DATABASE_PORT}}" + name: postgresql +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Exposes and load balances Ansible pods + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: "${ANSIBLE_SERVICE_NAME}" + spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + name: "${ANSIBLE_SERVICE_NAME}" +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${ANSIBLE_SERVICE_NAME}" + annotations: + description: Defines how to deploy the Ansible appliance + spec: + strategy: + type: Recreate + serviceName: "${ANSIBLE_SERVICE_NAME}" + replicas: 0 + template: + metadata: + labels: + name: "${ANSIBLE_SERVICE_NAME}" + name: "${ANSIBLE_SERVICE_NAME}" + spec: + containers: + - name: ansible + image: "${ANSIBLE_IMG_NAME}:${ANSIBLE_IMG_TAG}" + livenessProbe: + tcpSocket: + port: 443 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: "/" + port: 443 + scheme: HTTPS + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP + securityContext: + privileged: true + env: + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + - name: RABBITMQ_USER_NAME + value: "${ANSIBLE_RABBITMQ_USER_NAME}" + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: rabbit-password + - name: ANSIBLE_SECRET_KEY + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: secret-key + - name: DATABASE_SERVICE_NAME + value: "${DATABASE_SERVICE_NAME}" + - name: POSTGRESQL_USER + value: "${DATABASE_USER}" + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: pg-password + - name: POSTGRESQL_DATABASE + value: "${ANSIBLE_DATABASE_NAME}" + resources: + requests: + memory: "${ANSIBLE_MEM_REQ}" + cpu: "${ANSIBLE_CPU_REQ}" + limits: + memory: "${ANSIBLE_MEM_LIMIT}" + serviceAccount: miq-privileged + serviceAccountName: miq-privileged +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "${HTTPD_SERVICE_NAME}-configs" + data: + application.conf: | + # Timeout: The number of seconds before receives and sends time out. + Timeout 120 + + RewriteEngine On + Options SymLinksIfOwnerMatch + + <VirtualHost *:80> + KeepAlive on + ProxyPreserveHost on + ProxyPass /ws/ ws://${NAME}/ws/ + ProxyPassReverse /ws/ ws://${NAME}/ws/ + ProxyPass / http://${NAME}/ + ProxyPassReverse / http://${NAME}/ + </VirtualHost> +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + data: + auth-type: internal + auth-configuration.conf: | + # External Authentication Configuration File + # + # For details on usage please see https://github.com/ManageIQ/manageiq-pods/blob/master/README.md#configuring-external-authentication +- apiVersion: v1 + kind: Service + metadata: + name: "${HTTPD_SERVICE_NAME}" + annotations: + description: Exposes the httpd server + service.alpha.openshift.io/dependencies: '[{"name":"${NAME}","namespace":"","kind":"Service"}]' + spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + name: httpd +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${HTTPD_SERVICE_NAME}" + annotations: + description: Defines how to deploy httpd + spec: + strategy: + type: Recreate + recreateParams: + timeoutSeconds: 1200 + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "${HTTPD_SERVICE_NAME}" + template: + metadata: + name: "${HTTPD_SERVICE_NAME}" + labels: + name: "${HTTPD_SERVICE_NAME}" + spec: + volumes: + - name: httpd-config + configMap: + name: "${HTTPD_SERVICE_NAME}-configs" + - name: httpd-auth-config + configMap: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + containers: + - name: httpd + image: "${HTTPD_IMG_NAME}:${HTTPD_IMG_TAG}" + ports: + - containerPort: 80 + livenessProbe: + exec: + command: + - pidof + - httpd + initialDelaySeconds: 15 + timeoutSeconds: 3 + readinessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 10 + timeoutSeconds: 3 + volumeMounts: + - name: httpd-config + mountPath: "${HTTPD_CONFIG_DIR}" + - name: httpd-auth-config + mountPath: "${HTTPD_AUTH_CONFIG_DIR}" + resources: + requests: + memory: "${HTTPD_MEM_REQ}" + cpu: "${HTTPD_CPU_REQ}" + limits: + memory: "${HTTPD_MEM_LIMIT}" + env: + - name: HTTPD_AUTH_TYPE + valueFrom: + configMapKeyRef: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + key: auth-type + lifecycle: + postStart: + exec: + command: + - "/usr/bin/save-container-environment" + serviceAccount: miq-anyuid + serviceAccountName: miq-anyuid +parameters: +- name: NAME + displayName: Name + required: true + description: The name assigned to all of the frontend objects defined in this template. + value: manageiq +- name: V2_KEY + displayName: ManageIQ Encryption Key + required: true + description: Encryption Key for ManageIQ Passwords + from: "[a-zA-Z0-9]{43}" + generate: expression +- name: DATABASE_SERVICE_NAME + displayName: PostgreSQL Service Name + required: true + description: The name of the OpenShift Service exposed for the PostgreSQL container. + value: postgresql +- name: DATABASE_USER + displayName: PostgreSQL User + required: true + description: PostgreSQL user that will access the database. + value: root +- name: DATABASE_PASSWORD + displayName: PostgreSQL Password + required: true + description: Password for the PostgreSQL user. + from: "[a-zA-Z0-9]{8}" + generate: expression +- name: DATABASE_IP + displayName: PostgreSQL Server IP + required: true + description: PostgreSQL external server IP used to configure service. + value: '' +- name: DATABASE_PORT + displayName: PostgreSQL Server Port + required: true + description: PostgreSQL external server port used to configure service. + value: '5432' +- name: DATABASE_NAME + required: true + displayName: PostgreSQL Database Name + description: Name of the PostgreSQL database accessed. + value: vmdb_production +- name: DATABASE_REGION + required: true + displayName: Application Database Region + description: Database region that will be used for application. + value: '0' +- name: ANSIBLE_DATABASE_NAME + displayName: Ansible PostgreSQL database name + required: true + description: The database to be used by the Ansible continer + value: awx +- name: MEMCACHED_SERVICE_NAME + required: true + displayName: Memcached Service Name + description: The name of the OpenShift Service exposed for the Memcached container. + value: memcached +- name: MEMCACHED_MAX_MEMORY + displayName: Memcached Max Memory + description: Memcached maximum memory for memcached object storage in MB. + value: '64' +- name: MEMCACHED_MAX_CONNECTIONS + displayName: Memcached Max Connections + description: Memcached maximum number of connections allowed. + value: '1024' +- name: MEMCACHED_SLAB_PAGE_SIZE + displayName: Memcached Slab Page Size + description: Memcached size of each slab page. + value: 1m +- name: ANSIBLE_SERVICE_NAME + displayName: Ansible Service Name + description: The name of the OpenShift Service exposed for the Ansible container. + value: ansible +- name: ANSIBLE_ADMIN_PASSWORD + displayName: Ansible admin User password + required: true + description: The password for the Ansible container admin user + from: "[a-zA-Z0-9]{32}" + generate: expression +- name: ANSIBLE_SECRET_KEY + displayName: Ansible Secret Key + required: true + description: Encryption key for the Ansible container + from: "[a-f0-9]{32}" + generate: expression +- name: ANSIBLE_RABBITMQ_USER_NAME + displayName: RabbitMQ Username + required: true + description: Username for the Ansible RabbitMQ Server + value: ansible +- name: ANSIBLE_RABBITMQ_PASSWORD + displayName: RabbitMQ Server Password + required: true + description: Password for the Ansible RabbitMQ Server + from: "[a-zA-Z0-9]{32}" + generate: expression +- name: APPLICATION_CPU_REQ + displayName: Application Min CPU Requested + required: true + description: Minimum amount of CPU time the Application container will need (expressed in millicores). + value: 1000m +- name: MEMCACHED_CPU_REQ + displayName: Memcached Min CPU Requested + required: true + description: Minimum amount of CPU time the Memcached container will need (expressed in millicores). + value: 200m +- name: ANSIBLE_CPU_REQ + displayName: Ansible Min CPU Requested + required: true + description: Minimum amount of CPU time the Ansible container will need (expressed in millicores). + value: 1000m +- name: APPLICATION_MEM_REQ + displayName: Application Min RAM Requested + required: true + description: Minimum amount of memory the Application container will need. + value: 6144Mi +- name: MEMCACHED_MEM_REQ + displayName: Memcached Min RAM Requested + required: true + description: Minimum amount of memory the Memcached container will need. + value: 64Mi +- name: ANSIBLE_MEM_REQ + displayName: Ansible Min RAM Requested + required: true + description: Minimum amount of memory the Ansible container will need. + value: 2048Mi +- name: APPLICATION_MEM_LIMIT + displayName: Application Max RAM Limit + required: true + description: Maximum amount of memory the Application container can consume. + value: 16384Mi +- name: MEMCACHED_MEM_LIMIT + displayName: Memcached Max RAM Limit + required: true + description: Maximum amount of memory the Memcached container can consume. + value: 256Mi +- name: ANSIBLE_MEM_LIMIT + displayName: Ansible Max RAM Limit + required: true + description: Maximum amount of memory the Ansible container can consume. + value: 8096Mi +- name: MEMCACHED_IMG_NAME + displayName: Memcached Image Name + description: This is the Memcached image name requested to deploy. + value: docker.io/manageiq/memcached +- name: MEMCACHED_IMG_TAG + displayName: Memcached Image Tag + description: This is the Memcached image tag/version requested to deploy. + value: latest +- name: APPLICATION_IMG_NAME + displayName: Application Image Name + description: This is the Application image name requested to deploy. + value: docker.io/manageiq/manageiq-pods +- name: FRONTEND_APPLICATION_IMG_TAG + displayName: Front end Application Image Tag + description: This is the ManageIQ Frontend Application image tag/version requested to deploy. + value: frontend-latest +- name: BACKEND_APPLICATION_IMG_TAG + displayName: Back end Application Image Tag + description: This is the ManageIQ Backend Application image tag/version requested to deploy. + value: backend-latest +- name: ANSIBLE_IMG_NAME + displayName: Ansible Image Name + description: This is the Ansible image name requested to deploy. + value: docker.io/manageiq/embedded-ansible +- name: ANSIBLE_IMG_TAG + displayName: Ansible Image Tag + description: This is the Ansible image tag/version requested to deploy. + value: latest +- name: APPLICATION_DOMAIN + displayName: Application Hostname + description: The exposed hostname that will route to the application service, if left blank a value will be defaulted. + value: '' +- name: APPLICATION_REPLICA_COUNT + displayName: Application Replica Count + description: This is the number of Application replicas requested to deploy. + value: '1' +- name: APPLICATION_INIT_DELAY + displayName: Application Init Delay + required: true + description: Delay in seconds before we attempt to initialize the application. + value: '15' +- name: APPLICATION_VOLUME_CAPACITY + displayName: Application Volume Capacity + required: true + description: Volume space available for application data. + value: 5Gi +- name: HTTPD_SERVICE_NAME + required: true + displayName: Apache httpd Service Name + description: The name of the OpenShift Service exposed for the httpd container. + value: httpd +- name: HTTPD_IMG_NAME + displayName: Apache httpd Image Name + description: This is the httpd image name requested to deploy. + value: docker.io/manageiq/httpd +- name: HTTPD_IMG_TAG + displayName: Apache httpd Image Tag + description: This is the httpd image tag/version requested to deploy. + value: latest +- name: HTTPD_CONFIG_DIR + displayName: Apache httpd Configuration Directory + description: Directory used to store the Apache configuration files. + value: "/etc/httpd/conf.d" +- name: HTTPD_AUTH_CONFIG_DIR + displayName: External Authentication Configuration Directory + description: Directory used to store the external authentication configuration files. + value: "/etc/httpd/auth-conf.d" +- name: HTTPD_CPU_REQ + displayName: Apache httpd Min CPU Requested + required: true + description: Minimum amount of CPU time the httpd container will need (expressed in millicores). + value: 500m +- name: HTTPD_MEM_REQ + displayName: Apache httpd Min RAM Requested + required: true + description: Minimum amount of memory the httpd container will need. + value: 512Mi +- name: HTTPD_MEM_LIMIT + displayName: Apache httpd Max RAM Limit + required: true + description: Maximum amount of memory the httpd container can consume. + value: 8192Mi diff --git a/roles/openshift_management/files/templates/manageiq/miq-template.yaml b/roles/openshift_management/files/templates/manageiq/miq-template.yaml new file mode 100644 index 000000000..3f5a12205 --- /dev/null +++ b/roles/openshift_management/files/templates/manageiq/miq-template.yaml @@ -0,0 +1,948 @@ +apiVersion: v1 +kind: Template +labels: + template: manageiq +metadata: + name: manageiq + annotations: + description: ManageIQ appliance with persistent storage + tags: instant-app,manageiq,miq + iconClass: icon-rails +objects: +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: miq-orchestrator +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: miq-anyuid +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: miq-privileged +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: miq-httpd +- apiVersion: v1 + kind: Secret + metadata: + name: "${NAME}-secrets" + stringData: + pg-password: "${DATABASE_PASSWORD}" + database-url: postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_SERVICE_NAME}/${DATABASE_NAME}?encoding=utf8&pool=5&wait_timeout=5 + v2-key: "${V2_KEY}" +- apiVersion: v1 + kind: Secret + metadata: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + stringData: + rabbit-password: "${ANSIBLE_RABBITMQ_PASSWORD}" + secret-key: "${ANSIBLE_SECRET_KEY}" + admin-password: "${ANSIBLE_ADMIN_PASSWORD}" +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "${DATABASE_SERVICE_NAME}-configs" + data: + 01_miq_overrides.conf: | + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + tcp_keepalives_count = 9 + tcp_keepalives_idle = 3 + tcp_keepalives_interval = 75 + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + shared_preload_libraries = 'pglogical,repmgr_funcs' + max_worker_processes = 10 + + #------------------------------------------------------------------------------ + # WRITE AHEAD LOG + #------------------------------------------------------------------------------ + + wal_level = 'logical' + wal_log_hints = on + wal_buffers = 16MB + checkpoint_completion_target = 0.9 + + #------------------------------------------------------------------------------ + # REPLICATION + #------------------------------------------------------------------------------ + + max_wal_senders = 10 + wal_sender_timeout = 0 + max_replication_slots = 10 + hot_standby = on + + #------------------------------------------------------------------------------ + # ERROR REPORTING AND LOGGING + #------------------------------------------------------------------------------ + + log_filename = 'postgresql.log' + log_rotation_age = 0 + log_min_duration_statement = 5000 + log_connections = on + log_disconnections = on + log_line_prefix = '%t:%r:%c:%u@%d:[%p]:' + log_lock_waits = on + + #------------------------------------------------------------------------------ + # AUTOVACUUM PARAMETERS + #------------------------------------------------------------------------------ + + log_autovacuum_min_duration = 0 + autovacuum_naptime = 5min + autovacuum_vacuum_threshold = 500 + autovacuum_analyze_threshold = 500 + autovacuum_vacuum_scale_factor = 0.05 + + #------------------------------------------------------------------------------ + # LOCK MANAGEMENT + #------------------------------------------------------------------------------ + + deadlock_timeout = 5s + + #------------------------------------------------------------------------------ + # VERSION/PLATFORM COMPATIBILITY + #------------------------------------------------------------------------------ + + escape_string_warning = off + standard_conforming_strings = off +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "${HTTPD_SERVICE_NAME}-configs" + data: + application.conf: | + # Timeout: The number of seconds before receives and sends time out. + Timeout 120 + + RewriteEngine On + Options SymLinksIfOwnerMatch + + <VirtualHost *:80> + KeepAlive on + ProxyPreserveHost on + ProxyPass /ws/ ws://${NAME}/ws/ + ProxyPassReverse /ws/ ws://${NAME}/ws/ + ProxyPass / http://${NAME}/ + ProxyPassReverse / http://${NAME}/ + </VirtualHost> +- apiVersion: v1 + kind: ConfigMap + metadata: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + data: + auth-type: internal + auth-configuration.conf: | + # External Authentication Configuration File + # + # For details on usage please see https://github.com/ManageIQ/manageiq-pods/blob/master/README.md#configuring-external-authentication +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Exposes and load balances ManageIQ pods + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"},{"name":"${MEMCACHED_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: "${NAME}" + spec: + clusterIP: None + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + selector: + name: "${NAME}" +- apiVersion: v1 + kind: Route + metadata: + name: "${HTTPD_SERVICE_NAME}" + spec: + host: "${APPLICATION_DOMAIN}" + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + to: + kind: Service + name: "${HTTPD_SERVICE_NAME}" +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: "${NAME}-${DATABASE_SERVICE_NAME}" + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${DATABASE_VOLUME_CAPACITY}" +- apiVersion: apps/v1beta1 + kind: StatefulSet + metadata: + name: "${NAME}" + annotations: + description: Defines how to deploy the ManageIQ appliance + spec: + serviceName: "${NAME}" + replicas: "${APPLICATION_REPLICA_COUNT}" + template: + metadata: + labels: + name: "${NAME}" + name: "${NAME}" + spec: + containers: + - name: manageiq + image: "${APPLICATION_IMG_NAME}:${FRONTEND_APPLICATION_IMG_TAG}" + livenessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: "/" + port: 80 + scheme: HTTP + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + volumeMounts: + - name: "${NAME}-server" + mountPath: "/persistent" + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: APPLICATION_INIT_DELAY + value: "${APPLICATION_INIT_DELAY}" + - name: DATABASE_SERVICE_NAME + value: "${DATABASE_SERVICE_NAME}" + - name: DATABASE_REGION + value: "${DATABASE_REGION}" + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: database-url + - name: MEMCACHED_SERVER + value: "${MEMCACHED_SERVICE_NAME}:11211" + - name: MEMCACHED_SERVICE_NAME + value: "${MEMCACHED_SERVICE_NAME}" + - name: V2_KEY + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: v2-key + - name: ANSIBLE_SERVICE_NAME + value: "${ANSIBLE_SERVICE_NAME}" + - name: ANSIBLE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + resources: + requests: + memory: "${APPLICATION_MEM_REQ}" + cpu: "${APPLICATION_CPU_REQ}" + limits: + memory: "${APPLICATION_MEM_LIMIT}" + lifecycle: + preStop: + exec: + command: + - "/opt/manageiq/container-scripts/sync-pv-data" + serviceAccount: miq-orchestrator + serviceAccountName: miq-orchestrator + terminationGracePeriodSeconds: 90 + volumeClaimTemplates: + - metadata: + name: "${NAME}-server" + annotations: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${APPLICATION_VOLUME_CAPACITY}" +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Headless service for ManageIQ backend pods + name: "${NAME}-backend" + spec: + clusterIP: None + selector: + name: "${NAME}-backend" +- apiVersion: apps/v1beta1 + kind: StatefulSet + metadata: + name: "${NAME}-backend" + annotations: + description: Defines how to deploy the ManageIQ appliance + spec: + serviceName: "${NAME}-backend" + replicas: 0 + template: + metadata: + labels: + name: "${NAME}-backend" + name: "${NAME}-backend" + spec: + containers: + - name: manageiq + image: "${APPLICATION_IMG_NAME}:${BACKEND_APPLICATION_IMG_TAG}" + livenessProbe: + exec: + command: + - pidof + - MIQ Server + initialDelaySeconds: 480 + timeoutSeconds: 3 + volumeMounts: + - name: "${NAME}-server" + mountPath: "/persistent" + env: + - name: APPLICATION_INIT_DELAY + value: "${APPLICATION_INIT_DELAY}" + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: database-url + - name: MIQ_SERVER_DEFAULT_ROLES + value: database_operations,event,reporting,scheduler,smartstate,ems_operations,ems_inventory,automate + - name: FRONTEND_SERVICE_NAME + value: "${NAME}" + - name: MEMCACHED_SERVER + value: "${MEMCACHED_SERVICE_NAME}:11211" + - name: V2_KEY + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: v2-key + - name: ANSIBLE_SERVICE_NAME + value: "${ANSIBLE_SERVICE_NAME}" + - name: ANSIBLE_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + resources: + requests: + memory: "${APPLICATION_MEM_REQ}" + cpu: "${APPLICATION_CPU_REQ}" + limits: + memory: "${APPLICATION_MEM_LIMIT}" + lifecycle: + preStop: + exec: + command: + - "/opt/manageiq/container-scripts/sync-pv-data" + serviceAccount: miq-orchestrator + serviceAccountName: miq-orchestrator + terminationGracePeriodSeconds: 90 + volumeClaimTemplates: + - metadata: + name: "${NAME}-server" + annotations: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${APPLICATION_VOLUME_CAPACITY}" +- apiVersion: v1 + kind: Service + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: Exposes the memcached server + spec: + ports: + - name: memcached + port: 11211 + targetPort: 11211 + selector: + name: "${MEMCACHED_SERVICE_NAME}" +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + annotations: + description: Defines how to deploy memcached + spec: + strategy: + type: Recreate + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "${MEMCACHED_SERVICE_NAME}" + template: + metadata: + name: "${MEMCACHED_SERVICE_NAME}" + labels: + name: "${MEMCACHED_SERVICE_NAME}" + spec: + volumes: [] + containers: + - name: memcached + image: "${MEMCACHED_IMG_NAME}:${MEMCACHED_IMG_TAG}" + ports: + - containerPort: 11211 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + tcpSocket: + port: 11211 + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + tcpSocket: + port: 11211 + volumeMounts: [] + env: + - name: MEMCACHED_MAX_MEMORY + value: "${MEMCACHED_MAX_MEMORY}" + - name: MEMCACHED_MAX_CONNECTIONS + value: "${MEMCACHED_MAX_CONNECTIONS}" + - name: MEMCACHED_SLAB_PAGE_SIZE + value: "${MEMCACHED_SLAB_PAGE_SIZE}" + resources: + requests: + memory: "${MEMCACHED_MEM_REQ}" + cpu: "${MEMCACHED_CPU_REQ}" + limits: + memory: "${MEMCACHED_MEM_LIMIT}" +- apiVersion: v1 + kind: Service + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: Exposes the database server + spec: + ports: + - name: postgresql + port: 5432 + targetPort: 5432 + selector: + name: "${DATABASE_SERVICE_NAME}" +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${DATABASE_SERVICE_NAME}" + annotations: + description: Defines how to deploy the database + spec: + strategy: + type: Recreate + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "${DATABASE_SERVICE_NAME}" + template: + metadata: + name: "${DATABASE_SERVICE_NAME}" + labels: + name: "${DATABASE_SERVICE_NAME}" + spec: + volumes: + - name: miq-pgdb-volume + persistentVolumeClaim: + claimName: "${NAME}-${DATABASE_SERVICE_NAME}" + - name: miq-pg-configs + configMap: + name: "${DATABASE_SERVICE_NAME}-configs" + containers: + - name: postgresql + image: "${POSTGRESQL_IMG_NAME}:${POSTGRESQL_IMG_TAG}" + ports: + - containerPort: 5432 + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 15 + exec: + command: + - "/bin/sh" + - "-i" + - "-c" + - psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1' + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 60 + tcpSocket: + port: 5432 + volumeMounts: + - name: miq-pgdb-volume + mountPath: "/var/lib/pgsql/data" + - name: miq-pg-configs + mountPath: "${POSTGRESQL_CONFIG_DIR}" + env: + - name: POSTGRESQL_USER + value: "${DATABASE_USER}" + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: pg-password + - name: POSTGRESQL_DATABASE + value: "${DATABASE_NAME}" + - name: POSTGRESQL_MAX_CONNECTIONS + value: "${POSTGRESQL_MAX_CONNECTIONS}" + - name: POSTGRESQL_SHARED_BUFFERS + value: "${POSTGRESQL_SHARED_BUFFERS}" + - name: POSTGRESQL_CONFIG_DIR + value: "${POSTGRESQL_CONFIG_DIR}" + resources: + requests: + memory: "${POSTGRESQL_MEM_REQ}" + cpu: "${POSTGRESQL_CPU_REQ}" + limits: + memory: "${POSTGRESQL_MEM_LIMIT}" +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: Exposes and load balances Ansible pods + service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"}]' + name: "${ANSIBLE_SERVICE_NAME}" + spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + selector: + name: "${ANSIBLE_SERVICE_NAME}" +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${ANSIBLE_SERVICE_NAME}" + annotations: + description: Defines how to deploy the Ansible appliance + spec: + strategy: + type: Recreate + serviceName: "${ANSIBLE_SERVICE_NAME}" + replicas: 0 + template: + metadata: + labels: + name: "${ANSIBLE_SERVICE_NAME}" + name: "${ANSIBLE_SERVICE_NAME}" + spec: + containers: + - name: ansible + image: "${ANSIBLE_IMG_NAME}:${ANSIBLE_IMG_TAG}" + livenessProbe: + tcpSocket: + port: 443 + initialDelaySeconds: 480 + timeoutSeconds: 3 + readinessProbe: + httpGet: + path: "/" + port: 443 + scheme: HTTPS + initialDelaySeconds: 200 + timeoutSeconds: 3 + ports: + - containerPort: 80 + protocol: TCP + - containerPort: 443 + protocol: TCP + securityContext: + privileged: true + env: + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: admin-password + - name: RABBITMQ_USER_NAME + value: "${ANSIBLE_RABBITMQ_USER_NAME}" + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: rabbit-password + - name: ANSIBLE_SECRET_KEY + valueFrom: + secretKeyRef: + name: "${ANSIBLE_SERVICE_NAME}-secrets" + key: secret-key + - name: DATABASE_SERVICE_NAME + value: "${DATABASE_SERVICE_NAME}" + - name: POSTGRESQL_USER + value: "${DATABASE_USER}" + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: "${NAME}-secrets" + key: pg-password + - name: POSTGRESQL_DATABASE + value: "${ANSIBLE_DATABASE_NAME}" + resources: + requests: + memory: "${ANSIBLE_MEM_REQ}" + cpu: "${ANSIBLE_CPU_REQ}" + limits: + memory: "${ANSIBLE_MEM_LIMIT}" + serviceAccount: miq-privileged + serviceAccountName: miq-privileged +- apiVersion: v1 + kind: Service + metadata: + name: "${HTTPD_SERVICE_NAME}" + annotations: + description: Exposes the httpd server + service.alpha.openshift.io/dependencies: '[{"name":"${NAME}","namespace":"","kind":"Service"}]' + spec: + ports: + - name: http + port: 80 + targetPort: 80 + selector: + name: httpd +- apiVersion: v1 + kind: DeploymentConfig + metadata: + name: "${HTTPD_SERVICE_NAME}" + annotations: + description: Defines how to deploy httpd + spec: + strategy: + type: Recreate + recreateParams: + timeoutSeconds: 1200 + triggers: + - type: ConfigChange + replicas: 1 + selector: + name: "${HTTPD_SERVICE_NAME}" + template: + metadata: + name: "${HTTPD_SERVICE_NAME}" + labels: + name: "${HTTPD_SERVICE_NAME}" + spec: + volumes: + - name: httpd-config + configMap: + name: "${HTTPD_SERVICE_NAME}-configs" + - name: httpd-auth-config + configMap: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + containers: + - name: httpd + image: "${HTTPD_IMG_NAME}:${HTTPD_IMG_TAG}" + ports: + - containerPort: 80 + livenessProbe: + exec: + command: + - pidof + - httpd + initialDelaySeconds: 15 + timeoutSeconds: 3 + readinessProbe: + tcpSocket: + port: 80 + initialDelaySeconds: 10 + timeoutSeconds: 3 + volumeMounts: + - name: httpd-config + mountPath: "${HTTPD_CONFIG_DIR}" + - name: httpd-auth-config + mountPath: "${HTTPD_AUTH_CONFIG_DIR}" + resources: + requests: + memory: "${HTTPD_MEM_REQ}" + cpu: "${HTTPD_CPU_REQ}" + limits: + memory: "${HTTPD_MEM_LIMIT}" + env: + - name: HTTPD_AUTH_TYPE + valueFrom: + configMapKeyRef: + name: "${HTTPD_SERVICE_NAME}-auth-configs" + key: auth-type + lifecycle: + postStart: + exec: + command: + - "/usr/bin/save-container-environment" + serviceAccount: miq-anyuid + serviceAccountName: miq-anyuid +parameters: +- name: NAME + displayName: Name + required: true + description: The name assigned to all of the frontend objects defined in this template. + value: manageiq +- name: V2_KEY + displayName: ManageIQ Encryption Key + required: true + description: Encryption Key for ManageIQ Passwords + from: "[a-zA-Z0-9]{43}" + generate: expression +- name: DATABASE_SERVICE_NAME + displayName: PostgreSQL Service Name + required: true + description: The name of the OpenShift Service exposed for the PostgreSQL container. + value: postgresql +- name: DATABASE_USER + displayName: PostgreSQL User + required: true + description: PostgreSQL user that will access the database. + value: root +- name: DATABASE_PASSWORD + displayName: PostgreSQL Password + required: true + description: Password for the PostgreSQL user. + from: "[a-zA-Z0-9]{8}" + generate: expression +- name: DATABASE_NAME + required: true + displayName: PostgreSQL Database Name + description: Name of the PostgreSQL database accessed. + value: vmdb_production +- name: DATABASE_REGION + required: true + displayName: Application Database Region + description: Database region that will be used for application. + value: '0' +- name: ANSIBLE_DATABASE_NAME + displayName: Ansible PostgreSQL database name + required: true + description: The database to be used by the Ansible continer + value: awx +- name: MEMCACHED_SERVICE_NAME + required: true + displayName: Memcached Service Name + description: The name of the OpenShift Service exposed for the Memcached container. + value: memcached +- name: MEMCACHED_MAX_MEMORY + displayName: Memcached Max Memory + description: Memcached maximum memory for memcached object storage in MB. + value: '64' +- name: MEMCACHED_MAX_CONNECTIONS + displayName: Memcached Max Connections + description: Memcached maximum number of connections allowed. + value: '1024' +- name: MEMCACHED_SLAB_PAGE_SIZE + displayName: Memcached Slab Page Size + description: Memcached size of each slab page. + value: 1m +- name: POSTGRESQL_CONFIG_DIR + displayName: PostgreSQL Configuration Overrides + description: Directory used to store PostgreSQL configuration overrides. + value: "/var/lib/pgsql/conf.d" +- name: POSTGRESQL_MAX_CONNECTIONS + displayName: PostgreSQL Max Connections + description: PostgreSQL maximum number of database connections allowed. + value: '1000' +- name: POSTGRESQL_SHARED_BUFFERS + displayName: PostgreSQL Shared Buffer Amount + description: Amount of memory dedicated for PostgreSQL shared memory buffers. + value: 1GB +- name: ANSIBLE_SERVICE_NAME + displayName: Ansible Service Name + description: The name of the OpenShift Service exposed for the Ansible container. + value: ansible +- name: ANSIBLE_ADMIN_PASSWORD + displayName: Ansible admin User password + required: true + description: The password for the Ansible container admin user + from: "[a-zA-Z0-9]{32}" + generate: expression +- name: ANSIBLE_SECRET_KEY + displayName: Ansible Secret Key + required: true + description: Encryption key for the Ansible container + from: "[a-f0-9]{32}" + generate: expression +- name: ANSIBLE_RABBITMQ_USER_NAME + displayName: RabbitMQ Username + required: true + description: Username for the Ansible RabbitMQ Server + value: ansible +- name: ANSIBLE_RABBITMQ_PASSWORD + displayName: RabbitMQ Server Password + required: true + description: Password for the Ansible RabbitMQ Server + from: "[a-zA-Z0-9]{32}" + generate: expression +- name: APPLICATION_CPU_REQ + displayName: Application Min CPU Requested + required: true + description: Minimum amount of CPU time the Application container will need (expressed in millicores). + value: 1000m +- name: POSTGRESQL_CPU_REQ + displayName: PostgreSQL Min CPU Requested + required: true + description: Minimum amount of CPU time the PostgreSQL container will need (expressed in millicores). + value: 500m +- name: MEMCACHED_CPU_REQ + displayName: Memcached Min CPU Requested + required: true + description: Minimum amount of CPU time the Memcached container will need (expressed in millicores). + value: 200m +- name: ANSIBLE_CPU_REQ + displayName: Ansible Min CPU Requested + required: true + description: Minimum amount of CPU time the Ansible container will need (expressed in millicores). + value: 1000m +- name: APPLICATION_MEM_REQ + displayName: Application Min RAM Requested + required: true + description: Minimum amount of memory the Application container will need. + value: 6144Mi +- name: POSTGRESQL_MEM_REQ + displayName: PostgreSQL Min RAM Requested + required: true + description: Minimum amount of memory the PostgreSQL container will need. + value: 4Gi +- name: MEMCACHED_MEM_REQ + displayName: Memcached Min RAM Requested + required: true + description: Minimum amount of memory the Memcached container will need. + value: 64Mi +- name: ANSIBLE_MEM_REQ + displayName: Ansible Min RAM Requested + required: true + description: Minimum amount of memory the Ansible container will need. + value: 2048Mi +- name: APPLICATION_MEM_LIMIT + displayName: Application Max RAM Limit + required: true + description: Maximum amount of memory the Application container can consume. + value: 16384Mi +- name: POSTGRESQL_MEM_LIMIT + displayName: PostgreSQL Max RAM Limit + required: true + description: Maximum amount of memory the PostgreSQL container can consume. + value: 8Gi +- name: MEMCACHED_MEM_LIMIT + displayName: Memcached Max RAM Limit + required: true + description: Maximum amount of memory the Memcached container can consume. + value: 256Mi +- name: ANSIBLE_MEM_LIMIT + displayName: Ansible Max RAM Limit + required: true + description: Maximum amount of memory the Ansible container can consume. + value: 8096Mi +- name: POSTGRESQL_IMG_NAME + displayName: PostgreSQL Image Name + description: This is the PostgreSQL image name requested to deploy. + value: docker.io/manageiq/postgresql +- name: POSTGRESQL_IMG_TAG + displayName: PostgreSQL Image Tag + description: This is the PostgreSQL image tag/version requested to deploy. + value: latest +- name: MEMCACHED_IMG_NAME + displayName: Memcached Image Name + description: This is the Memcached image name requested to deploy. + value: docker.io/manageiq/memcached +- name: MEMCACHED_IMG_TAG + displayName: Memcached Image Tag + description: This is the Memcached image tag/version requested to deploy. + value: latest +- name: APPLICATION_IMG_NAME + displayName: Application Image Name + description: This is the Application image name requested to deploy. + value: docker.io/manageiq/manageiq-pods +- name: FRONTEND_APPLICATION_IMG_TAG + displayName: Front end Application Image Tag + description: This is the ManageIQ Frontend Application image tag/version requested to deploy. + value: frontend-latest +- name: BACKEND_APPLICATION_IMG_TAG + displayName: Back end Application Image Tag + description: This is the ManageIQ Backend Application image tag/version requested to deploy. + value: backend-latest +- name: ANSIBLE_IMG_NAME + displayName: Ansible Image Name + description: This is the Ansible image name requested to deploy. + value: docker.io/manageiq/embedded-ansible +- name: ANSIBLE_IMG_TAG + displayName: Ansible Image Tag + description: This is the Ansible image tag/version requested to deploy. + value: latest +- name: APPLICATION_DOMAIN + displayName: Application Hostname + description: The exposed hostname that will route to the application service, if left blank a value will be defaulted. + value: '' +- name: APPLICATION_REPLICA_COUNT + displayName: Application Replica Count + description: This is the number of Application replicas requested to deploy. + value: '1' +- name: APPLICATION_INIT_DELAY + displayName: Application Init Delay + required: true + description: Delay in seconds before we attempt to initialize the application. + value: '15' +- name: APPLICATION_VOLUME_CAPACITY + displayName: Application Volume Capacity + required: true + description: Volume space available for application data. + value: 5Gi +- name: DATABASE_VOLUME_CAPACITY + displayName: Database Volume Capacity + required: true + description: Volume space available for database. + value: 15Gi +- name: HTTPD_SERVICE_NAME + required: true + displayName: Apache httpd Service Name + description: The name of the OpenShift Service exposed for the httpd container. + value: httpd +- name: HTTPD_IMG_NAME + displayName: Apache httpd Image Name + description: This is the httpd image name requested to deploy. + value: docker.io/manageiq/httpd +- name: HTTPD_IMG_TAG + displayName: Apache httpd Image Tag + description: This is the httpd image tag/version requested to deploy. + value: latest +- name: HTTPD_CONFIG_DIR + displayName: Apache Configuration Directory + description: Directory used to store the Apache configuration files. + value: "/etc/httpd/conf.d" +- name: HTTPD_AUTH_CONFIG_DIR + displayName: External Authentication Configuration Directory + description: Directory used to store the external authentication configuration files. + value: "/etc/httpd/auth-conf.d" +- name: HTTPD_CPU_REQ + displayName: Apache httpd Min CPU Requested + required: true + description: Minimum amount of CPU time the httpd container will need (expressed in millicores). + value: 500m +- name: HTTPD_MEM_REQ + displayName: Apache httpd Min RAM Requested + required: true + description: Minimum amount of memory the httpd container will need. + value: 512Mi +- name: HTTPD_MEM_LIMIT + displayName: Apache httpd Max RAM Limit + required: true + description: Maximum amount of memory the httpd container can consume. + value: 8192Mi diff --git a/roles/openshift_management/filter_plugins/oo_management_filters.py b/roles/openshift_management/filter_plugins/oo_management_filters.py new file mode 100644 index 000000000..3b7013d9a --- /dev/null +++ b/roles/openshift_management/filter_plugins/oo_management_filters.py @@ -0,0 +1,32 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +""" +Filter methods for the management role +""" + + +def oo_filter_container_providers(results): + """results - the result from posting the API calls for adding new +providers""" + all_results = [] + for result in results: + if 'results' in result['json']: + # We got an OK response + res = result['json']['results'][0] + all_results.append("Provider '{}' - Added successfully".format(res['name'])) + elif 'error' in result['json']: + # This was a problem + all_results.append("Provider '{}' - Failed to add. Message: {}".format( + result['item']['name'], result['json']['error']['message'])) + return all_results + + +class FilterModule(object): + """ Custom ansible filter mapping """ + + # pylint: disable=no-self-use, too-few-public-methods + def filters(self): + """ returns a mapping of filters to methods """ + return { + "oo_filter_container_providers": oo_filter_container_providers, + } diff --git a/roles/openshift_management/handlers/main.yml b/roles/openshift_management/handlers/main.yml new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/roles/openshift_management/handlers/main.yml diff --git a/roles/openshift_cfme/meta/main.yml b/roles/openshift_management/meta/main.yml index 162d817f0..07ad51126 100644 --- a/roles/openshift_cfme/meta/main.yml +++ b/roles/openshift_management/meta/main.yml @@ -16,4 +16,3 @@ galaxy_info: dependencies: - role: lib_openshift - role: lib_utils -- role: openshift_master_facts diff --git a/roles/openshift_management/tasks/accounts.yml b/roles/openshift_management/tasks/accounts.yml new file mode 100644 index 000000000..e45ea8d43 --- /dev/null +++ b/roles/openshift_management/tasks/accounts.yml @@ -0,0 +1,28 @@ +--- +# This role task file is responsible for user/system account creation, +# and ensuring correct access is provided as required. +- name: Ensure the CFME system accounts exist + oc_serviceaccount: + namespace: "{{ openshift_management_project }}" + state: present + name: "{{ openshift_management_flavor_short }}{{ item.name }}" + with_items: + - "{{ __openshift_system_account_sccs }}" + +- name: Ensure the CFME system accounts have all the required SCCs + oc_adm_policy_user: + namespace: "{{ openshift_management_project }}" + user: "system:serviceaccount:{{ openshift_management_project }}:{{ openshift_management_flavor_short }}{{ item.name }}" + resource_kind: scc + resource_name: "{{ item.resource_name }}" + with_items: + - "{{ __openshift_system_account_sccs }}" + +- name: Ensure the CFME system accounts have the required roles + oc_adm_policy_user: + namespace: "{{ openshift_management_project }}" + user: "system:serviceaccount:{{ openshift_management_project }}:{{ openshift_management_flavor_short }}{{ item.name }}" + resource_kind: role + resource_name: "{{ item.resource_name }}" + with_items: + - "{{ __openshift_management_system_account_roles }}" diff --git a/roles/openshift_management/tasks/add_container_provider.yml b/roles/openshift_management/tasks/add_container_provider.yml new file mode 100644 index 000000000..50a5252cc --- /dev/null +++ b/roles/openshift_management/tasks/add_container_provider.yml @@ -0,0 +1,77 @@ +--- +- name: Ensure lib_openshift modules are available + include_role: + role: lib_openshift + +- name: Ensure OpenShift facts module is available + include_role: + role: openshift_facts + +- name: Ensure OpenShift facts are loaded + openshift_facts: + +- name: Ensure we use openshift_master_cluster_public_hostname if it is available + set_fact: + l_cluster_hostname: "{{ openshift.master.cluster_public_hostname }}" + when: + - openshift.master.cluster_public_hostname is defined + +- name: Ensure we default to the first master if openshift_master_cluster_public_hostname is unavailable + set_fact: + l_cluster_hostname: "{{ openshift.master.cluster_hostname }}" + when: + - l_cluster_hostname is not defined + +- name: Ensure the management SA Secrets are read + oc_serviceaccount_secret: + state: list + service_account: management-admin + namespace: management-infra + register: sa + +- name: Ensure the management SA bearer token is identified + set_fact: + management_token: "{{ sa.results | oo_filter_sa_secrets }}" + +- name: Ensure the SA bearer token value is read + oc_secret: + state: list + name: "{{ management_token }}" + namespace: management-infra + decode: true + no_log: True + register: sa_secret + +- name: Ensure the SA bearer token value is saved + set_fact: + management_bearer_token: "{{ sa_secret.results.decoded.token }}" + +- name: Ensure we have the public route to the management service + oc_route: + state: list + name: httpd + namespace: openshift-management + register: route + +- name: Ensure the management service route is saved + set_fact: + management_route: "{{ route.results.0.spec.host }}" + +- name: Ensure this cluster is a container provider + uri: + url: "https://{{ management_route }}/api/providers" + body_format: json + method: POST + user: "{{ openshift_management_username }}" + password: "{{ openshift_management_password }}" + validate_certs: no + # Docs on formatting the BODY of the POST request: + # http://manageiq.org/docs/reference/latest/api/reference/providers.html#specifying-connection-configurations + body: + connection_configurations: + - authentication: {auth_key: "{{ management_bearer_token }}", authtype: bearer, type: AuthToken} + endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0} + hostname: "{{ l_cluster_hostname }}" + name: "{{ openshift_management_project }}" + port: "{{ openshift.master.api_port }}" + type: "ManageIQ::Providers::Openshift::ContainerManager" diff --git a/roles/openshift_management/tasks/main.yml b/roles/openshift_management/tasks/main.yml new file mode 100644 index 000000000..9be923a57 --- /dev/null +++ b/roles/openshift_management/tasks/main.yml @@ -0,0 +1,96 @@ +--- +######################################################################) +# Users, projects, and privileges + +- name: Run pre-install Management validation checks + include: validate.yml + +# This creates a service account allowing Container Provider +# integration (managing OCP/Origin via MIQ/Management) +- name: Enable Container Provider Integration + include_role: + role: openshift_manageiq + +- name: "Ensure the Management '{{ openshift_management_project }}' namespace exists" + oc_project: + state: present + name: "{{ openshift_management_project }}" + display_name: "{{ openshift_management_project_description }}" + +- name: Create and Authorize Management Accounts + include: accounts.yml + +###################################################################### +# STORAGE - Initialize basic storage class +- name: Determine the correct NFS host if required + include: storage/nfs_server.yml + when: openshift_management_storage_class in ['nfs', 'nfs_external'] + +#--------------------------------------------------------------------- +# * nfs - set up NFS shares on the first master for a proof of concept +- name: Create required NFS exports for Management app storage + include: storage/nfs.yml + when: openshift_management_storage_class == 'nfs' + +#--------------------------------------------------------------------- +# * external - NFS again, but pointing to a pre-configured NFS server +- name: Note Storage Type - External NFS + debug: + msg: "Setting up external NFS storage, openshift_management_storage_class is {{ openshift_management_storage_class }}" + when: openshift_management_storage_class == 'nfs_external' + +#--------------------------------------------------------------------- +# * cloudprovider - use an existing cloudprovider based storage +- name: Note Storage Type - Cloud Provider + debug: + msg: Validating cloud provider storage type, openshift_management_storage_class is 'cloudprovider' + when: openshift_management_storage_class == 'cloudprovider' + +#--------------------------------------------------------------------- +# * preconfigured - don't do anything, assume it's all there ready to go +- name: Note Storage Type - Preconfigured + debug: + msg: Skipping storage configuration, openshift_management_storage_class is 'preconfigured' + when: openshift_management_storage_class == 'preconfigured' + +###################################################################### +# APPLICATION TEMPLATE +- name: Install the Management app and PV templates + include: template.yml + +###################################################################### +# APP & DB Storage + +# For local/external NFS backed installations +- name: "Create the required App and DB PVs using {{ openshift_management_storage_class }}" + include: storage/create_nfs_pvs.yml + when: + - openshift_management_storage_class in ['nfs', 'nfs_external'] + +###################################################################### +# CREATE APP +- name: Note the correct ext-db template name + set_fact: + openshift_management_template_name: "{{ openshift_management_flavor }}-ext-db" + when: + - openshift_management_app_template in ['miq-template-ext-db', 'cfme-template-ext-db'] + +- name: Note the correct podified db template name + set_fact: + openshift_management_template_name: "{{ openshift_management_flavor }}" + when: + - openshift_management_app_template in ['miq-template', 'cfme-template'] + +- name: Ensure the Management App is created + oc_process: + namespace: "{{ openshift_management_project }}" + template_name: "{{ openshift_management_template_name }}" + create: True + params: "{{ openshift_management_template_parameters }}" + +- name: Wait for the app to come up. May take several minutes, 30s check intervals, 10m max + command: "oc logs {{ openshift_management_flavor }}-0 -n {{ openshift_management_project }}" + register: app_seeding_logs + until: app_seeding_logs.stdout.find('Server starting complete') != -1 + delay: 30 + retries: 20 diff --git a/roles/openshift_management/tasks/noop.yml b/roles/openshift_management/tasks/noop.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/roles/openshift_management/tasks/noop.yml @@ -0,0 +1 @@ +--- diff --git a/roles/openshift_management/tasks/storage/create_nfs_pvs.yml b/roles/openshift_management/tasks/storage/create_nfs_pvs.yml new file mode 100644 index 000000000..d1b9a8d5c --- /dev/null +++ b/roles/openshift_management/tasks/storage/create_nfs_pvs.yml @@ -0,0 +1,69 @@ +--- +# Create the required PVs for the App and the DB +- name: Note the App PV Size from Template Parameters + set_fact: + openshift_management_app_pv_size: "{{ openshift_management_template_parameters.APPLICATION_VOLUME_CAPACITY }}" + when: + - openshift_management_template_parameters.APPLICATION_VOLUME_CAPACITY is defined + +- name: Note the App PV Size from defaults + set_fact: + openshift_management_app_pv_size: "{{ __openshift_management_app_pv_size }}" + when: + - openshift_management_template_parameters.APPLICATION_VOLUME_CAPACITY is not defined + +- when: openshift_management_app_template in ['miq-template', 'cfme-template'] + block: + - name: Note the DB PV Size from Template Parameters + set_fact: + openshift_management_db_pv_size: "{{ openshift_management_template_parameters.DATABASE_VOLUME_CAPACITY }}" + when: + - openshift_management_template_parameters.DATABASE_VOLUME_CAPACITY is defined + + - name: Note the DB PV Size from defaults + set_fact: + openshift_management_db_pv_size: "{{ __openshift_management_db_pv_size }}" + when: + - openshift_management_template_parameters.DATABASE_VOLUME_CAPACITY is not defined + +- name: Check if the Management App PV has been created + oc_obj: + namespace: "{{ openshift_management_project }}" + state: list + kind: pv + name: "{{ openshift_management_flavor_short }}-app" + register: miq_app_pv_check + +- name: Check if the Management DB PV has been created + oc_obj: + namespace: "{{ openshift_management_project }}" + state: list + kind: pv + name: "{{ openshift_management_flavor_short }}-db" + register: miq_db_pv_check + when: + - openshift_management_app_template in ['miq-template', 'cfme-template'] + +- name: Ensure the Management App PV is created + oc_process: + namespace: "{{ openshift_management_project }}" + template_name: "{{ openshift_management_flavor }}-app-pv" + create: True + params: + PV_SIZE: "{{ openshift_management_app_pv_size }}" + BASE_PATH: "{{ openshift_management_storage_nfs_base_dir }}" + NFS_HOST: "{{ openshift_management_nfs_server }}" + when: miq_app_pv_check.results.results == [{}] + +- name: Ensure the Management DB PV is created + oc_process: + namespace: "{{ openshift_management_project }}" + template_name: "{{ openshift_management_flavor }}-db-pv" + create: True + params: + PV_SIZE: "{{ openshift_management_db_pv_size }}" + BASE_PATH: "{{ openshift_management_storage_nfs_base_dir }}" + NFS_HOST: "{{ openshift_management_nfs_server }}" + when: + - openshift_management_app_template in ['miq-template', 'cfme-template'] + - miq_db_pv_check.results.results == [{}] diff --git a/roles/openshift_management/tasks/storage/nfs.yml b/roles/openshift_management/tasks/storage/nfs.yml new file mode 100644 index 000000000..94e11137c --- /dev/null +++ b/roles/openshift_management/tasks/storage/nfs.yml @@ -0,0 +1,36 @@ +--- +# Tasks to statically provision NFS volumes +# Include if not using dynamic volume provisioning + +- name: Setting up NFS storage + block: + - name: Include the NFS Setup role tasks + include_role: + role: openshift_nfs + tasks_from: setup + vars: + l_nfs_base_dir: "{{ openshift_management_storage_nfs_base_dir }}" + + - name: Create the App export + include_role: + role: openshift_nfs + tasks_from: create_export + vars: + l_nfs_base_dir: "{{ openshift_management_storage_nfs_base_dir }}" + l_nfs_export_config: "{{ openshift_management_flavor_short }}" + l_nfs_export_name: "{{ openshift_management_flavor_short }}-app" + l_nfs_options: "*(rw,no_root_squash,no_wdelay)" + + - name: Create the DB export + include_role: + role: openshift_nfs + tasks_from: create_export + vars: + l_nfs_base_dir: "{{ openshift_management_storage_nfs_base_dir }}" + l_nfs_export_config: "{{ openshift_management_flavor_short }}" + l_nfs_export_name: "{{ openshift_management_flavor_short }}-db" + l_nfs_options: "*(rw,no_root_squash,no_wdelay)" + when: + - openshift_management_app_template in ['miq-template', 'cfme-template'] + + delegate_to: "{{ openshift_management_nfs_server }}" diff --git a/roles/openshift_management/tasks/storage/nfs_server.yml b/roles/openshift_management/tasks/storage/nfs_server.yml new file mode 100644 index 000000000..a1b618137 --- /dev/null +++ b/roles/openshift_management/tasks/storage/nfs_server.yml @@ -0,0 +1,45 @@ +--- +- name: Ensure we save the local NFS server if one is provided + set_fact: + openshift_management_nfs_server: "{{ openshift_management_storage_nfs_local_hostname }}" + when: + - openshift_management_storage_nfs_local_hostname is defined + - openshift_management_storage_nfs_local_hostname != False + - openshift_management_storage_class == "nfs" + +- name: Ensure we save the local NFS server + set_fact: + openshift_management_nfs_server: "{{ groups['oo_nfs_to_config'].0 }}" + when: + - openshift_management_nfs_server is not defined + - openshift_management_storage_class == "nfs" + +- name: Ensure we save the external NFS server + set_fact: + openshift_management_nfs_server: "{{ openshift_management_storage_nfs_external_hostname }}" + when: + - openshift_management_storage_class == "nfs_external" + +- name: Failed External NFS server detection + assert: + that: + - openshift_management_nfs_server is defined + msg: | + Unable to detect an NFS server. The 'nfs_external' + openshift_management_storage_class option requires that you + manually set openshift_management_storage_nfs_external_hostname + parameter. + when: + - openshift_management_storage_class == 'nfs_external' + +- name: Failed Local NFS server detection + assert: + that: + - openshift_management_nfs_server is defined + msg: | + Unable to detect an NFS server. The 'nfs' + openshift_management_storage_class option requires that you have + an 'nfs' inventory group or manually set the + openshift_management_storage_nfs_local_hostname parameter. + when: + - openshift_management_storage_class == 'nfs' diff --git a/roles/openshift_management/tasks/storage/storage.yml b/roles/openshift_management/tasks/storage/storage.yml new file mode 100644 index 000000000..d8bf7aa3e --- /dev/null +++ b/roles/openshift_management/tasks/storage/storage.yml @@ -0,0 +1,3 @@ +--- +- include: nfs.yml + when: not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')) diff --git a/roles/openshift_management/tasks/template.yml b/roles/openshift_management/tasks/template.yml new file mode 100644 index 000000000..9f97cdcb9 --- /dev/null +++ b/roles/openshift_management/tasks/template.yml @@ -0,0 +1,128 @@ +--- +# Tasks for ensuring the correct CFME templates are landed on the remote system + +###################################################################### +# CFME App Template +# +# Note, this is different from the create_nfs_pvs.yml tasks in that +# the application template does not require any jinja2 evaluation. +# +# TODO: Handle the case where the server or PV templates are updated +# in openshift-ansible and the change needs to be landed on the +# managed cluster. + +###################################################################### +# STANDARD PODIFIED DATABASE TEMPLATE +- when: openshift_management_app_template in ['miq-template', 'cfme-template'] + block: + - name: Check if the Management Server template has been created already + oc_obj: + namespace: "{{ openshift_management_project }}" + state: list + kind: template + name: "{{ openshift_management_flavor }}" + register: miq_server_check + + - when: miq_server_check.results.results == [{}] + block: + - name: Copy over Management Server template + copy: + src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-template.yaml" + dest: "{{ template_dir }}/" + + - name: Ensure Management Server Template is created + oc_obj: + namespace: "{{ openshift_management_project }}" + name: "{{ openshift_management_flavor }}" + state: present + kind: template + files: + - "{{ template_dir }}/{{ openshift_management_flavor_short }}-template.yaml" + +###################################################################### +# EXTERNAL DATABASE TEMPLATE +- when: openshift_management_app_template in ['miq-template-ext-db', 'cfme-template-ext-db'] + block: + - name: Check if the Management Ext-DB Server template has been created already + oc_obj: + namespace: "{{ openshift_management_project }}" + state: list + kind: template + name: "{{ openshift_management_flavor }}-ext-db" + register: miq_ext_db_server_check + + - when: miq_ext_db_server_check.results.results == [{}] + block: + - name: Copy over Management Ext-DB Server template + copy: + src: "templates/{{ openshift_management_flavor }}/{{openshift_management_flavor_short}}-template-ext-db.yaml" + dest: "{{ template_dir }}/" + + - name: Ensure Management Ext-DB Server Template is created + oc_obj: + namespace: "{{ openshift_management_project }}" + name: "{{ openshift_management_flavor }}-ext-db" + state: present + kind: template + files: + - "{{ template_dir }}/{{ openshift_management_flavor_short }}-template-ext-db.yaml" + +# End app template creation. +###################################################################### + +###################################################################### +# Begin conditional PV template creations + +# Required for the application server +- name: Check if the Management App PV template has been created already + oc_obj: + namespace: "{{ openshift_management_project }}" + state: list + kind: template + name: "{{ openshift_management_flavor }}-app-pv" + register: miq_app_pv_check + +- when: miq_app_pv_check.results.results == [{}] + block: + - name: Copy over Management App PV template + copy: + src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-pv-server-example.yaml" + dest: "{{ template_dir }}/" + + - name: Ensure Management App PV Template is created + oc_obj: + namespace: "{{ openshift_management_project }}" + name: "{{ openshift_management_flavor }}-app-pv" + state: present + kind: template + files: + - "{{ template_dir }}/{{ openshift_management_flavor_short }}-pv-server-example.yaml" + +#--------------------------------------------------------------------- + +# Required for database if the installation is fully podified +- when: openshift_management_app_template in ['miq-template', 'cfme-template'] + block: + - name: Check if the Management DB PV template has been created already + oc_obj: + namespace: "{{ openshift_management_project }}" + state: list + kind: template + name: "{{ openshift_management_flavor }}-db-pv" + register: miq_db_pv_check + + - when: miq_db_pv_check.results.results == [{}] + block: + - name: Copy over Management DB PV template + copy: + src: "templates/{{ openshift_management_flavor }}/{{ openshift_management_flavor_short }}-pv-db-example.yaml" + dest: "{{ template_dir }}/" + + - name: Ensure Management DB PV Template is created + oc_obj: + namespace: "{{ openshift_management_project }}" + name: "{{ openshift_management_flavor }}-db-pv" + state: present + kind: template + files: + - "{{ template_dir }}/{{ openshift_management_flavor_short }}-pv-db-example.yaml" diff --git a/roles/openshift_management/tasks/uninstall.yml b/roles/openshift_management/tasks/uninstall.yml new file mode 100644 index 000000000..09fbc609f --- /dev/null +++ b/roles/openshift_management/tasks/uninstall.yml @@ -0,0 +1,23 @@ +--- +- name: Start removing all the objects + command: "oc delete -n {{ openshift_management_project }} {{ item }} --all" + with_items: + - rc + - dc + - po + - svc + - pv + - pvc + - statefulsets + - routes + +- name: Remove the project + command: "oc delete -n {{ openshift_management_project }} project {{ openshift_management_project }}" + +- name: Verify project has been destroyed + command: "oc get project {{ openshift_management_project }}" + ignore_errors: True + register: project_terminated + until: project_terminated.stderr.find("NotFound") != -1 + delay: 5 + retries: 30 diff --git a/roles/openshift_management/tasks/validate.yml b/roles/openshift_management/tasks/validate.yml new file mode 100644 index 000000000..b22f36a4f --- /dev/null +++ b/roles/openshift_management/tasks/validate.yml @@ -0,0 +1,103 @@ +--- +# Validate configuration parameters passed to the openshift_management role + +###################################################################### +# BETA ACKNOWLEDGEMENT +- name: Ensure BETA software notice has been acknowledged + assert: + that: + - openshift_management_install_beta | default(false) | bool + msg: | + openshift-management (CFME/MIQ) is currently BETA status. You + must set openshift_management_install_beta to true to + acknowledge that you accept this risk and understand that + support is limited or nonexistent. + when: + - openshift_deployment_type == 'openshift-enterprise' + +###################################################################### +# CORE PARAMETERS +- name: Ensure openshift_management_app_template is valid + assert: + that: + - openshift_management_app_template in __openshift_management_app_templates + msg: | + "openshift_management_app_template must be one of {{ + __openshift_management_app_templates | join(', ') }}" + +- name: Ensure openshift_management_storage_class is a valid type + assert: + that: + - openshift_management_storage_class in __openshift_management_storage_classes + msg: | + "openshift_management_storage_class must be one of {{ + __openshift_management_storage_classes | join(', ') }}" + +###################################################################### +# STORAGE PARAMS - NFS +- name: Ensure external NFS storage has a valid NFS server hostname defined + assert: + that: + - openshift_management_storage_nfs_external_hostname | default(False) + msg: | + The selected storage class 'nfs_external' requires a valid + hostname for the openshift_management_storage_nfs_hostname parameter + when: + - openshift_management_storage_class == 'nfs_external' + +- name: Ensure local NFS storage has a valid NFS server to use + fail: + msg: | + No NFS hosts detected or defined but storage class is set to + 'nfs'. Add hosts to your [nfs] group or define one manually with + the 'openshift_management_storage_nfs_local_hostname' parameter + when: + - openshift_management_storage_class == 'nfs' + # You haven't created any NFS groups + - (groups.nfs is defined and groups.nfs | length == 0) or (groups.nfs is not defined) + # You did not manually specify a host to use + - (openshift_management_storage_nfs_local_hostname is not defined) or (openshift_management_storage_nfs_local_hostname == false) + +###################################################################### +# STORAGE PARAMS -CLOUD PROVIDER +- name: Validate Cloud Provider storage class + assert: + that: + - openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce' + msg: | + openshift_management_storage_class is 'cloudprovider' but you have an + invalid kind defined, '{{ openshift_cloudprovider_kind }}'. See + 'openshift_cloudprovider_kind' in the example inventories for + the required parameters for your selected cloud + provider. Working providers: 'aws' and 'gce'. + when: + - openshift_management_storage_class == 'cloudprovider' + - openshift_cloudprovider_kind is defined + +- name: Validate 'cloudprovider' Storage Class has required parameters defined + assert: + that: + - openshift_cloudprovider_kind is defined + msg: | + openshift_management_storage_class is 'cloudprovider' but you do not + have 'openshift_cloudprovider_kind' defined, this is + required. Search the example inventories for + 'openshift_cloudprovider_kind'. The required parameters for your + selected cloud provider must be defined in your inventory as + well. Working providers: 'aws' and 'gce'. + when: + - openshift_management_storage_class == 'cloudprovider' + +###################################################################### +# DATABASE CONNECTION VALIDATION +- name: Validate all required database parameters were provided for ext-db template + assert: + that: + - item in openshift_management_template_parameters + msg: | + "You are using external database services but a required + database parameter {{ item }} was not found in + 'openshift_management_template_parameters'" + with_items: "{{ __openshift_management_required_db_conn_params }}" + when: + - openshift_management_app_template in ['miq-template-ext-db', 'cfme-template-ext-db'] diff --git a/roles/openshift_management/vars/main.yml b/roles/openshift_management/vars/main.yml new file mode 100644 index 000000000..da3ad0af7 --- /dev/null +++ b/roles/openshift_management/vars/main.yml @@ -0,0 +1,76 @@ +--- +# Misc enumerated values +#--------------------------------------------------------------------- +# Allowed choices for the storage class parameter +__openshift_management_storage_classes: + - nfs + - nfs_external + - preconfigured + - cloudprovider + +#--------------------------------------------------------------------- +# DEFAULT PV SIZES +# How large to make the MIQ application PV +__openshift_management_app_pv_size: 5Gi +# How large to make the MIQ PostgreSQL PV +__openshift_management_db_pv_size: 15Gi + +# Name of the application templates with object/parameter definitions +__openshift_management_app_templates: + - miq-template-ext-db + - miq-template + - cfme-template-ext-db + - cfme-template + +# PostgreSQL database connection parameters +__openshift_management_db_parameters: + - DATABASE_USER + - DATABASE_PASSWORD + - DATABASE_IP + - DATABASE_PORT + - DATABASE_NAME + +# # Commented out until we can support both CFME and MIQ +# # openshift_management_flavor: "{{ 'cloudforms' if openshift_deployment_type == 'openshift-enterprise' else 'manageiq' }}" +#openshift_management_flavor: cloudforms +openshift_management_flavor: manageiq +# TODO: Make this conditional as well based on the prior variable +# # openshift_management_flavor_short: "{{ 'cfme' if openshift_deployment_type == 'openshift-enterprise' else 'miq' }}" +# openshift_management_flavor_short: cfme +openshift_management_flavor_short: miq + +###################################################################### +# ACCOUNTING +###################################################################### +# Service Account SSCs +__openshift_system_account_sccs: + - name: -anyuid + resource_name: anyuid + - name: -orchestrator + resource_name: anyuid + - name: -privileged + resource_name: privileged + - name: -httpd + resource_name: anyuid + +# Service Account Roles +__openshift_management_system_account_roles: + - name: -orchestrator + resource_name: view + - name: -orchestrator + resource_name: edit + +###################################################################### +# DEFAULTS +###################################################################### +# User only has to provide parameters they need to override, we will +# do a hash update method with the provided user parameters to create +# the final connection structure. +# +# TODO: Update user provided configs with this if they are missing fields +__openshift_management_required_db_conn_params: + - DATABASE_USER + - DATABASE_PASSWORD + - DATABASE_IP + - DATABASE_PORT + - DATABASE_NAME diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index 73e935d3f..3fb94fff8 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -1,4 +1,9 @@ --- +# openshift_master_defaults_in_use is a workaround to detect if we are consuming +# the plays from the role or outside of the role. +openshift_master_defaults_in_use: True +openshift_master_debug_level: "{{ debug_level | default(2) }}" + r_openshift_master_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_master_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" @@ -7,7 +12,7 @@ r_openshift_master_clean_install: false r_openshift_master_etcd3_storage: false r_openshift_master_os_firewall_enable: true r_openshift_master_os_firewall_deny: [] -r_openshift_master_os_firewall_allow: +default_r_openshift_master_os_firewall_allow: - service: api server https port: "{{ openshift.master.api_port }}/tcp" - service: api controllers https @@ -19,12 +24,17 @@ r_openshift_master_os_firewall_allow: - service: etcd embedded port: 4001/tcp cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" +r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}" # oreg_url is defined by user input oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker" oreg_auth_credentials_replace: False l_bind_docker_reg_auth: False +openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False)) or (openshift_use_crio_only | default(False)) }}" + +containerized_svc_dir: "/usr/lib/systemd/system" +ha_svc_template_path: "native-cluster" # NOTE # r_openshift_master_*_default may be defined external to this role. @@ -38,8 +48,25 @@ r_openshift_master_use_nuage: "{{ r_openshift_master_use_nuage_default }}" r_openshift_master_use_contiv_default: "{{ openshift_use_contiv | default(False) }}" r_openshift_master_use_contiv: "{{ r_openshift_master_use_contiv_default }}" +r_openshift_master_use_kuryr_default: "{{ openshift_use_kuryr | default(False) }}" +r_openshift_master_use_kuryr: "{{ r_openshift_master_use_kuryr_default }}" + r_openshift_master_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" r_openshift_master_data_dir: "{{ r_openshift_master_data_dir_default }}" r_openshift_master_sdn_network_plugin_name_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}" r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_plugin_name_default }}" + +openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" +openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}" + +openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}" +openshift_master_config_dir: "{{ openshift_master_config_dir_default }}" + +openshift_master_bootstrap_enabled: False + +openshift_master_csr_sa: node-bootstrapper +openshift_master_csr_namespace: openshift-infra + +openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml" +openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json" diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index d5094c2c9..359536202 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -9,10 +9,13 @@ notify: - Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: - name: "{{ openshift.common.service_type }}-master-controllers" - state: restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: - not (master_controllers_service_status_changed | default(false) | bool) - openshift.master.cluster_method == 'native' @@ -22,11 +25,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index a657668a9..a1cda2ad4 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -13,4 +13,5 @@ galaxy_info: - cloud dependencies: - role: lib_openshift +- role: lib_utils - role: lib_os_firewall diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml index 0013f5289..ce55e7d0c 100644 --- a/roles/openshift_master/tasks/bootstrap.yml +++ b/roles/openshift_master/tasks/bootstrap.yml @@ -1,26 +1,13 @@ --- - -- name: ensure the node-bootstrap service account exists - oc_serviceaccount: - name: node-bootstrapper - namespace: openshift-infra - state: present - run_once: true - -- name: grant node-bootstrapper the correct permissions to bootstrap - oc_adm_policy_user: - namespace: openshift-infra - user: system:serviceaccount:openshift-infra:node-bootstrapper - resource_kind: cluster-role - resource_name: system:node-bootstrapper - state: present - run_once: true - # TODO: create a module for this command. # oc_serviceaccounts_kubeconfig - name: create service account kubeconfig with csr rights - command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra" + command: > + oc serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }} register: kubeconfig_out + until: kubeconfig_out.rc == 0 + retries: 24 + delay: 5 - name: put service account kubeconfig into a file on disk for bootstrap copy: diff --git a/roles/openshift_master/tasks/bootstrap_settings.yml b/roles/openshift_master/tasks/bootstrap_settings.yml new file mode 100644 index 000000000..cbd7f587b --- /dev/null +++ b/roles/openshift_master/tasks/bootstrap_settings.yml @@ -0,0 +1,14 @@ +--- +- name: modify controller args + yedit: + src: /etc/origin/master/master-config.yaml + edits: + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file + value: + - /etc/origin/master/ca.crt + - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file + value: + - /etc/origin/master/ca.key + notify: + - restart master controllers + when: openshift_master_bootstrap_enabled | default(False) diff --git a/roles/openshift_master/tasks/check_master_api_is_ready.yml b/roles/openshift_master/tasks/check_master_api_is_ready.yml new file mode 100644 index 000000000..7e8a7a596 --- /dev/null +++ b/roles/openshift_master/tasks/check_master_api_is_ready.yml @@ -0,0 +1,14 @@ +--- +- name: Wait for API to become available + # Using curl here since the uri module requires python-httplib2 and + # wait_for port doesn't provide health information. + command: > + curl --silent --tlsv1.2 + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {{ openshift.master.api_url }}/healthz/ready + register: l_api_available_output + until: l_api_available_output.stdout == 'ok' + retries: 120 + delay: 1 + run_once: true + changed_when: false diff --git a/roles/openshift_master/tasks/clean_systemd_units.yml b/roles/openshift_master/tasks/clean_systemd_units.yml deleted file mode 100644 index e641f84d4..000000000 --- a/roles/openshift_master/tasks/clean_systemd_units.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: Disable master service - systemd: - name: "{{ openshift.common.service_type }}-master" - state: stopped - enabled: no - masked: yes - ignore_errors: true diff --git a/roles/openshift_master/tasks/configure_external_etcd.yml b/roles/openshift_master/tasks/configure_external_etcd.yml new file mode 100644 index 000000000..b0590ac84 --- /dev/null +++ b/roles/openshift_master/tasks/configure_external_etcd.yml @@ -0,0 +1,17 @@ +--- +- name: Remove etcdConfig section + yedit: + src: /etc/origin/master/master-config.yaml + key: "etcdConfig" + state: absent +- name: Set etcdClientInfo.ca to master.etcd-ca.crt + yedit: + src: /etc/origin/master/master-config.yaml + key: etcdClientInfo.ca + value: master.etcd-ca.crt +- name: Set etcdClientInfo.urls to the external etcd + yedit: + src: /etc/origin/master/master-config.yaml + key: etcdClientInfo.urls + value: + - "{{ etcd_peer_url_scheme }}://{{ etcd_ip }}:{{ etcd_peer_port }}" diff --git a/roles/openshift_master/tasks/journald.yml b/roles/openshift_master/tasks/journald.yml new file mode 100644 index 000000000..a16cbe78e --- /dev/null +++ b/roles/openshift_master/tasks/journald.yml @@ -0,0 +1,29 @@ +--- +- name: Checking for journald.conf + stat: path=/etc/systemd/journald.conf + register: journald_conf_file + +- name: Create journald persistence directories + file: + path: /var/log/journal + state: directory + +- name: Update journald setup + replace: + dest: /etc/systemd/journald.conf + regexp: '^(\#| )?{{ item.var }}=\s*.*?$' + replace: ' {{ item.var }}={{ item.val }}' + backup: yes + with_items: "{{ journald_vars_to_replace | default([]) }}" + when: journald_conf_file.stat.exists + register: journald_update + +# I need to restart journald immediatelly, otherwise it gets into way during +# further steps in ansible +- name: Restart journald + command: "systemctl restart systemd-journald" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 + when: journald_update | changed diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 82b4b420c..b6d3539b1 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -18,12 +18,6 @@ - openshift.master.ha | bool - (openshift.master.cluster_method is not defined) or (openshift.master.cluster_method is defined and openshift.master.cluster_method not in ["native", "pacemaker"]) - fail: - msg: "'native' high availability is not supported for the requested OpenShift version" - when: - - openshift.master.ha | bool - - openshift.master.cluster_method == "native" - - not openshift.common.version_gte_3_1_or_1_1 | bool -- fail: msg: "openshift_master_cluster_password must be set for multi-master installations" when: - openshift.master.ha | bool @@ -177,31 +171,12 @@ local_facts: no_proxy_etcd_host_ips: "{{ openshift_no_proxy_etcd_host_ips }}" +- name: Update journald config + include: journald.yml + - name: Install the systemd units include: systemd_units.yml -- name: Checking for journald.conf - stat: path=/etc/systemd/journald.conf - register: journald_conf_file - -- name: Update journald setup - replace: - dest: /etc/systemd/journald.conf - regexp: '^(\#| )?{{ item.var }}=\s*.*?$' - replace: ' {{ item.var }}={{ item.val }}' - backup: yes - with_items: "{{ journald_vars_to_replace | default([]) }}" - when: journald_conf_file.stat.exists - register: journald_update - -# I need to restart journald immediatelly, otherwise it gets into way during -# further steps in ansible -- name: Restart journald - systemd: - name: systemd-journald - state: restarted - when: journald_update | changed - - name: Install Master system container include: system_container.yml when: @@ -237,23 +212,10 @@ - restart master api - restart master controllers -- name: modify controller args - yedit: - src: /etc/origin/master/master-config.yaml - edits: - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file - value: - - /etc/origin/master/ca.crt - - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file - value: - - /etc/origin/master/ca.key - notify: - - restart master controllers +- include: bootstrap_settings.yml when: openshift_master_bootstrap_enabled | default(False) - include: set_loopback_context.yml - when: - - openshift.common.version_gte_3_2_or_1_2 - name: Start and enable master api on first master systemd: @@ -311,59 +273,18 @@ # A separate wait is required here for native HA since notifies will # be resolved after all tasks in the role. -- name: Wait for API to become available - # Using curl here since the uri module requires python-httplib2 and - # wait_for port doesn't provide health information. - command: > - curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} - --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} - {{ openshift.master.api_url }}/healthz/ready - register: l_api_available_output - until: l_api_available_output.stdout == 'ok' - retries: 120 - delay: 1 - run_once: true - changed_when: false +- include: check_master_api_is_ready.yml when: - openshift.master.cluster_method == 'native' - master_api_service_status_changed | bool -- name: Start and enable master controller on first master - systemd: - name: "{{ openshift.common.service_type }}-master-controllers" - enabled: yes - state: started - when: - - openshift.master.cluster_method == 'native' - - inventory_hostname == openshift_master_hosts[0] - register: l_start_result - until: not l_start_result | failed - retries: 1 - delay: 60 - -- name: Dump logs from master-controllers if it failed - command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-master-controllers - when: - - l_start_result | failed - -- name: Wait for master controller service to start on first master - pause: - seconds: 15 - when: - - openshift.master.cluster_method == 'native' - -- name: Start and enable master controller on all masters +- name: Start and enable master controller service systemd: name: "{{ openshift.common.service_type }}-master-controllers" enabled: yes state: started when: - openshift.master.cluster_method == 'native' - - inventory_hostname != openshift_master_hosts[0] register: l_start_result until: not l_start_result | failed retries: 1 @@ -374,7 +295,8 @@ when: - l_start_result | failed -- set_fact: +- name: Set fact master_controllers_service_status_changed + set_fact: master_controllers_service_status_changed: "{{ l_start_result | changed }}" when: - openshift.master.cluster_method == 'native' diff --git a/roles/openshift_master/tasks/registry_auth.yml b/roles/openshift_master/tasks/registry_auth.yml index 2644f235e..c95f562d0 100644 --- a/roles/openshift_master/tasks/registry_auth.yml +++ b/roles/openshift_master/tasks/registry_auth.yml @@ -1,14 +1,4 @@ --- -# We need to setup some variables as this play might be called directly -# from outside of the role. -- set_fact: - oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker" - when: oreg_auth_credentials_path is not defined - -- set_fact: - oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" - when: oreg_host is not defined - - name: Check for credentials file for registry auth stat: path: "{{ oreg_auth_credentials_path }}" @@ -18,9 +8,32 @@ - name: Create credentials for registry auth command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" when: + - not (openshift_docker_alternative_creds | default(False)) - oreg_auth_user is defined - (not master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool register: master_oreg_auth_credentials_create + retries: 3 + delay: 5 + until: master_oreg_auth_credentials_create.rc == 0 + notify: + - restart master api + - restart master controllers + +# docker_creds is a custom module from lib_utils +# 'docker login' requires a docker.service running on the local host, this is an +# alternative implementation for non-docker hosts. This implementation does not +# check the registry to determine whether or not the credentials will work. +- name: Create credentials for registry auth (alternative) + docker_creds: + path: "{{ oreg_auth_credentials_path }}" + registry: "{{ oreg_host }}" + username: "{{ oreg_auth_user }}" + password: "{{ oreg_auth_password }}" + when: + - openshift_docker_alternative_creds | default(False) | bool + - oreg_auth_user is defined + - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + register: master_oreg_auth_credentials_create notify: - restart master api - restart master controllers diff --git a/roles/openshift_master/tasks/restart.yml b/roles/openshift_master/tasks/restart.yml new file mode 100644 index 000000000..4f8b758fd --- /dev/null +++ b/roles/openshift_master/tasks/restart.yml @@ -0,0 +1,22 @@ +--- +- name: Restart master API + service: + name: "{{ openshift.common.service_type }}-master-api" + state: restarted + when: openshift_master_ha | bool +- name: Wait for master API to come back online + wait_for: + host: "{{ openshift.common.hostname }}" + state: started + delay: 10 + port: "{{ openshift.master.api_port }}" + timeout: 600 + when: openshift_master_ha | bool +- name: Restart master controllers + service: + name: "{{ openshift.common.service_type }}-master-controllers" + state: restarted + # Ignore errrors since it is possible that type != simple for + # pre-3.1.1 installations. + ignore_errors: true + when: openshift_master_ha | bool diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml index 91332acfb..843352532 100644 --- a/roles/openshift_master/tasks/system_container.yml +++ b/roles/openshift_master/tasks/system_container.yml @@ -1,4 +1,9 @@ --- +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy + - name: Pre-pull master system container image command: > atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }} diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml index 8de62c59a..b0fa72f19 100644 --- a/roles/openshift_master/tasks/systemd_units.yml +++ b/roles/openshift_master/tasks/systemd_units.yml @@ -1,31 +1,6 @@ --- -# This file is included both in the openshift_master role and in the upgrade -# playbooks. For that reason the ha_svc variables are use set_fact instead of -# the vars directory on the role. - -# This play may be consumed outside the role, we need to ensure that -# openshift_master_config_dir is set. -- name: Set openshift_master_config_dir if unset - set_fact: - openshift_master_config_dir: '/etc/origin/master' - when: openshift_master_config_dir is not defined - -# This play may be consumed outside the role, we need to ensure that -# r_openshift_master_data_dir is set. -- name: Set r_openshift_master_data_dir if unset - set_fact: - r_openshift_master_data_dir: "{{ openshift_data_dir | default('/var/lib/origin') }}" - when: r_openshift_master_data_dir is not defined - -- include: registry_auth.yml - -- name: Remove the legacy master service if it exists - include: clean_systemd_units.yml - -- name: Init HA Service Info - set_fact: - containerized_svc_dir: "/usr/lib/systemd/system" - ha_svc_template_path: "native-cluster" +# systemd_units.yml is included both in the openshift_master role and in the upgrade +# playbooks. - name: Set HA Service Info for containerized installs set_fact: @@ -34,6 +9,25 @@ when: - openshift.common.is_containerized | bool +- include: registry_auth.yml + +- name: Disable the legacy master service if it exists + systemd: + name: "{{ openshift.common.service_type }}-master" + state: stopped + enabled: no + masked: yes + ignore_errors: true + +- name: Remove the legacy master service if it exists + file: + path: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master.service" + state: absent + ignore_errors: true + when: + - openshift.master.cluster_method == "native" + - not openshift.common.is_master_system_container | bool + # This is the image used for both HA and non-HA clusters: - name: Pre-pull master image command: > @@ -61,6 +55,17 @@ - l_create_ha_unit_files | changed # end workaround for missing systemd unit files +- name: enable master services + systemd: + name: "{{ openshift.common.service_type }}-master-{{ item }}" + enabled: yes + with_items: + - api + - controllers + when: + - openshift.master.cluster_method == "native" + - not openshift.common.is_master_system_container | bool + - name: Preserve Master API Proxy Config options command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api register: l_master_api_proxy diff --git a/roles/openshift_master/tasks/upgrade.yml b/roles/openshift_master/tasks/upgrade.yml new file mode 100644 index 000000000..92371921d --- /dev/null +++ b/roles/openshift_master/tasks/upgrade.yml @@ -0,0 +1,45 @@ +--- +- include: upgrade/rpm_upgrade.yml + when: not openshift.common.is_containerized | bool + +- include: upgrade/upgrade_scheduler.yml + +# master_config_hook is passed in from upgrade play. +- include: "upgrade/{{ master_config_hook }}" + when: master_config_hook is defined + +- include: journald.yml + +- include: systemd_units.yml + +- name: Check for ca-bundle.crt + stat: + path: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + register: ca_bundle_stat + failed_when: false + +- name: Check for ca.crt + stat: + path: "{{ openshift.common.config_base }}/master/ca.crt" + register: ca_crt_stat + failed_when: false + +- name: Migrate ca.crt to ca-bundle.crt + command: mv ca.crt ca-bundle.crt + args: + chdir: "{{ openshift.common.config_base }}/master" + when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists + +- name: Link ca.crt to ca-bundle.crt + file: + src: "{{ openshift.common.config_base }}/master/ca-bundle.crt" + path: "{{ openshift.common.config_base }}/master/ca.crt" + state: link + when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists + +- name: Update oreg value + yedit: + src: "{{ openshift.common.config_base }}/master/master-config.yaml" + key: 'imageConfig.format' + value: "{{ oreg_url | default(oreg_url_master) }}" + when: oreg_url is defined or oreg_url_master is defined diff --git a/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml index 8cc46ab68..f914a9978 100644 --- a/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml +++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml @@ -18,21 +18,3 @@ - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}" - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}" - "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" - - PyYAML - when: - - component == "master" - - not openshift.common.is_atomic | bool - -- name: Upgrade node packages - package: name={{ node_pkgs | join(',') }} state=present - vars: - node_pkgs: - - "{{ openshift.common.service_type }}{{ openshift_pkg_version }}" - - "{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" - - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}" - - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}" - - "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" - - PyYAML - when: - - component == "node" - - not openshift.common.is_atomic | bool diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_scheduler.yml b/roles/openshift_master/tasks/upgrade/upgrade_scheduler.yml index 8558bf3e9..8558bf3e9 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_scheduler.yml +++ b/roles/openshift_master/tasks/upgrade/upgrade_scheduler.yml diff --git a/roles/openshift_master/tasks/upgrade/v3_6/master_config_upgrade.yml b/roles/openshift_master/tasks/upgrade/v3_6/master_config_upgrade.yml new file mode 100644 index 000000000..db0c8f886 --- /dev/null +++ b/roles/openshift_master/tasks/upgrade/v3_6/master_config_upgrade.yml @@ -0,0 +1,15 @@ +--- +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.serviceServingCert.signer.certFile' + yaml_value: service-signer.crt + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile' + yaml_value: service-signer.key + +- modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: ca.crt diff --git a/roles/openshift_master/tasks/upgrade/v3_7/master_config_upgrade.yml b/roles/openshift_master/tasks/upgrade/v3_7/master_config_upgrade.yml new file mode 100644 index 000000000..1d4d1919c --- /dev/null +++ b/roles/openshift_master/tasks/upgrade/v3_7/master_config_upgrade.yml @@ -0,0 +1,20 @@ +--- +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.election.lockName' + yaml_value: 'openshift-master-controllers' + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.serviceServingCert.signer.certFile' + yaml_value: service-signer.crt + +- modify_yaml: + dest: "{{ openshift.common.config_base}}/master/master-config.yaml" + yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile' + yaml_value: service-signer.key + +- modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: servingInfo.clientCA + yaml_value: ca.crt diff --git a/roles/openshift_master/tasks/upgrade_facts.yml b/roles/openshift_master/tasks/upgrade_facts.yml new file mode 100644 index 000000000..2252c003a --- /dev/null +++ b/roles/openshift_master/tasks/upgrade_facts.yml @@ -0,0 +1,37 @@ +--- +# This file exists because we call systemd_units.yml from outside of the role +# during upgrades. When we remove this pattern, we can probably +# eliminate most of these set_fact items. + +- name: Set openshift_master_config_dir if unset + set_fact: + openshift_master_config_dir: '/etc/origin/master' + when: openshift_master_config_dir is not defined + +- name: Set r_openshift_master_data_dir if unset + set_fact: + r_openshift_master_data_dir: "{{ openshift_data_dir | default('/var/lib/origin') }}" + when: r_openshift_master_data_dir is not defined + +- set_fact: + oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker" + when: oreg_auth_credentials_path is not defined + +- set_fact: + oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" + when: oreg_host is not defined + +- set_fact: + oreg_auth_credentials_replace: False + when: oreg_auth_credentials_replace is not defined + +- name: Set openshift_master_debug_level + set_fact: + openshift_master_debug_level: "{{ debug_level | default(2) }}" + when: + - openshift_master_debug_level is not defined + +- name: Init HA Service Info + set_fact: + containerized_svc_dir: "{{ containerized_svc_dir | default('/usr/lib/systemd/system') }}" + ha_svc_template_path: "{{ ha_svc_template_path | default('native-cluster') }}" diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index b931f1414..3f7a528a9 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,4 +1,4 @@ -OPTIONS=--loglevel={{ openshift.master.debug_level | default(2) }} +OPTIONS=--loglevel={{ openshift_master_debug_level }} CONFIG_FILE={{ openshift_master_config_file }} {# Preserve existing OPENSHIFT_DEFAULT_REGISTRY settings in scale up runs #} {% if openshift_master_is_scaleup_host %} @@ -21,7 +21,7 @@ AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key }} {% endif %} {% if 'api_env_vars' in openshift.master or 'controllers_env_vars' in openshift.master -%} -{% for key, value in openshift.master.api_env_vars.items() | default([]) | union(openshift.master.controllers_env_vars.items() | default([])) -%} +{% for key, value in (openshift.master.api_env_vars | default({})).items() | union((openshift.master.controllers_env_vars | default({})).items()) -%} {{ key }}={{ value }} {% endfor -%} {% endif -%} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index d045b402b..629fe3286 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -3,9 +3,6 @@ admissionConfig: pluginConfig:{{ openshift.master.admission_plugin_config | to_padded_yaml(level=2) }} {% endif %} apiLevels: -{% if not openshift.common.version_gte_3_1_or_1_1 | bool %} -- v1beta3 -{% endif %} - v1 apiVersion: v1 assetConfig: @@ -44,10 +41,9 @@ assetConfig: - {{ cipher_suite }} {% endfor %} {% endif %} -{% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %} +{% if openshift.master.audit_config | default(none) is not none %} auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }} {% endif %} -{% if openshift.common.version_gte_3_3_or_1_3 | bool %} controllerConfig: election: lockName: openshift-master-controllers @@ -55,14 +51,14 @@ controllerConfig: signer: certFile: service-signer.crt keyFile: service-signer.key -{% endif %} controllers: '*' corsAllowedOrigins: + # anchor with start (\A) and end (\z) of the string, make the check case insensitive ((?i)) and escape hostname {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} - - {{ origin }} + - (?i)//{{ origin | regex_escape() }}(:|\z) {% endfor %} {% for custom_origin in openshift.master.custom_cors_origins | default("") %} - - {{ custom_origin }} + - (?i)//{{ custom_origin | regex_escape() }}(:|\z) {% endfor %} {% if 'disabled_features' in openshift.master %} disabledFeatures: {{ openshift.master.disabled_features | to_json }} @@ -73,11 +69,7 @@ dnsConfig: bindNetwork: tcp4 {% endif %} etcdClientInfo: -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} ca: {{ "ca-bundle.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} -{% else %} - ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} -{% endif %} certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: @@ -91,20 +83,12 @@ etcdConfig: peerServingInfo: bindAddress: {{ openshift.master.bind_addr }}:7001 certFile: etcd.server.crt -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} clientCA: ca-bundle.crt -{% else %} - clientCA: ca.crt -{% endif %} keyFile: etcd.server.key servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.etcd_port }} certFile: etcd.server.crt -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} clientCA: ca-bundle.crt -{% else %} - clientCA: ca.crt -{% endif %} keyFile: etcd.server.key storageDirectory: {{ r_openshift_master_data_dir }}/openshift.local.etcd {% endif %} @@ -115,28 +99,19 @@ etcdStorageConfig: openShiftStorageVersion: v1 imageConfig: format: {{ openshift.master.registry_url }} - latest: false + latest: {{ openshift_master_image_config_latest }} {% if 'image_policy_config' in openshift.master %} imagePolicyConfig:{{ openshift.master.image_policy_config | to_padded_yaml(level=1) }} {% endif %} kind: MasterConfig kubeletClientInfo: {# TODO: allow user specified kubelet port #} -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} ca: ca-bundle.crt -{% else %} - ca: ca.crt -{% endif %} certFile: master.kubelet-client.crt keyFile: master.kubelet-client.key port: 10250 {% if openshift.master.embedded_kube | bool %} kubernetesMasterConfig: -{% if not openshift.common.version_gte_3_1_or_1_1 | bool %} - apiLevels: - - v1beta3 - - v1 -{% endif %} apiServerArguments: {{ openshift.master.api_server_args | default(None) | to_padded_yaml( level=2 ) }} {% if r_openshift_master_etcd3_storage or ( r_openshift_master_clean_install and openshift.common.version_gte_3_6 ) %} storage-backend: @@ -159,27 +134,28 @@ kubernetesMasterConfig: {% endif %} masterClients: {# TODO: allow user to set externalKubernetesKubeConfig #} -{% if openshift.common.version_gte_3_3_or_1_3 | bool %} externalKubernetesClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json contentType: application/vnd.kubernetes.protobuf burst: {{ openshift_master_external_ratelimit_burst | default(400) }} qps: {{ openshift_master_external_ratelimit_qps | default(200) }} -{% endif %} externalKubernetesKubeConfig: "" -{% if openshift.common.version_gte_3_3_or_1_3 | bool %} openshiftLoopbackClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json contentType: application/vnd.kubernetes.protobuf burst: {{ openshift_master_loopback_ratelimit_burst | default(600) }} qps: {{ openshift_master_loopback_ratelimit_qps | default(300) }} -{% endif %} openshiftLoopbackKubeConfig: openshift-master.kubeconfig masterPublicURL: {{ openshift.master.public_api_url }} networkConfig: clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} -{% if r_openshift_master_use_openshift_sdn or r_openshift_master_use_nuage or r_openshift_master_use_contiv or r_openshift_master_sdn_network_plugin_name == 'cni' %} +{% if openshift.common.version_gte_3_7 | bool %} + clusterNetworks: + - cidr: {{ openshift.master.sdn_cluster_network_cidr }} + hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} +{% endif %} +{% if r_openshift_master_use_openshift_sdn or r_openshift_master_use_nuage or r_openshift_master_use_contiv or r_openshift_master_use_kuryr or r_openshift_master_sdn_network_plugin_name == 'cni' %} networkPluginName: {{ r_openshift_master_sdn_network_plugin_name_default }} {% endif %} # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet @@ -202,11 +178,7 @@ oauthConfig: {% for line in translated_identity_providers.splitlines() %} {{ line }} {% endfor %} -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} masterCA: ca-bundle.crt -{% else %} - masterCA: ca.crt -{% endif %} masterPublicURL: {{ openshift.master.public_api_url }} masterURL: {{ openshift.master.api_url }} sessionConfig: @@ -239,11 +211,7 @@ serviceAccountConfig: - default - builder - deployer -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} masterCA: ca-bundle.crt -{% else %} - masterCA: ca.crt -{% endif %} privateKeyFile: serviceaccounts.private.key publicKeyFiles: - serviceaccounts.public.key @@ -251,11 +219,7 @@ servingInfo: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} bindNetwork: tcp4 certFile: master.server.crt -{% if openshift.common.version_gte_3_2_or_1_2 | bool %} - clientCA: ca-bundle.crt -{% else %} clientCA: ca.crt -{% endif %} keyFile: master.server.key maxRequestsInFlight: {{ openshift.master.max_requests_inflight }} requestTimeoutSeconds: 3600 @@ -279,12 +243,5 @@ servingInfo: - {{ cipher_suite }} {% endfor %} {% endif %} -{% if openshift_template_service_broker_namespaces is defined %} -templateServiceBrokerConfig: - templateNamespaces: -{% for namespace in openshift_template_service_broker_namespaces %} - - {{ namespace }} -{% endfor %} -{% endif %} volumeConfig: dynamicProvisioningEnabled: {{ openshift.master.dynamic_provisioning_enabled }} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 index 63eb3ea1b..cc21b37af 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2 @@ -1,4 +1,4 @@ -OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }} +OPTIONS=--loglevel={{ openshift_master_debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }} CONFIG_FILE={{ openshift_master_config_file }} {# Preserve existing OPENSHIFT_DEFAULT_REGISTRY settings in scale up runs #} {% if openshift_master_is_scaleup_host %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 index 0adfd05b6..493fc510e 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2 @@ -1,4 +1,4 @@ -OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }} +OPTIONS=--loglevel={{ openshift_master_debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }} CONFIG_FILE={{ openshift_master_config_file }} {# Preserve existing OPENSHIFT_DEFAULT_REGISTRY settings in scale up runs #} {% if openshift_master_is_scaleup_host %} diff --git a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 index e284413f7..fae021845 100644 --- a/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 +++ b/roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.service.j2 @@ -7,11 +7,7 @@ Wants={{ openshift.common.service_type }}-master-api.service Requires=network-online.target [Service] -{% if openshift.common.version_gte_3_1_1_or_1_1_1 | bool %} Type=notify -{% else %} -Type=simple -{% endif %} EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers Environment=GOTRACEBACK=crash ExecStart=/usr/bin/openshift start master controllers --config=${CONFIG_FILE} $OPTIONS diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index d9ffb1b6f..ec1fbb1ee 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -3,7 +3,7 @@ openshift_master_certs_no_etcd: - admin.crt - master.kubelet-client.crt - - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}" + - master.proxy-client.crt - master.server.crt - openshift-master.crt - openshift-registry.crt @@ -57,9 +57,7 @@ --hostnames={{ hostvars[item].openshift.common.all_hostnames | join(',') }} --cert={{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }}/master.server.crt --key={{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }}/master.server.key - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_master_cert_expire_days }} - {% endif %} --signer-cert={{ openshift_ca_cert }} --signer-key={{ openshift_ca_key }} --signer-serial={{ openshift_ca_serial }} @@ -87,9 +85,7 @@ --signer-serial={{ openshift_ca_serial }} --user=system:openshift-master --basename=openshift-master - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_master_cert_expire_days }} - {% endif %} args: creates: "{{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }}/openshift-master.kubeconfig" with_items: "{{ hostvars diff --git a/roles/openshift_master_cluster/tasks/main.yml b/roles/openshift_master_cluster/tasks/main.yml index 0543872c9..40705d357 100644 --- a/roles/openshift_master_cluster/tasks/main.yml +++ b/roles/openshift_master_cluster/tasks/main.yml @@ -3,10 +3,6 @@ msg: "Not possible on atomic hosts for now" when: openshift.common.is_containerized | bool -- fail: - msg: "Pacemaker HA is unsupported on OpenShift Enterprise 3.2 and Origin 1.2" - when: openshift.master.cluster_method == "pacemaker" and openshift.common.version_gte_3_2_or_1_2 | bool - - name: Test if cluster is already configured command: pcs status register: pcs_status diff --git a/roles/openshift_master_facts/filter_plugins/openshift_master.py b/roles/openshift_master_facts/filter_plugins/openshift_master.py index f7f3ac2b1..c827f2d26 100644 --- a/roles/openshift_master_facts/filter_plugins/openshift_master.py +++ b/roles/openshift_master_facts/filter_plugins/openshift_master.py @@ -326,10 +326,8 @@ class IdentityProviderOauthBase(IdentityProviderBase): self._required += [['clientID', 'client_id'], ['clientSecret', 'client_secret']] def validate(self): - ''' validate this idp instance ''' - if self.challenge: - raise errors.AnsibleFilterError("|failed provider {0} does not " - "allow challenge authentication".format(self.__class__.__name__)) + ''' validate an instance of this idp class ''' + pass class OpenIDIdentityProvider(IdentityProviderOauthBase): @@ -363,7 +361,6 @@ class OpenIDIdentityProvider(IdentityProviderOauthBase): def validate(self): ''' validate this idp instance ''' - IdentityProviderOauthBase.validate(self) if not isinstance(self.provider['claims'], dict): raise errors.AnsibleFilterError("|failed claims for provider {0} " "must be a dictionary".format(self.__class__.__name__)) @@ -429,6 +426,12 @@ class GoogleIdentityProvider(IdentityProviderOauthBase): IdentityProviderOauthBase.__init__(self, api_version, idp) self._optional += [['hostedDomain', 'hosted_domain']] + def validate(self): + ''' validate this idp instance ''' + if self.challenge: + raise errors.AnsibleFilterError("|failed provider {0} does not " + "allow challenge authentication".format(self.__class__.__name__)) + class GitHubIdentityProvider(IdentityProviderOauthBase): """ GitHubIdentityProvider @@ -447,6 +450,12 @@ class GitHubIdentityProvider(IdentityProviderOauthBase): self._optional += [['organizations'], ['teams']] + def validate(self): + ''' validate this idp instance ''' + if self.challenge: + raise errors.AnsibleFilterError("|failed provider {0} does not " + "allow challenge authentication".format(self.__class__.__name__)) + class FilterModule(object): ''' Custom ansible filters for use by the openshift_master role''' @@ -509,29 +518,16 @@ class FilterModule(object): 'admin.key', 'admin.kubeconfig', 'master.kubelet-client.crt', - 'master.kubelet-client.key'] + 'master.kubelet-client.key', + 'master.proxy-client.crt', + 'master.proxy-client.key', + 'service-signer.crt', + 'service-signer.key'] if bool(include_ca): - certs += ['ca.crt', 'ca.key', 'ca-bundle.crt'] + certs += ['ca.crt', 'ca.key', 'ca-bundle.crt', 'client-ca-bundle.crt'] if bool(include_keys): certs += ['serviceaccounts.private.key', 'serviceaccounts.public.key'] - if bool(hostvars['openshift']['common']['version_gte_3_1_or_1_1']): - certs += ['master.proxy-client.crt', - 'master.proxy-client.key'] - if not bool(hostvars['openshift']['common']['version_gte_3_2_or_1_2']): - certs += ['openshift-master.crt', - 'openshift-master.key', - 'openshift-master.kubeconfig'] - if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']): - certs += ['service-signer.crt', - 'service-signer.key'] - if not bool(hostvars['openshift']['common']['version_gte_3_5_or_1_5']): - certs += ['openshift-registry.crt', - 'openshift-registry.key', - 'openshift-registry.kubeconfig', - 'openshift-router.crt', - 'openshift-router.key', - 'openshift-router.kubeconfig'] return certs @staticmethod diff --git a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py index f27eb629d..edc98813c 100644 --- a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py +++ b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_predicates.py @@ -40,10 +40,10 @@ class LookupModule(LookupBase): # pylint: disable=line-too-long raise AnsibleError("Either OpenShift needs to be installed or openshift_release needs to be specified") if deployment_type == 'origin': - if short_version not in ['1.1', '1.2', '1.3', '1.4', '1.5', '3.6', '3.7', 'latest']: + if short_version not in ['1.1', '1.2', '1.3', '1.4', '1.5', '3.6', '3.7', '3.8', 'latest']: raise AnsibleError("Unknown short_version %s" % short_version) elif deployment_type == 'openshift-enterprise': - if short_version not in ['3.1', '3.2', '3.3', '3.4', '3.5', '3.6', '3.7', 'latest']: + if short_version not in ['3.1', '3.2', '3.3', '3.4', '3.5', '3.6', '3.7', '3.8', 'latest']: raise AnsibleError("Unknown short_version %s" % short_version) else: raise AnsibleError("Unknown deployment_type %s" % deployment_type) @@ -53,7 +53,7 @@ class LookupModule(LookupBase): short_version = re.sub('^1.', '3.', short_version) if short_version == 'latest': - short_version = '3.7' + short_version = '3.8' # Predicates ordered according to OpenShift Origin source: # origin/vendor/k8s.io/kubernetes/plugin/pkg/scheduler/algorithmprovider/defaults/defaults.go @@ -114,7 +114,7 @@ class LookupModule(LookupBase): {'name': 'CheckNodeDiskPressure'}, ]) - if short_version in ['3.7']: + if short_version in ['3.7', '3.8']: predicates.extend([ {'name': 'NoVolumeZoneConflict'}, {'name': 'MaxEBSVolumeCount'}, diff --git a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py index fe488f49c..21985c7c2 100644 --- a/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py +++ b/roles/openshift_master_facts/lookup_plugins/openshift_master_facts_default_priorities.py @@ -41,10 +41,10 @@ class LookupModule(LookupBase): raise AnsibleError("Either OpenShift needs to be installed or openshift_release needs to be specified") if deployment_type == 'origin': - if short_version not in ['1.1', '1.2', '1.3', '1.4', '1.5', '3.6', '3.7', 'latest']: + if short_version not in ['1.1', '1.2', '1.3', '1.4', '1.5', '3.6', '3.7', '3.8', 'latest']: raise AnsibleError("Unknown short_version %s" % short_version) elif deployment_type == 'openshift-enterprise': - if short_version not in ['3.1', '3.2', '3.3', '3.4', '3.5', '3.6', '3.7', 'latest']: + if short_version not in ['3.1', '3.2', '3.3', '3.4', '3.5', '3.6', '3.7', '3.8', 'latest']: raise AnsibleError("Unknown short_version %s" % short_version) else: raise AnsibleError("Unknown deployment_type %s" % deployment_type) @@ -54,7 +54,7 @@ class LookupModule(LookupBase): short_version = re.sub('^1.', '3.', short_version) if short_version == 'latest': - short_version = '3.7' + short_version = '3.8' if short_version == '3.1': priorities.extend([ @@ -91,7 +91,7 @@ class LookupModule(LookupBase): {'name': 'InterPodAffinityPriority', 'weight': 1} ]) - if short_version in ['3.5', '3.6', '3.7']: + if short_version in ['3.5', '3.6', '3.7', '3.8']: priorities.extend([ {'name': 'SelectorSpreadPriority', 'weight': 1}, {'name': 'InterPodAffinityPriority', 'weight': 1}, diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index a95570d38..cf0be3bef 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -34,7 +34,6 @@ cluster_method: "{{ openshift_master_cluster_method | default('native') }}" cluster_hostname: "{{ openshift_master_cluster_hostname | default(None) }}" cluster_public_hostname: "{{ openshift_master_cluster_public_hostname | default(None) }}" - debug_level: "{{ openshift_master_debug_level | default(openshift.common.debug_level) }}" api_port: "{{ openshift_master_api_port | default(None) }}" api_url: "{{ openshift_master_api_url | default(None) }}" api_use_ssl: "{{ openshift_master_api_use_ssl | default(None) }}" @@ -89,7 +88,6 @@ controller_args: "{{ osm_controller_args | default(None) }}" disabled_features: "{{ osm_disabled_features | default(None) }}" master_count: "{{ openshift_master_count | default(None) }}" - controller_lease_ttl: "{{ osm_controller_lease_ttl | default(None) }}" master_image: "{{ osm_image | default(None) }}" admission_plugin_config: "{{openshift_master_admission_plugin_config }}" kube_admission_plugin_config: "{{openshift_master_kube_admission_plugin_config | default(None) }}" # deprecated, merged with admission_plugin_config diff --git a/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py b/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py index 38a918803..f58341280 100644 --- a/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py +++ b/roles/openshift_master_facts/test/openshift_master_facts_default_predicates_tests.py @@ -71,6 +71,8 @@ DEFAULT_PREDICATES_3_7 = [ {'name': 'NoVolumeNodeConflict'}, ] +DEFAULT_PREDICATES_3_8 = DEFAULT_PREDICATES_3_7 + REGION_PREDICATE = { 'name': 'Region', 'argument': { @@ -95,6 +97,8 @@ TEST_VARS = [ ('3.6', 'openshift-enterprise', DEFAULT_PREDICATES_3_6), ('3.7', 'origin', DEFAULT_PREDICATES_3_7), ('3.7', 'openshift-enterprise', DEFAULT_PREDICATES_3_7), + ('3.8', 'origin', DEFAULT_PREDICATES_3_8), + ('3.8', 'openshift-enterprise', DEFAULT_PREDICATES_3_8), ] diff --git a/roles/openshift_metrics/README.md b/roles/openshift_metrics/README.md index ed698daca..b74f22c00 100644 --- a/roles/openshift_metrics/README.md +++ b/roles/openshift_metrics/README.md @@ -109,3 +109,78 @@ Author Information ------------------ Jose David MartÃn (j.david.nieto@gmail.com) + +Image update procedure +---------------------- +An upgrade of the metrics stack from older version to newer is an automated process and should be performed by calling appropriate ansible playbook and setting required ansible variables in your inventory as documented in https://docs.openshift.org/. + +Following text describes manual update of the metrics images without version upgrade. To determine the current version of images being used you can: +``` +oc describe pod | grep 'Image ID:' +``` +This will get the repo digest that can later be compared to the inspected image details. + +A way to determine when was your image last updated: +``` +$ docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +<registry>/openshift3/origin-metrics-cassandra v3.7 f8ad8d569e27 14 hours ago 783.7 MB + +$ docker inspect 9c3597aeb39f +[ + { + . . . + "RepoDigests": [ + "<registry>/openshift3/metrics-cassandra@sha256:d37fc0cab268625b53a92bb98d09fcc501cfca1c68e16bac6dd98446d32ba135 + ], + . . . + "Config": { + . . . + "Labels": { + . . . + "build-date": "2017-10-17T16:47:44.350655", + . . . + "release": "0.143.4.0", + . . . + "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/openshift3/metrics-cassandra/images/v3.7.0-0.143.4.0", + . . . + "version": "v3.7.0" + } + }, + . . . +``` + +Pull a new image to see if registry has any newer images with the same tag: +``` +$ docker pull <registry>/openshift3/origin-metrics-cassandra:v3.7 +``` + +If there was an update, you need to run the `docker pull` on each node. + +It is recommended that you now rerun the `openshift_metrics` playbook to ensure that any necessary config changes are also picked up. + +To manually redeploy your pod you can do the following: +- for a DC you can do: +``` +oc rollout latest <dc_name> +``` + +- for a RC you can scale down and scale back up +``` +oc scale --replicas=0 <rc_name> + +... wait for scale down + +oc scale --replicas=<original_replica_count> <rc_name> +``` + +- for a DS you can delete the pod or unlabel and relabel your node +``` +oc delete pod --selector=<ds_selector> +``` + +Changelog +--------- + +Tue Oct 10, 2017 +- Default imagePullPolicy changed from Always to IfNotPresent diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml index ce7688581..074b72942 100644 --- a/roles/openshift_metrics/handlers/main.yml +++ b/roles/openshift_metrics/handlers/main.yml @@ -4,8 +4,13 @@ when: (not (master_api_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' notify: Verify API Server +# We retry the controllers because the API may not be 100% initialized yet. - name: restart master controllers - systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted + command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" + retries: 3 + delay: 5 + register: result + until: result.rc == 0 when: (not (master_controllers_service_status_changed | default(false) | bool)) and openshift.master.cluster_method == 'native' - name: Verify API Server @@ -13,11 +18,7 @@ # wait_for port doesn't provide health information. command: > curl --silent --tlsv1.2 - {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt - {% else %} - --cacert {{ openshift.common.config_base }}/master/ca.crt - {% endif %} {{ openshift.master.api_url }}/healthz/ready args: # Disables the following warning: diff --git a/roles/openshift_metrics/tasks/install_cassandra.yaml b/roles/openshift_metrics/tasks/install_cassandra.yaml index 7928a0346..48584bd64 100644 --- a/roles/openshift_metrics/tasks/install_cassandra.yaml +++ b/roles/openshift_metrics/tasks/install_cassandra.yaml @@ -54,6 +54,7 @@ access_modes: "{{ openshift_metrics_cassandra_pvc_access | list }}" size: "{{ openshift_metrics_cassandra_pvc_size }}" pv_selector: "{{ openshift_metrics_cassandra_pv_selector }}" + storage_class_name: "{{ openshift_metrics_cassanda_pvc_storage_class_name | default('', true) }}" with_sequence: count={{ openshift_metrics_cassandra_replicas }} when: openshift_metrics_cassandra_storage_type == 'dynamic' changed_when: false diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 index 6f341bcfb..6a3811598 100644 --- a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -30,7 +30,7 @@ spec: {% endif %} containers: - image: "{{ openshift_metrics_image_prefix }}metrics-cassandra:{{ openshift_metrics_image_version }}" - imagePullPolicy: Always + imagePullPolicy: IfNotPresent name: hawkular-cassandra-{{ node }} ports: - name: cql-port diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 index 59f7fb44a..0662bea53 100644 --- a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -25,7 +25,7 @@ spec: {% endif %} containers: - image: {{openshift_metrics_image_prefix}}metrics-hawkular-metrics:{{openshift_metrics_image_version}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent name: hawkular-metrics ports: - name: http-endpoint diff --git a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 index d65eaf9ae..40d09e9fa 100644 --- a/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 +++ b/roles/openshift_metrics/templates/hawkular_openshift_agent_ds.j2 @@ -25,7 +25,7 @@ spec: {% endif %} containers: - image: {{openshift_metrics_image_prefix}}metrics-hawkular-openshift-agent:{{openshift_metrics_image_version}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent name: hawkular-openshift-agent {% if ((openshift_metrics_hawkular_agent_limits_cpu is defined and openshift_metrics_hawkular_agent_limits_cpu is not none) or (openshift_metrics_hawkular_agent_limits_memory is defined and openshift_metrics_hawkular_agent_limits_memory is not none) diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 index d8c7763ea..e732c1eee 100644 --- a/roles/openshift_metrics/templates/heapster.j2 +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -27,7 +27,7 @@ spec: containers: - name: heapster image: {{openshift_metrics_image_prefix}}metrics-heapster:{{openshift_metrics_image_version}} - imagePullPolicy: Always + imagePullPolicy: IfNotPresent ports: - containerPort: 8082 name: "http-endpoint" diff --git a/roles/openshift_metrics/vars/openshift-enterprise.yml b/roles/openshift_metrics/vars/openshift-enterprise.yml index 68cdf06fe..5a1728de5 100644 --- a/roles/openshift_metrics/vars/openshift-enterprise.yml +++ b/roles/openshift_metrics/vars/openshift-enterprise.yml @@ -1,3 +1,3 @@ --- __openshift_metrics_image_prefix: "registry.access.redhat.com/openshift3/" -__openshift_metrics_image_version: "v3.6" +__openshift_metrics_image_version: "v3.7" diff --git a/roles/openshift_named_certificates/tasks/named_certificates.yml b/roles/openshift_named_certificates/tasks/named_certificates.yml deleted file mode 100644 index 7b097b443..000000000 --- a/roles/openshift_named_certificates/tasks/named_certificates.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Clear named certificates - file: - path: "{{ named_certs_dir }}" - state: absent - when: overwrite_named_certs | bool - -- name: Ensure named certificate directory exists - file: - path: "{{ named_certs_dir }}" - state: directory - mode: 0700 - -- name: Land named certificates - copy: - src: "{{ item.certfile }}" - dest: "{{ named_certs_dir }}" - with_items: "{{ openshift_master_named_certificates | default([]) }}" - -- name: Land named certificate keys - copy: - src: "{{ item.keyfile }}" - dest: "{{ named_certs_dir }}" - mode: 0600 - with_items: "{{ openshift_master_named_certificates | default([]) }}" - -- name: Land named CA certificates - copy: - src: "{{ item }}" - dest: "{{ named_certs_dir }}" - mode: 0600 - with_items: "{{ openshift_master_named_certificates | default([]) | oo_collect('cafile') }}" diff --git a/roles/openshift_nfs/README.md b/roles/openshift_nfs/README.md new file mode 100644 index 000000000..36ea36385 --- /dev/null +++ b/roles/openshift_nfs/README.md @@ -0,0 +1,17 @@ +OpenShift NFS +============= + +Sets up basic NFS services on a cluster host. + +See [tasks/create_export.yml](tasks/create_export.yml) for +instructions on using the export creation tasks file. + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +Tim Bielawa (tbielawa@redhat.com) diff --git a/roles/openshift_nfs/defaults/main.yml b/roles/openshift_nfs/defaults/main.yml new file mode 100644 index 000000000..ee94c7c57 --- /dev/null +++ b/roles/openshift_nfs/defaults/main.yml @@ -0,0 +1,8 @@ +--- +r_openshift_nfs_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" +r_openshift_nfs_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" + +r_openshift_nfs_os_firewall_deny: [] +r_openshift_nfs_firewall_allow: +- service: nfs + port: "2049/tcp" diff --git a/roles/openshift_node_upgrade/meta/main.yml b/roles/openshift_nfs/meta/main.yml index a810b01dc..d7b5910f2 100644 --- a/roles/openshift_node_upgrade/meta/main.yml +++ b/roles/openshift_nfs/meta/main.yml @@ -1,13 +1,16 @@ --- galaxy_info: - author: your name - description: OpenShift Node upgrade + author: Tim Bielawa + description: OpenShift Basic NFS Configuration company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 2.1 + min_ansible_version: 2.2 platforms: - name: EL versions: - 7 + categories: + - cloud dependencies: - role: lib_utils +- role: lib_os_firewall diff --git a/roles/openshift_nfs/tasks/create_export.yml b/roles/openshift_nfs/tasks/create_export.yml new file mode 100644 index 000000000..b0b888d56 --- /dev/null +++ b/roles/openshift_nfs/tasks/create_export.yml @@ -0,0 +1,34 @@ +--- +# Makes a new NFS export +# +# Include signature +# +# include_role: +# role: openshift_nfs +# tasks_from: create_export +# vars: +# l_nfs_base_dir: Base dir to exports +# l_nfs_export_config: Name to prefix the .exports file with +# l_nfs_export_name: Name of sub-directory of the export +# l_nfs_options: Mount Options + +- name: "Ensure {{ l_nfs_export_name }} NFS export directory exists" + file: + path: "{{ l_nfs_base_dir }}/{{ l_nfs_export_name }}" + state: directory + mode: 0777 + owner: nfsnobody + group: nfsnobody + +- name: "Create {{ l_nfs_export_name }} NFS export" + lineinfile: + path: "/etc/exports.d/{{ l_nfs_export_config }}.exports" + create: true + state: present + line: "{{ l_nfs_base_dir }}/{{ l_nfs_export_name }} {{ l_nfs_options }}" + register: created_export + +- name: Re-export NFS filesystems + command: exportfs -ar + when: + - created_export | changed diff --git a/roles/openshift_nfs/tasks/firewall.yml b/roles/openshift_nfs/tasks/firewall.yml new file mode 100644 index 000000000..0898b2b5c --- /dev/null +++ b/roles/openshift_nfs/tasks/firewall.yml @@ -0,0 +1,40 @@ +--- +- when: r_openshift_nfs_firewall_enabled | bool and not r_openshift_nfs_use_firewalld | bool + block: + - name: Add iptables allow rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: add + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_openshift_nfs_firewall_allow }}" + + - name: Remove iptables rules + os_firewall_manage_iptables: + name: "{{ item.service }}" + action: remove + protocol: "{{ item.port.split('/')[1] }}" + port: "{{ item.port.split('/')[0] }}" + when: item.cond | default(True) + with_items: "{{ r_openshift_nfs_os_firewall_deny }}" + +- when: r_openshift_nfs_firewall_enabled | bool and r_openshift_nfs_use_firewalld | bool + block: + - name: Add firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: enabled + when: item.cond | default(True) + with_items: "{{ r_openshift_nfs_firewall_allow }}" + + - name: Remove firewalld allow rules + firewalld: + port: "{{ item.port }}" + permanent: true + immediate: true + state: disabled + when: item.cond | default(True) + with_items: "{{ r_openshift_nfs_os_firewall_deny }}" diff --git a/roles/openshift_nfs/tasks/setup.yml b/roles/openshift_nfs/tasks/setup.yml new file mode 100644 index 000000000..3070de495 --- /dev/null +++ b/roles/openshift_nfs/tasks/setup.yml @@ -0,0 +1,29 @@ +--- +- name: setup firewall + include: firewall.yml + static: yes + +- name: Install nfs-utils + package: name=nfs-utils state=present + +- name: Configure NFS + lineinfile: + dest: /etc/sysconfig/nfs + regexp: '^RPCNFSDARGS=.*$' + line: 'RPCNFSDARGS="-N 2 -N 3"' + register: nfs_config + +- name: Restart nfs-config + systemd: name=nfs-config state=restarted + when: nfs_config | changed + +- name: Ensure exports directory exists + file: + path: "{{ l_nfs_base_dir }}" + state: directory + +- name: Enable and start NFS services + systemd: + name: nfs-server + state: started + enabled: yes diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 1214c08e5..89d154ad7 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -1,12 +1,15 @@ --- +openshift_node_debug_level: "{{ debug_level | default(2) }}" + r_openshift_node_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_node_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" -openshift_service_type: "{{ openshift.common.service_type }}" +openshift_deployment_type: "{{ openshift_deployment_type | default('origin') }}" +openshift_service_type: "{{ 'origin' if openshift_deployment_type == 'origin' else 'atomic-openshift' }}" openshift_image_tag: '' -openshift_node_ami_prep_packages: +default_r_openshift_node_image_prep_packages: - "{{ openshift_service_type }}-master" - "{{ openshift_service_type }}-node" - "{{ openshift_service_type }}-docker-excluder" @@ -15,7 +18,6 @@ openshift_node_ami_prep_packages: - openvswitch - docker - etcd -#- pcs - haproxy - dnsmasq - ntp @@ -31,7 +33,6 @@ openshift_node_ami_prep_packages: - python-dbus - PyYAML - yum-utils -- cloud-utils-growpart # gluster - glusterfs-fuse # nfs @@ -52,7 +53,7 @@ openshift_node_ami_prep_packages: # - container-selinux # - atomic # -openshift_deployment_type: origin +r_openshift_node_image_prep_packages: "{{ default_r_openshift_node_image_prep_packages | union(openshift_node_image_prep_packages | default([])) }}" openshift_node_bootstrap: False @@ -84,6 +85,7 @@ oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_ur oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker" oreg_auth_credentials_replace: False l_bind_docker_reg_auth: False +openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False)) or (openshift_use_crio_only | default(False)) }}" # NOTE # r_openshift_node_*_default may be defined external to this role. @@ -103,5 +105,16 @@ openshift_node_use_nuage: "{{ openshift_node_use_nuage_default }}" openshift_node_use_contiv_default: "{{ openshift_use_contiv | default(False) }}" openshift_node_use_contiv: "{{ openshift_node_use_contiv_default }}" +openshift_node_use_kuryr_default: "{{ openshift_use_kuryr | default(False) }}" +openshift_node_use_kuryr: "{{ openshift_node_use_kuryr_default }}" + openshift_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" openshift_node_data_dir: "{{ openshift_node_data_dir_default }}" + +openshift_node_config_dir_default: "/etc/origin/node" +openshift_node_config_dir: "{{ openshift_node_config_dir_default }}" + +openshift_node_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}" +openshift_node_image_config_latest: "{{ openshift_node_image_config_latest_default }}" + +openshift_node_use_instance_profiles: False diff --git a/roles/openshift_node/files/bootstrap.yml b/roles/openshift_node/files/bootstrap.yml new file mode 100644 index 000000000..a5545c81b --- /dev/null +++ b/roles/openshift_node/files/bootstrap.yml @@ -0,0 +1,71 @@ +#!/usr/bin/ansible-playbook +--- +- hosts: localhost + gather_facts: yes + vars: + origin_dns: + file: /etc/dnsmasq.d/origin-dns.conf + lines: + - regex: ^listen-address + state: present + line: "listen-address={{ ansible_default_ipv4.address }}" + node_dns: + file: /etc/dnsmasq.d/node-dnsmasq.conf + lines: + - regex: "^server=/in-addr.arpa/127.0.0.1$" + line: server=/in-addr.arpa/127.0.0.1 + - regex: "^server=/cluster.local/127.0.0.1$" + line: server=/cluster.local/127.0.0.1 + + tasks: + - include_vars: openshift_settings.yaml + + - name: set the data for node_dns + lineinfile: + create: yes + insertafter: EOF + path: "{{ node_dns.file }}" + regexp: "{{ item.regex }}" + line: "{{ item.line | default(omit) }}" + with_items: "{{ node_dns.lines }}" + + - name: set the data for origin_dns + lineinfile: + create: yes + state: "{{ item.state | default('present') }}" + insertafter: "{{ item.after | default(omit) }}" + path: "{{ origin_dns.file }}" + regexp: "{{ item.regex }}" + line: "{{ item.line | default(omit)}}" + with_items: "{{ origin_dns.lines }}" + + - when: + - openshift_group_type is defined + - openshift_group_type != '' + - openshift_group_type != 'master' + block: + - name: determine the openshift_service_type + stat: + path: /etc/sysconfig/atomic-openshift-node + register: service_type_results + + - name: set openshift_service_type fact based on stat results + set_fact: + openshift_service_type: "{{ service_type_results.stat.exists | ternary('atomic-openshift', 'origin') }}" + + - name: update the sysconfig to have necessary variables + lineinfile: + dest: "/etc/sysconfig/{{ openshift_service_type }}-node" + line: "{{ item.line }}" + regexp: "{{ item.regexp }}" + with_items: + - line: "BOOTSTRAP_CONFIG_NAME=node-config-{{ openshift_group_type }}" + regexp: "^BOOTSTRAP_CONFIG_NAME=.*" + + - name: "Start the {{ openshift_service_type }}-node service" + systemd: + daemon_reload: yes + state: restarted + enabled: True + name: "{{ openshift_service_type }}-node" + no_block: true diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml index 25a6fc721..b102c1b18 100644 --- a/roles/openshift_node/handlers/main.yml +++ b/roles/openshift_node/handlers/main.yml @@ -3,7 +3,11 @@ systemd: name: openvswitch state: restarted - when: (not skip_node_svc_handlers | default(False) | bool) and not (ovs_service_status_changed | default(false) | bool) and openshift_node_use_openshift_sdn | bool + when: + - (not skip_node_svc_handlers | default(False) | bool) + - not (ovs_service_status_changed | default(false) | bool) + - openshift_node_use_openshift_sdn | bool + - not openshift_node_bootstrap register: l_openshift_node_stop_openvswitch_result until: not l_openshift_node_stop_openvswitch_result | failed retries: 3 @@ -11,10 +15,11 @@ notify: - restart openvswitch pause - - name: restart openvswitch pause pause: seconds=15 - when: (not skip_node_svc_handlers | default(False) | bool) and openshift.common.is_containerized | bool + when: + - (not skip_node_svc_handlers | default(False) | bool) + - openshift.common.is_containerized | bool - name: restart node systemd: diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 5bc7b9869..c32aa1600 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -13,9 +13,15 @@ galaxy_info: - cloud dependencies: - role: openshift_node_facts + when: not (openshift_node_upgrade_in_progress | default(False)) - role: lib_openshift - role: lib_os_firewall + when: not (openshift_node_upgrade_in_progress | default(False)) - role: openshift_clock + when: not (openshift_node_upgrade_in_progress | default(False)) - role: openshift_docker - role: openshift_cloud_provider + when: not (openshift_node_upgrade_in_progress | default(False)) - role: openshift_node_dnsmasq +- role: lib_utils + when: openshift_node_upgrade_in_progress | default(False) diff --git a/roles/openshift_node/tasks/aws.yml b/roles/openshift_node/tasks/aws.yml new file mode 100644 index 000000000..38c2b794d --- /dev/null +++ b/roles/openshift_node/tasks/aws.yml @@ -0,0 +1,21 @@ +--- +- name: Configure AWS Cloud Provider Settings + lineinfile: + dest: /etc/sysconfig/{{ openshift.common.service_type }}-node + regexp: "{{ item.regex }}" + line: "{{ item.line }}" + create: true + with_items: + - regex: '^AWS_ACCESS_KEY_ID=' + line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key | default('') }}" + - regex: '^AWS_SECRET_ACCESS_KEY=' + line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key | default('') }}" + register: sys_env_update + no_log: True + when: + - openshift_cloudprovider_kind is defined + - openshift_cloudprovider_kind == 'aws' + - openshift_cloudprovider_aws_access_key is defined + - openshift_cloudprovider_aws_secret_key is defined + notify: + - restart node diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index b83b2c452..b8be50f6c 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -3,7 +3,7 @@ package: name: "{{ item }}" state: present - with_items: "{{ openshift_node_ami_prep_packages }}" + with_items: "{{ r_openshift_node_image_prep_packages }}" - name: create the directory for node file: @@ -17,19 +17,32 @@ [Unit] After=cloud-init.service -- name: update the sysconfig to have KUBECONFIG +- name: update the sysconfig to have necessary variables lineinfile: dest: "/etc/sysconfig/{{ openshift_service_type }}-node" - line: "KUBECONFIG=/root/csr_kubeconfig" + line: "{{ item.line | default(omit) }}" + regexp: "{{ item.regexp }}" + state: "{{ item.state | default('present') }}" + with_items: + # add the kubeconfig + - line: "KUBECONFIG={{ openshift_node_config_dir }}/bootstrap.kubeconfig" regexp: "^KUBECONFIG=.*" + # remove the config file. This comes from openshift_facts + - line: "CONFIG_FILE={{ openshift_node_config_dir }}/node-config.yaml" + regexp: "^CONFIG_FILE=.*" -- name: update the ExecStart to have bootstrap - lineinfile: - dest: "/usr/lib/systemd/system/{{ openshift_service_type }}-node.service" - line: "{% raw %}ExecStart=/usr/bin/openshift start node --bootstrap --kubeconfig=${KUBECONFIG} $OPTIONS{% endraw %}" - regexp: "^ExecStart=.*" +- name: include aws sysconfig credentials + include: aws.yml + static: yes + when: not (openshift_node_use_instance_profiles | default(False)) + +#- name: update the ExecStart to have bootstrap +# lineinfile: +# dest: "/usr/lib/systemd/system/{{ openshift_service_type }}-node.service" +# line: "{% raw %}ExecStart=/usr/bin/openshift start node --bootstrap --kubeconfig=${KUBECONFIG} $OPTIONS{% endraw %}" +# regexp: "^ExecStart=.*" -- name: "systemctl enable {{ openshift_service_type }}-node" +- name: "disable {{ openshift_service_type }}-node and {{ openshift_service_type }}-master services" systemd: name: "{{ item }}" enabled: no @@ -42,6 +55,30 @@ path: /etc/origin/.config_managed register: rpmgenerated_config +- name: create directories for bootstrapping + file: + state: directory + dest: "{{ item }}" + with_items: + - /root/openshift_bootstrap + - /var/lib/origin/openshift.local.config + - /var/lib/origin/openshift.local.config/node + - "/etc/docker/certs.d/docker-registry.default.svc:5000" + +- name: laydown the bootstrap.yml file for on boot configuration + copy: + src: bootstrap.yml + dest: /root/openshift_bootstrap/bootstrap.yml + +- name: symlink master ca for docker-registry + file: + src: "{{ item }}" + dest: "/etc/docker/certs.d/docker-registry.default.svc:5000/{{ item | basename }}" + state: link + force: yes + with_items: + - "{{ openshift_node_config_dir }}/node-client-ca.crt" + - when: rpmgenerated_config.stat.exists block: - name: Remove RPM generated config files if present @@ -50,6 +87,7 @@ state: absent with_items: - master + - .config_managed # with_fileglob doesn't work correctly due to a few issues. # Could change this to fileglob when it gets fixed. @@ -62,5 +100,7 @@ file: path: "{{ item.path }}" state: absent - when: "'resolv.conf' not in item.path or 'node-dnsmasq.conf' not in item.path" + when: + - "'resolv.conf' not in item.path" + - "'node-dnsmasq.conf' not in item.path" with_items: "{{ find_results.files }}" diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index e3898b520..2fea33454 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -46,26 +46,17 @@ notify: - restart node -- name: Configure AWS Cloud Provider Settings - lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node - regexp: "{{ item.regex }}" - line: "{{ item.line }}" - create: true - with_items: - - regex: '^AWS_ACCESS_KEY_ID=' - line: "AWS_ACCESS_KEY_ID={{ openshift_cloudprovider_aws_access_key | default('') }}" - - regex: '^AWS_SECRET_ACCESS_KEY=' - line: "AWS_SECRET_ACCESS_KEY={{ openshift_cloudprovider_aws_secret_key | default('') }}" - no_log: True - when: openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined - notify: - - restart node +- name: include aws provider credentials + include: aws.yml + static: yes + when: not (openshift_node_use_instance_profiles | default(False)) # Necessary because when you're on a node that's also a master the master will be # restarted after the node restarts docker and it will take up to 60 seconds for # systemd to start the master again -- when: openshift.common.is_containerized | bool +- when: + - openshift.common.is_containerized | bool + - not openshift_node_bootstrap block: - name: Wait for master API to become available before proceeding # Using curl here since the uri module requires python-httplib2 and @@ -90,30 +81,28 @@ enabled: yes state: started -- name: Start and enable node - systemd: - name: "{{ openshift.common.service_type }}-node" - enabled: yes - state: started - daemon_reload: yes - register: node_start_result - until: not node_start_result | failed - retries: 1 - delay: 30 - ignore_errors: true - -- name: Dump logs from node service if it failed - command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-node - when: node_start_result | failed +- when: not openshift_node_bootstrap + block: + - name: Start and enable node + systemd: + name: "{{ openshift.common.service_type }}-node" + enabled: yes + state: started + daemon_reload: yes + register: node_start_result + until: not node_start_result | failed + retries: 1 + delay: 30 + ignore_errors: true -- name: Abort if node failed to start - fail: - msg: Node failed to start please inspect the logs and try again - when: node_start_result | failed + - name: Dump logs from node service if it failed + command: journalctl --no-pager -n 100 -u {{ openshift.common.service_type }}-node + when: node_start_result | failed -- name: Setup tuned - include: tuned.yml - static: yes + - name: Abort if node failed to start + fail: + msg: Node failed to start please inspect the logs and try again + when: node_start_result | failed -- set_fact: - node_service_status_changed: "{{ node_start_result | changed }}" + - set_fact: + node_service_status_changed: "{{ node_start_result | changed }}" diff --git a/roles/openshift_node/tasks/config/configure-node-settings.yml b/roles/openshift_node/tasks/config/configure-node-settings.yml index 1186062eb..527580481 100644 --- a/roles/openshift_node/tasks/config/configure-node-settings.yml +++ b/roles/openshift_node/tasks/config/configure-node-settings.yml @@ -7,7 +7,7 @@ create: true with_items: - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift.node.debug_level | default(2) }}" + line: "OPTIONS=--loglevel={{ openshift_node_debug_level }}" - regex: '^CONFIG_FILE=' line: "CONFIG_FILE={{ openshift.common.config_base }}/node/node-config.yaml" - regex: '^IMAGE_VERSION=' diff --git a/roles/openshift_node_upgrade/tasks/docker/upgrade.yml b/roles/openshift_node/tasks/docker/upgrade.yml index ebe87d6fd..ebe87d6fd 100644 --- a/roles/openshift_node_upgrade/tasks/docker/upgrade.yml +++ b/roles/openshift_node/tasks/docker/upgrade.yml diff --git a/roles/openshift_node/tasks/install.yml b/roles/openshift_node/tasks/install.yml index 265bf2c46..6b7e40491 100644 --- a/roles/openshift_node/tasks/install.yml +++ b/roles/openshift_node/tasks/install.yml @@ -3,12 +3,12 @@ block: - name: Install Node package package: - name: "{{ openshift.common.service_type }}-node{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift.common.service_type }}-node{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" state: present - name: Install sdn-ovs package package: - name: "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version | oo_image_tag_to_rpm_version(include_dash=True) }}" + name: "{{ openshift.common.service_type }}-sdn-ovs{{ (openshift_pkg_version | default('')) | oo_image_tag_to_rpm_version(include_dash=True) }}" state: present when: - openshift_node_use_openshift_sdn | bool @@ -27,5 +27,3 @@ docker pull {{ openshift.node.node_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" - - - include: config/install-node-docker-service-file.yml diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 59b8bb76e..eae9ca7bc 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -66,15 +66,10 @@ sysctl_file: "/etc/sysctl.d/99-openshift.conf" reload: yes -- name: include bootstrap node config - include: bootstrap.yml - when: openshift_node_bootstrap - - include: registry_auth.yml - name: include standard node config include: config.yml - when: not openshift_node_bootstrap #### Storage class plugins here #### - name: NFS storage plugin configuration @@ -98,3 +93,7 @@ - include: config/workaround-bz1331590-ovs-oom-fix.yml when: openshift_node_use_openshift_sdn | default(true) | bool + +- name: include bootstrap node config + include: bootstrap.yml + when: openshift_node_bootstrap diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml index 20d7a9539..164a79b39 100644 --- a/roles/openshift_node/tasks/node_system_container.yml +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -1,4 +1,9 @@ --- +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy + - name: Pre-pull node system container image command: > atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index e09063aa5..0f73ce454 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -10,6 +10,11 @@ l_service_name: "{{ openshift.docker.service_name }}" when: not l_use_crio +- name: Ensure proxies are in the atomic.conf + include_role: + name: openshift_atomic + tasks_from: proxy + - name: Pre-pull OpenVSwitch system container image command: > atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} diff --git a/roles/openshift_node/tasks/registry_auth.yml b/roles/openshift_node/tasks/registry_auth.yml index de396fb4b..f5428867a 100644 --- a/roles/openshift_node/tasks/registry_auth.yml +++ b/roles/openshift_node/tasks/registry_auth.yml @@ -8,6 +8,28 @@ - name: Create credentials for registry auth command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" when: + - not (openshift_docker_alternative_creds | default(False)) + - oreg_auth_user is defined + - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + register: node_oreg_auth_credentials_create + retries: 3 + delay: 5 + until: node_oreg_auth_credentials_create.rc == 0 + notify: + - restart node + +# docker_creds is a custom module from lib_utils +# 'docker login' requires a docker.service running on the local host, this is an +# alternative implementation for non-docker hosts. This implementation does not +# check the registry to determine whether or not the credentials will work. +- name: Create credentials for registry auth (alternative) + docker_creds: + path: "{{ oreg_auth_credentials_path }}" + registry: "{{ oreg_host }}" + username: "{{ oreg_auth_user }}" + password: "{{ oreg_auth_password }}" + when: + - openshift_docker_alternative_creds | bool - oreg_auth_user is defined - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool register: node_oreg_auth_credentials_create diff --git a/roles/openshift_node/tasks/systemd_units.yml b/roles/openshift_node/tasks/systemd_units.yml index 6b4490f61..9c182ade6 100644 --- a/roles/openshift_node/tasks/systemd_units.yml +++ b/roles/openshift_node/tasks/systemd_units.yml @@ -1,11 +1,9 @@ --- -# This file is included both in the openshift_master role and in the upgrade -# playbooks. - name: Install Node service file template: dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" - src: "node.service.j2" - when: not openshift.common.is_containerized | bool + src: "{{ openshift.common.is_containerized | bool | ternary('openshift.docker.node.service', 'node.service.j2') }}" + when: not openshift.common.is_node_system_container | bool notify: - reload systemd units - restart node diff --git a/roles/openshift_node_upgrade/tasks/main.yml b/roles/openshift_node/tasks/upgrade.yml index 6bcf3072d..2bca1e974 100644 --- a/roles/openshift_node_upgrade/tasks/main.yml +++ b/roles/openshift_node/tasks/upgrade.yml @@ -59,7 +59,7 @@ - include: "{{ node_config_hook }}" when: node_config_hook is defined -- include: rpm_upgrade.yml +- include: upgrade/rpm_upgrade.yml vars: component: "node" openshift_version: "{{ openshift_pkg_version | default('') }}" @@ -69,10 +69,8 @@ file: path: "/etc/systemd/system/docker.service.d/docker-sdn-ovs.conf" state: absent - when: (deployment_type == 'openshift-enterprise' and openshift_release | version_compare('3.4', '>=')) - or (deployment_type == 'origin' and openshift_release | version_compare('1.4', '>=')) -- include: containerized_node_upgrade.yml +- include: upgrade/containerized_node_upgrade.yml when: openshift.common.is_containerized | bool - name: Ensure containerized services stopped before Docker restart @@ -98,6 +96,12 @@ failed_when: false when: not openshift.common.is_containerized | bool +# https://bugzilla.redhat.com/show_bug.cgi?id=1513054 +- name: Clean up dockershim data + file: + path: "/var/lib/dockershim/sandbox/" + state: absent + - name: Upgrade openvswitch package: name: openvswitch @@ -161,7 +165,7 @@ value: "/etc/origin/node/resolv.conf" # Restart all services -- include: restart.yml +- include: upgrade/restart.yml - name: Wait for node to be ready oc_obj: diff --git a/roles/openshift_node_upgrade/tasks/containerized_node_upgrade.yml b/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml index 07b0ac715..96b94d8b6 100644 --- a/roles/openshift_node_upgrade/tasks/containerized_node_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/containerized_node_upgrade.yml @@ -6,7 +6,7 @@ skip_node_svc_handlers: True - name: Update systemd units - include: systemd_units.yml + include: ../systemd_units.yml # This is a no-op because of skip_node_svc_handlers, but lets us trigger it before end of # play when the node has already been marked schedulable again. (this would look strange diff --git a/roles/openshift_node_upgrade/tasks/restart.yml b/roles/openshift_node/tasks/upgrade/restart.yml index a4fa51172..a4fa51172 100644 --- a/roles/openshift_node_upgrade/tasks/restart.yml +++ b/roles/openshift_node/tasks/upgrade/restart.yml diff --git a/roles/openshift_node_upgrade/tasks/rpm_upgrade.yml b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml index a998acf21..a998acf21 100644 --- a/roles/openshift_node_upgrade/tasks/rpm_upgrade.yml +++ b/roles/openshift_node/tasks/upgrade/rpm_upgrade.yml diff --git a/roles/openshift_node/templates/node.service.j2 b/roles/openshift_node/templates/node.service.j2 index 0856737f6..7602d8ee6 100644 --- a/roles/openshift_node/templates/node.service.j2 +++ b/roles/openshift_node/templates/node.service.j2 @@ -12,17 +12,17 @@ After=dnsmasq.service [Service] Type=notify -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node +EnvironmentFile=/etc/sysconfig/{{ openshift_service_type }}-node Environment=GOTRACEBACK=crash ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/ ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1 ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string: -ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS +ExecStart=/usr/bin/openshift start node {% if openshift_node_bootstrap %} --kubeconfig=${KUBECONFIG} --bootstrap-config-name=${BOOTSTRAP_CONFIG_NAME}{% endif %} --config=${CONFIG_FILE} $OPTIONS LimitNOFILE=65536 LimitCORE=infinity WorkingDirectory=/var/lib/origin/ -SyslogIdentifier={{ openshift.common.service_type }}-node +SyslogIdentifier={{ openshift_service_type }}-node Restart=always RestartSec=5s TimeoutStartSec=300 diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index 7049f7189..d452cc45c 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -13,7 +13,7 @@ dockerConfig: iptablesSyncPeriod: "{{ openshift.node.iptables_sync_period }}" imageConfig: format: {{ openshift.node.registry_url }} - latest: false + latest: {{ openshift_node_image_config_latest }} kind: NodeConfig kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }} {% if openshift_use_crio | default(False) %} @@ -29,13 +29,11 @@ kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yam runtime-request-timeout: - 10m {% endif %} -{% if openshift.common.version_gte_3_3_or_1_3 | bool %} masterClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json contentType: application/vnd.kubernetes.protobuf burst: 200 qps: 100 -{% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig {% if openshift_node_use_openshift_sdn | bool %} networkPluginName: {{ openshift_node_sdn_network_plugin_name }} @@ -44,7 +42,7 @@ networkPluginName: {{ openshift_node_sdn_network_plugin_name }} # deprecates networkPluginName above. The two should match. networkConfig: mtu: {{ openshift.node.sdn_mtu }} -{% if openshift_node_use_openshift_sdn | bool or openshift_node_use_nuage | bool or openshift_node_use_contiv | bool or openshift_node_sdn_network_plugin_name == 'cni' %} +{% if openshift_node_use_openshift_sdn | bool or openshift_node_use_nuage | bool or openshift_node_use_contiv | bool or openshift_node_use_kuryr | bool or openshift_node_sdn_network_plugin_name == 'cni' %} networkPluginName: {{ openshift_node_sdn_network_plugin_name }} {% endif %} {% if openshift.node.set_node_ip | bool %} @@ -67,9 +65,11 @@ servingInfo: {% endfor %} {% endif %} volumeDirectory: {{ openshift_node_data_dir }}/openshift.local.volumes +{% if not (openshift_node_use_kuryr | default(False)) | bool %} proxyArguments: proxy-mode: - {{ openshift.node.proxy_mode }} +{% endif %} volumeConfig: localQuota: perFSGroup: {{ openshift.node.local_quota_per_fsgroup }} diff --git a/roles/openshift_node/templates/openshift.docker.node.service b/roles/openshift_node/templates/openshift.docker.node.service index 310d8b29d..561aa01f4 100644 --- a/roles/openshift_node/templates/openshift.docker.node.service +++ b/roles/openshift_node/templates/openshift.docker.node.service @@ -6,6 +6,7 @@ PartOf={{ openshift.docker.service_name }}.service Requires={{ openshift.docker.service_name }}.service {% if openshift_node_use_openshift_sdn %} Wants=openvswitch.service +PartOf=openvswitch.service After=ovsdb-server.service After=ovs-vswitchd.service {% endif %} diff --git a/roles/openshift_node_certificates/handlers/main.yml b/roles/openshift_node_certificates/handlers/main.yml index 4abe8bcaf..ef66bf9ca 100644 --- a/roles/openshift_node_certificates/handlers/main.yml +++ b/roles/openshift_node_certificates/handlers/main.yml @@ -2,9 +2,21 @@ - name: update ca trust command: update-ca-trust notify: - - restart docker after updating ca trust + - check for container runtime after updating ca trust -- name: restart docker after updating ca trust +- name: check for container runtime after updating ca trust + command: > + systemctl -q is-active {{ openshift.docker.service_name }}.service + register: l_docker_installed + # An rc of 0 indicates that the container runtime service is + # running. We will restart it by notifying the restart handler since + # we have updated the system CA trust. + changed_when: l_docker_installed.rc == 0 + failed_when: false + notify: + - restart container runtime after updating ca trust + +- name: restart container runtime after updating ca trust systemd: name: "{{ openshift.docker.service_name }}" state: restarted diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 1a775178d..97f1fbbdd 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -66,9 +66,7 @@ --signer-key={{ openshift_ca_key }} --signer-serial={{ openshift_ca_serial }} --user=system:node:{{ hostvars[item].openshift.common.hostname }} - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_node_cert_expire_days }} - {% endif %} args: creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}" with_items: "{{ hostvars @@ -82,9 +80,7 @@ {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-server-cert --cert={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt --key={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.key - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_node_cert_expire_days }} - {% endif %} --overwrite=true --hostnames={{ hostvars[item].openshift.common.hostname }},{{ hostvars[item].openshift.common.public_hostname }},{{ hostvars[item].openshift.common.ip }},{{ hostvars[item].openshift.common.public_ip }} --signer-cert={{ openshift_ca_cert }} diff --git a/roles/openshift_node_dnsmasq/README.md b/roles/openshift_node_dnsmasq/README.md new file mode 100644 index 000000000..4596190d7 --- /dev/null +++ b/roles/openshift_node_dnsmasq/README.md @@ -0,0 +1,27 @@ +OpenShift Node DNS resolver +=========================== + +Configure dnsmasq to act as a DNS resolver for an OpenShift node. + +Requirements +------------ + +Role Variables +-------------- + +From this role: + +| Name | Default value | Description | +|-----------------------------------------------------|---------------|-----------------------------------------------------------------------------------| +| openshift_node_dnsmasq_install_network_manager_hook | true | Install NetworkManager hook updating /etc/resolv.conf with local dnsmasq instance | + +Dependencies +------------ + +* openshift_common +* openshift_node_facts + +License +------- + +Apache License Version 2.0 diff --git a/roles/openshift_node_dnsmasq/defaults/main.yml b/roles/openshift_node_dnsmasq/defaults/main.yml index ed97d539c..ebcff46b5 100644 --- a/roles/openshift_node_dnsmasq/defaults/main.yml +++ b/roles/openshift_node_dnsmasq/defaults/main.yml @@ -1 +1,7 @@ --- +openshift_node_dnsmasq_install_network_manager_hook: true + +# lo must always be present in this list or dnsmasq will conflict with +# the node's dns service. +openshift_node_dnsmasq_except_interfaces: +- lo diff --git a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh index df02bcf0e..f4e48b5b7 100755 --- a/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh +++ b/roles/openshift_node_dnsmasq/files/networkmanager/99-origin-dns.sh @@ -54,6 +54,8 @@ domain-needed server=/cluster.local/172.30.0.1 server=/30.172.in-addr.arpa/172.30.0.1 enable-dbus +dns-forward-max=5000 +cache-size=5000 EOF # New config file, must restart NEEDS_RESTART=1 @@ -112,10 +114,10 @@ EOF fi sed -e '/^nameserver.*$/d' /etc/resolv.conf >> ${NEW_RESOLV_CONF} echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF} - if ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then - sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF} - elif ! grep -qw search ${NEW_RESOLV_CONF}; then + if ! grep -qw search ${NEW_RESOLV_CONF}; then echo 'search cluster.local' >> ${NEW_RESOLV_CONF} + elif ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then + sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF} fi cp -Z ${NEW_RESOLV_CONF} /etc/resolv.conf fi diff --git a/roles/openshift_node_dnsmasq/tasks/network-manager.yml b/roles/openshift_node_dnsmasq/tasks/network-manager.yml index dddcfc9da..e5a92a630 100644 --- a/roles/openshift_node_dnsmasq/tasks/network-manager.yml +++ b/roles/openshift_node_dnsmasq/tasks/network-manager.yml @@ -5,5 +5,6 @@ dest: /etc/NetworkManager/dispatcher.d/ mode: 0755 notify: restart NetworkManager + when: openshift_node_dnsmasq_install_network_manager_hook | default(true) | bool - meta: flush_handlers diff --git a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 index ef3ba2880..6543c7c3e 100644 --- a/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 +++ b/roles/openshift_node_dnsmasq/templates/origin-dns.conf.j2 @@ -3,5 +3,10 @@ domain-needed no-negcache max-cache-ttl=1 enable-dbus -bind-interfaces -listen-address={{ openshift.node.dns_ip }} +dns-forward-max=5000 +cache-size=5000 +bind-dynamic +{% for interface in openshift_node_dnsmasq_except_interfaces %} +except-interface={{ interface }} +{% endfor %} +# End of config diff --git a/roles/openshift_node_facts/tasks/main.yml b/roles/openshift_node_facts/tasks/main.yml index 0d5fa664c..b45130400 100644 --- a/roles/openshift_node_facts/tasks/main.yml +++ b/roles/openshift_node_facts/tasks/main.yml @@ -11,7 +11,6 @@ - role: node local_facts: annotations: "{{ openshift_node_annotations | default(none) }}" - debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ openshift_node_labels | default(None) }}" diff --git a/roles/openshift_node_group/defaults/main.yml b/roles/openshift_node_group/defaults/main.yml new file mode 100644 index 000000000..7c81409a5 --- /dev/null +++ b/roles/openshift_node_group/defaults/main.yml @@ -0,0 +1,26 @@ +--- +openshift_node_groups: +- name: node-config-master + labels: + - 'type=master' + edits: [] +- name: node-config-infra + labels: + - 'type=infra' + edits: [] +- name: node-config-compute + labels: + - 'type=compute' + edits: [] + +openshift_node_group_edits: [] +openshift_node_group_namespace: openshift-node +openshift_node_group_labels: [] + +openshift_imageconfig_format: "{{ oreg_url if oreg_url is defined else openshift.node.registry_url }}" +openshift_node_group_cloud_provider: "{{ openshift_cloudprovider_kind | default('aws') }}" +openshift_node_group_network_plugin_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}" +openshift_node_group_network_plugin: "{{ openshift_node_group_network_plugin_default }}" +openshift_node_group_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" +openshift_node_group_node_data_dir: "{{ openshift_node_group_node_data_dir_default }}" +openshift_node_group_network_mtu: "{{ openshift_node_sdn_mtu | default(8951) | int }}" diff --git a/roles/openshift_node_group/meta/main.yml b/roles/openshift_node_group/meta/main.yml new file mode 100644 index 000000000..14c1dd498 --- /dev/null +++ b/roles/openshift_node_group/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: +- role: lib_openshift +- role: lib_utils diff --git a/roles/openshift_node_group/tasks/create_config.yml b/roles/openshift_node_group/tasks/create_config.yml new file mode 100644 index 000000000..02ec30a62 --- /dev/null +++ b/roles/openshift_node_group/tasks/create_config.yml @@ -0,0 +1,58 @@ +--- +- name: fetch node configmap + oc_configmap: + name: "{{ openshift_node_group_name }}" + namespace: "{{ openshift_node_group_namespace }}" + state: list + register: configout + run_once: true + +- name: debug node config + debug: var=configout + +- when: + - configout.results.results.0 == {} or (configout.results.results.0 != {} and openshift_node_group_edits|length > 0) + block: + - name: create a temp dir for this work + command: mktemp -d /tmp/openshift_node_config-XXXXXX + register: mktempout + run_once: true + + - name: create node config template + template: + src: node-config.yaml.j2 + dest: "{{ mktempout.stdout }}/node-config.yaml" + when: + - configout.results.results.0 == {} + + - name: lay down the config from the existing configmap + copy: + content: "{{ configout.results.results.0.data['node-config.yaml'] }}" + dest: "{{ mktempout.stdout }}/node-config.yaml" + when: + - configout.results.results.0 != {} + + - name: "specialize the generated configs for {{ openshift_node_group_name }}" + yedit: + content: + src: "{{ mktempout.stdout }}/node-config.yaml" + edits: "{{ openshift_node_group_edits }}" + register: yeditout + when: openshift_node_group_edits|length > 0 + run_once: true + + - debug: var=yeditout + + - name: create node-config.yaml configmap + oc_configmap: + name: "{{ openshift_node_group_name }}" + namespace: "{{ openshift_node_group_namespace }}" + from_file: + node-config.yaml: "{{ mktempout.stdout }}/node-config.yaml" + run_once: true + + - name: remove templated files + file: + dest: "{{ mktempout.stdout }}/" + state: absent + run_once: true diff --git a/roles/openshift_node_group/tasks/main.yml b/roles/openshift_node_group/tasks/main.yml new file mode 100644 index 000000000..c7c15683d --- /dev/null +++ b/roles/openshift_node_group/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: Build node config maps + include: create_config.yml + vars: + openshift_node_group_name: "{{ node_group.name }}" + openshift_node_group_edits: "{{ node_group.edits | default([]) }}" + openshift_node_group_labels: "{{ node_group.labels | default([]) }}" + with_items: "{{ openshift_node_groups }}" + loop_control: + loop_var: node_group diff --git a/roles/openshift_node_group/templates/node-config.yaml.j2 b/roles/openshift_node_group/templates/node-config.yaml.j2 new file mode 100644 index 000000000..3fd16247c --- /dev/null +++ b/roles/openshift_node_group/templates/node-config.yaml.j2 @@ -0,0 +1,53 @@ +allowDisabledDocker: false +apiVersion: v1 +authConfig: + authenticationCacheSize: 1000 + authenticationCacheTTL: 5m + authorizationCacheSize: 1000 + authorizationCacheTTL: 5m +dnsBindAddress: "127.0.0.1:53" +dnsDomain: cluster.local +dnsIP: 0.0.0.0 +dnsNameservers: null +dnsRecursiveResolvConf: /etc/origin/node/resolv.conf +dockerConfig: + dockerShimRootDirectory: /var/lib/dockershim + dockerShimSocket: /var/run/dockershim.sock + execHandlerName: native +enableUnidling: true +imageConfig: + format: "{{ openshift_imageconfig_format }}" + latest: false +iptablesSyncPeriod: 30s +kind: NodeConfig +kubeletArguments: + cloud-config: + - /etc/origin/cloudprovider/{{ openshift_node_group_cloud_provider }}.conf + cloud-provider: + - {{ openshift_node_group_cloud_provider }} + node-labels: {{ openshift_node_group_labels | to_json }} +masterClientConnectionOverrides: + acceptContentTypes: application/vnd.kubernetes.protobuf,application/json + burst: 40 + contentType: application/vnd.kubernetes.protobuf + qps: 20 +masterKubeConfig: node.kubeconfig +networkConfig: + mtu: {{ openshift_node_group_network_mtu }} + networkPluginName: {{ openshift_node_group_network_plugin }} +nodeIP: "" +podManifestConfig: null +servingInfo: + bindAddress: 0.0.0.0:10250 + bindNetwork: tcp4 + certFile: server.crt + clientCA: node-client-ca.crt + keyFile: server.key + namedCertificates: null +volumeConfig: + localQuota: + perFSGroup: null +volumeDirectory: {{ openshift_node_group_node_data_dir }}/openshift.local.volumes +enable-controller-attach-detach: +- 'true' +networkPluginName: {{ openshift_node_group_network_plugin }} diff --git a/roles/openshift_node_upgrade/README.md b/roles/openshift_node_upgrade/README.md deleted file mode 100644 index c7c0ff34a..000000000 --- a/roles/openshift_node_upgrade/README.md +++ /dev/null @@ -1,112 +0,0 @@ -OpenShift Node upgrade -========= - -Role responsible for a single node upgrade. -It is expected a node is functioning and a part of an OpenShift cluster. - -Requirements ------------- - -TODO - -Role Variables --------------- -From this role: - -| Name | Default value | | -|--------------------------------|-----------------------|--------------------------------------------------------| -| deployment_type | | Inventory var | -| docker_upgrade_nuke_images | | Optional inventory var | -| docker_version | | Optional inventory var | -| l_docker_upgrade | | | -| node_config_hook | | | -| openshift.docker.gte_1_10 | | | -| openshift_image_tag | | Set by openshift_version role | -| openshift_pkg_version | | Set by openshift_version role | -| openshift_release | | Set by openshift_version role | -| skip_docker_restart | | | -| openshift_cloudprovider_kind | | | - -From openshift.common: - -| Name | Default Value | | -|------------------------------------|---------------------|---------------------| -| openshift.common.config_base |---------------------|---------------------| -| openshift.common.hostname |---------------------|---------------------| -| openshift.common.http_proxy |---------------------|---------------------| -| openshift.common.is_atomic |---------------------|---------------------| -| openshift.common.is_containerized |---------------------|---------------------| -| openshift.common.portal_net |---------------------|---------------------| -| openshift.common.service_type |---------------------|---------------------| - -From openshift.master: - -| Name | Default Value | | -|------------------------------------|---------------------|---------------------| -| openshift.master.api_port |---------------------|---------------------| - -From openshift.node: - -| Name | Default Value | | -|------------------------------------|---------------------|---------------------| -| openshift.node.debug_level |---------------------|---------------------| -| openshift.node.node_image |---------------------|---------------------| -| openshift.node.ovs_image |---------------------|---------------------| - - -Dependencies ------------- - - -TODO - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - -``` ---- -- name: Upgrade nodes - hosts: oo_nodes_to_upgrade - serial: 1 - any_errors_fatal: true - - pre_tasks: - - name: Mark unschedulable - command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=false - delegate_to: "{{ groups.oo_first_master.0 }}" - - - name: Drain Node for Kubelet upgrade - command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.admin_binary }} drain {{ openshift.node.nodename | lower }} --force --delete-local-data --ignore-daemonsets - delegate_to: "{{ groups.oo_first_master.0 }}" - register: l_docker_upgrade_drain_result - until: not l_docker_upgrade_drain_result | failed - retries: 60 - delay: 60 - - - roles: - - openshift_facts - - docker - - openshift_node_dnsmasq - - openshift_node_upgrade - - post_tasks: - - name: Set node schedulability - command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm manage-node {{ openshift.node.nodename | lower }} --schedulable=true - delegate_to: "{{ groups.oo_first_master.0 }}" -``` - -License -------- - -Apache License, Version 2.0 - -Author Information ------------------- - -TODO diff --git a/roles/openshift_node_upgrade/defaults/main.yml b/roles/openshift_node_upgrade/defaults/main.yml deleted file mode 100644 index 6507b015d..000000000 --- a/roles/openshift_node_upgrade/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -openshift_use_openshift_sdn: True -os_sdn_network_plugin_name: "redhat/openshift-ovs-subnet" - -openshift_node_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}" -openshift_node_data_dir: "{{ openshift_node_data_dir_default }}" - -# oreg_url is defined by user input -oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}" -oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker" -oreg_auth_credentials_replace: False -l_bind_docker_reg_auth: False diff --git a/roles/openshift_node_upgrade/files/nuke_images.sh b/roles/openshift_node_upgrade/files/nuke_images.sh deleted file mode 100644 index 8635eab0d..000000000 --- a/roles/openshift_node_upgrade/files/nuke_images.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Stop any running containers -running_container_ids=`docker ps -q` -if test -n "$running_container_ids" -then - docker stop $running_container_ids -fi - -# Delete all containers -container_ids=`docker ps -a -q` -if test -n "$container_ids" -then - docker rm -f -v $container_ids -fi - -# Delete all images (forcefully) -image_ids=`docker images -aq` -if test -n "$image_ids" -then - # Some layers are deleted recursively and are no longer present - # when docker goes to remove them: - docker rmi -f `docker images -aq` || true -fi - diff --git a/roles/openshift_node_upgrade/handlers/main.yml b/roles/openshift_node_upgrade/handlers/main.yml deleted file mode 100644 index 90d80855e..000000000 --- a/roles/openshift_node_upgrade/handlers/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: restart openvswitch - systemd: - name: openvswitch - state: restarted - when: - - not skip_node_svc_handlers | default(False) | bool - - not (ovs_service_status_changed | default(false) | bool) - - openshift_use_openshift_sdn | bool - register: l_openshift_node_upgrade_stop_openvswitch_result - until: not l_openshift_node_upgrade_stop_openvswitch_result | failed - retries: 3 - delay: 30 - notify: - - restart openvswitch pause - -- name: restart openvswitch pause - pause: seconds=15 - when: (not skip_node_svc_handlers | default(False) | bool) and openshift.common.is_containerized | bool - -- name: restart node - systemd: - name: "{{ openshift.common.service_type }}-node" - state: restarted - register: l_openshift_node_upgrade_restart_node_result - until: not l_openshift_node_upgrade_restart_node_result | failed - retries: 3 - delay: 30 - when: - - (not skip_node_svc_handlers | default(False) | bool) - - not (node_service_status_changed | default(false) | bool) - -# TODO(jchaloup): once it is verified the systemd module works as expected -# switch to it: http://docs.ansible.com/ansible/latest/systemd_module.html -- name: reload systemd units - command: systemctl daemon-reload diff --git a/roles/openshift_node_upgrade/tasks/config/configure-node-settings.yml b/roles/openshift_node_upgrade/tasks/config/configure-node-settings.yml deleted file mode 100644 index 1186062eb..000000000 --- a/roles/openshift_node_upgrade/tasks/config/configure-node-settings.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Configure Node settings - lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node - regexp: "{{ item.regex }}" - line: "{{ item.line }}" - create: true - with_items: - - regex: '^OPTIONS=' - line: "OPTIONS=--loglevel={{ openshift.node.debug_level | default(2) }}" - - regex: '^CONFIG_FILE=' - line: "CONFIG_FILE={{ openshift.common.config_base }}/node/node-config.yaml" - - regex: '^IMAGE_VERSION=' - line: "IMAGE_VERSION={{ openshift_image_tag }}" - notify: - - restart node diff --git a/roles/openshift_node_upgrade/tasks/config/configure-proxy-settings.yml b/roles/openshift_node_upgrade/tasks/config/configure-proxy-settings.yml deleted file mode 100644 index d60794305..000000000 --- a/roles/openshift_node_upgrade/tasks/config/configure-proxy-settings.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Configure Proxy Settings - lineinfile: - dest: /etc/sysconfig/{{ openshift.common.service_type }}-node - regexp: "{{ item.regex }}" - line: "{{ item.line }}" - create: true - with_items: - - regex: '^HTTP_PROXY=' - line: "HTTP_PROXY={{ openshift.common.http_proxy | default('') }}" - - regex: '^HTTPS_PROXY=' - line: "HTTPS_PROXY={{ openshift.common.https_proxy | default('') }}" - - regex: '^NO_PROXY=' - line: "NO_PROXY={{ openshift.common.no_proxy | default([]) }},{{ openshift.common.portal_net }},{{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }}" - when: ('http_proxy' in openshift.common and openshift.common.http_proxy != '') - notify: - - restart node diff --git a/roles/openshift_node_upgrade/tasks/config/install-node-deps-docker-service-file.yml b/roles/openshift_node_upgrade/tasks/config/install-node-deps-docker-service-file.yml deleted file mode 100644 index ee91a88ab..000000000 --- a/roles/openshift_node_upgrade/tasks/config/install-node-deps-docker-service-file.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Install Node dependencies docker service file - template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node-dep.service" - src: openshift.docker.node.dep.service - notify: - - reload systemd units - - restart node diff --git a/roles/openshift_node_upgrade/tasks/config/install-node-docker-service-file.yml b/roles/openshift_node_upgrade/tasks/config/install-node-docker-service-file.yml deleted file mode 100644 index f92ff79b5..000000000 --- a/roles/openshift_node_upgrade/tasks/config/install-node-docker-service-file.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Install Node docker service file - template: - dest: "/etc/systemd/system/{{ openshift.common.service_type }}-node.service" - src: openshift.docker.node.service - notify: - - reload systemd units - - restart node diff --git a/roles/openshift_node_upgrade/tasks/config/install-ovs-docker-service-file.yml b/roles/openshift_node_upgrade/tasks/config/install-ovs-docker-service-file.yml deleted file mode 100644 index c2c5ea1d4..000000000 --- a/roles/openshift_node_upgrade/tasks/config/install-ovs-docker-service-file.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Install OpenvSwitch docker service file - template: - dest: "/etc/systemd/system/openvswitch.service" - src: openvswitch.docker.service - notify: - - reload systemd units - - restart openvswitch diff --git a/roles/openshift_node_upgrade/tasks/config/install-ovs-service-env-file.yml b/roles/openshift_node_upgrade/tasks/config/install-ovs-service-env-file.yml deleted file mode 100644 index 1d75a3355..000000000 --- a/roles/openshift_node_upgrade/tasks/config/install-ovs-service-env-file.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Create the openvswitch service env file - template: - src: openvswitch.sysconfig.j2 - dest: /etc/sysconfig/openvswitch - notify: - - reload systemd units - - restart openvswitch diff --git a/roles/openshift_node_upgrade/tasks/config/workaround-bz1331590-ovs-oom-fix.yml b/roles/openshift_node_upgrade/tasks/config/workaround-bz1331590-ovs-oom-fix.yml deleted file mode 100644 index 5df1abc79..000000000 --- a/roles/openshift_node_upgrade/tasks/config/workaround-bz1331590-ovs-oom-fix.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# May be a temporary workaround. -# https://bugzilla.redhat.com/show_bug.cgi?id=1331590 -- name: Create OpenvSwitch service.d directory - file: path=/etc/systemd/system/openvswitch.service.d/ state=directory - -- name: Install OpenvSwitch service OOM fix - template: - dest: "/etc/systemd/system/openvswitch.service.d/01-avoid-oom.conf" - src: openvswitch-avoid-oom.conf - notify: - - reload systemd units - - restart openvswitch diff --git a/roles/openshift_node_upgrade/tasks/registry_auth.yml b/roles/openshift_node_upgrade/tasks/registry_auth.yml deleted file mode 100644 index de396fb4b..000000000 --- a/roles/openshift_node_upgrade/tasks/registry_auth.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: Check for credentials file for registry auth - stat: - path: "{{ oreg_auth_credentials_path }}" - when: oreg_auth_user is defined - register: node_oreg_auth_credentials_stat - -- name: Create credentials for registry auth - command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" - when: - - oreg_auth_user is defined - - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool - register: node_oreg_auth_credentials_create - notify: - - restart node - -# Container images may need the registry credentials -- name: Setup ro mount of /root/.docker for containerized hosts - set_fact: - l_bind_docker_reg_auth: True - when: - - openshift.common.is_containerized | bool - - oreg_auth_user is defined - - (node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace or node_oreg_auth_credentials_create.changed) | bool diff --git a/roles/openshift_node_upgrade/tasks/systemd_units.yml b/roles/openshift_node_upgrade/tasks/systemd_units.yml deleted file mode 100644 index afff2f8ba..000000000 --- a/roles/openshift_node_upgrade/tasks/systemd_units.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# input variables -# - openshift.node.node_image -# - openshift_image_tag -# - openshift.common.is_containerized -# - openshift.node.ovs_image -# - openshift_use_openshift_sdn -# - openshift.common.service_type -# - openshift.node.debug_level -# - openshift.common.config_base -# - openshift.common.http_proxy -# - openshift.common.portal_net -# - openshift.common -# - openshift.common.http_proxy -# notify: -# - restart openvswitch -# - restart node - -# This file is included both in the openshift_master role and in the upgrade -# playbooks. -- include: config/install-node-deps-docker-service-file.yml - when: openshift.common.is_containerized | bool - -- include: config/install-node-docker-service-file.yml - when: openshift.common.is_containerized | bool - -- include: config/install-ovs-service-env-file.yml - when: openshift.common.is_containerized | bool - -- include: config/workaround-bz1331590-ovs-oom-fix.yml - when: openshift_use_openshift_sdn | bool - -- include: config/install-ovs-docker-service-file.yml - when: openshift.common.is_containerized | bool and openshift_use_openshift_sdn | bool - -- include: config/configure-node-settings.yml -- include: config/configure-proxy-settings.yml diff --git a/roles/openshift_node_upgrade/templates/node.service.j2 b/roles/openshift_node_upgrade/templates/node.service.j2 deleted file mode 100644 index e12a52c15..000000000 --- a/roles/openshift_node_upgrade/templates/node.service.j2 +++ /dev/null @@ -1,31 +0,0 @@ -[Unit] -Description=OpenShift Node -After={{ openshift.docker.service_name }}.service -Wants=openvswitch.service -After=ovsdb-server.service -After=ovs-vswitchd.service -Wants={{ openshift.docker.service_name }}.service -Documentation=https://github.com/openshift/origin -Requires=dnsmasq.service -After=dnsmasq.service - -[Service] -Type=notify -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node -Environment=GOTRACEBACK=crash -ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/ -ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1 -ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf -ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string: -ExecStart=/usr/bin/openshift start node --config=${CONFIG_FILE} $OPTIONS -LimitNOFILE=65536 -LimitCORE=infinity -WorkingDirectory=/var/lib/origin/ -SyslogIdentifier={{ openshift.common.service_type }}-node -Restart=always -RestartSec=5s -TimeoutStartSec=300 -OOMScoreAdjust=-999 - -[Install] -WantedBy=multi-user.target diff --git a/roles/openshift_node_upgrade/templates/openshift.docker.node.dep.service b/roles/openshift_node_upgrade/templates/openshift.docker.node.dep.service deleted file mode 100644 index aae35719c..000000000 --- a/roles/openshift_node_upgrade/templates/openshift.docker.node.dep.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Requires={{ openshift.docker.service_name }}.service -After={{ openshift.docker.service_name }}.service -PartOf={{ openshift.common.service_type }}-node.service -Before={{ openshift.common.service_type }}-node.service - - -[Service] -ExecStart=/bin/bash -c "if [[ -f /usr/bin/docker-current ]]; then echo \"DOCKER_ADDTL_BIND_MOUNTS=--volume=/usr/bin/docker-current:/usr/bin/docker-current:ro --volume=/etc/sysconfig/docker:/etc/sysconfig/docker:ro --volume=/etc/containers/registries:/etc/containers/registries:ro\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; else echo \"#DOCKER_ADDTL_BIND_MOUNTS=\" > /etc/sysconfig/{{ openshift.common.service_type }}-node-dep; fi" -ExecStop= -SyslogIdentifier={{ openshift.common.service_type }}-node-dep diff --git a/roles/openshift_node_upgrade/templates/openshift.docker.node.service b/roles/openshift_node_upgrade/templates/openshift.docker.node.service deleted file mode 100644 index 864e4b5d6..000000000 --- a/roles/openshift_node_upgrade/templates/openshift.docker.node.service +++ /dev/null @@ -1,49 +0,0 @@ -[Unit] -After={{ openshift.common.service_type }}-master.service -After={{ openshift.docker.service_name }}.service -After=openvswitch.service -PartOf={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service -{% if openshift_use_openshift_sdn %} -Wants=openvswitch.service -After=ovsdb-server.service -After=ovs-vswitchd.service -{% endif %} -Wants={{ openshift.common.service_type }}-master.service -Requires={{ openshift.common.service_type }}-node-dep.service -After={{ openshift.common.service_type }}-node-dep.service -Requires=dnsmasq.service -After=dnsmasq.service - -[Service] -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node -EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-node-dep -ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-node -ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/ -ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1 -ExecStart=/usr/bin/docker run --name {{ openshift.common.service_type }}-node \ - --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift.common.service_type }}-node \ - -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} \ - -e HOST=/rootfs -e HOST_ETC=/host-etc \ - -v {{ openshift_node_data_dir }}:{{ openshift_node_data_dir }}{{ ':rslave' if openshift.docker.gte_1_10 | default(False) | bool else '' }} \ - -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node \ - {% if openshift_cloudprovider_kind | default('') != '' -%} -v {{ openshift.common.config_base }}/cloudprovider:{{ openshift.common.config_base}}/cloudprovider {% endif -%} \ - -v /etc/localtime:/etc/localtime:ro -v /etc/machine-id:/etc/machine-id:ro \ - -v /run:/run -v /sys:/sys:rw -v /sys/fs/cgroup:/sys/fs/cgroup:rw \ - -v /usr/bin/docker:/usr/bin/docker:ro -v /var/lib/docker:/var/lib/docker \ - -v /lib/modules:/lib/modules -v /etc/origin/openvswitch:/etc/openvswitch \ - -v /etc/origin/sdn:/etc/openshift-sdn -v /var/lib/cni:/var/lib/cni \ - -v /etc/systemd/system:/host-etc/systemd/system -v /var/log:/var/log \ - -v /dev:/dev $DOCKER_ADDTL_BIND_MOUNTS -v /etc/pki:/etc/pki:ro \ - {% if l_bind_docker_reg_auth %} -v {{ oreg_auth_credentials_path }}:/root/.docker:ro{% endif %}\ - {{ openshift.node.node_image }}:${IMAGE_VERSION} -ExecStartPost=/usr/bin/sleep 10 -ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-node -ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf -ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string: -SyslogIdentifier={{ openshift.common.service_type }}-node -Restart=always -RestartSec=5s - -[Install] -WantedBy={{ openshift.docker.service_name }}.service diff --git a/roles/openshift_node_upgrade/templates/openvswitch-avoid-oom.conf b/roles/openshift_node_upgrade/templates/openvswitch-avoid-oom.conf deleted file mode 100644 index 3229bc56b..000000000 --- a/roles/openshift_node_upgrade/templates/openvswitch-avoid-oom.conf +++ /dev/null @@ -1,3 +0,0 @@ -# Avoid the OOM killer for openvswitch and it's children: -[Service] -OOMScoreAdjust=-1000 diff --git a/roles/openshift_node_upgrade/templates/openvswitch.docker.service b/roles/openshift_node_upgrade/templates/openvswitch.docker.service deleted file mode 100644 index 34aaaabd6..000000000 --- a/roles/openshift_node_upgrade/templates/openvswitch.docker.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -After={{ openshift.docker.service_name }}.service -Requires={{ openshift.docker.service_name }}.service -PartOf={{ openshift.docker.service_name }}.service - -[Service] -EnvironmentFile=/etc/sysconfig/openvswitch -ExecStartPre=-/usr/bin/docker rm -f openvswitch -ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }}:${IMAGE_VERSION} -ExecStartPost=/usr/bin/sleep 5 -ExecStop=/usr/bin/docker stop openvswitch -SyslogIdentifier=openvswitch -Restart=always -RestartSec=5s - -[Install] -WantedBy={{ openshift.docker.service_name }}.service diff --git a/roles/openshift_node_upgrade/templates/openvswitch.sysconfig.j2 b/roles/openshift_node_upgrade/templates/openvswitch.sysconfig.j2 deleted file mode 100644 index da7c3742a..000000000 --- a/roles/openshift_node_upgrade/templates/openvswitch.sysconfig.j2 +++ /dev/null @@ -1 +0,0 @@ -IMAGE_VERSION={{ openshift_image_tag }} diff --git a/roles/openshift_openstack/defaults/main.yml b/roles/openshift_openstack/defaults/main.yml new file mode 100644 index 000000000..5f182e0d6 --- /dev/null +++ b/roles/openshift_openstack/defaults/main.yml @@ -0,0 +1,96 @@ +--- +openshift_openstack_stack_state: 'present' + +openshift_openstack_ssh_ingress_cidr: 0.0.0.0/0 +openshift_openstack_node_ingress_cidr: 0.0.0.0/0 +openshift_openstack_lb_ingress_cidr: 0.0.0.0/0 +openshift_openstack_bastion_ingress_cidr: 0.0.0.0/0 +openshift_openstack_num_etcd: 0 +openshift_openstack_num_masters: 1 +openshift_openstack_num_nodes: 1 +openshift_openstack_num_dns: 0 +openshift_openstack_num_infra: 1 +openshift_openstack_dns_nameservers: [] +openshift_openstack_nodes_to_remove: [] + + +openshift_openstack_cluster_node_labels: + app: + region: primary + infra: + region: infra + +openshift_openstack_install_debug_packages: false +openshift_openstack_required_packages: + - docker + - NetworkManager + - wget + - git + - net-tools + - bind-utils + - bridge-utils +openshift_openstack_debug_packages: + - bash-completion + - vim-enhanced + +# container-storage-setup +openshift_openstack_container_storage_setup: + docker_dev: "/dev/sdb" + docker_vg: "docker-vol" + docker_data_size: "95%VG" + docker_dm_basesize: "3G" + container_root_lv_name: "dockerlv" + container_root_lv_mount_path: "/var/lib/docker" + + +# populate-dns +openshift_openstack_dns_records_add: [] +openshift_openstack_external_nsupdate_keys: {} + +openshift_openstack_full_dns_domain: "{{ (openshift_openstack_clusterid|trim == '') | ternary(openshift_openstack_public_dns_domain, openshift_openstack_clusterid + '.' + openshift_openstack_public_dns_domain) }}" +openshift_openstack_app_subdomain: "apps" + + +# heat vars +openshift_openstack_clusterid: openshift +openshift_openstack_stack_name: "{{ openshift_openstack_clusterid }}.{{ openshift_openstack_public_dns_domain }}" +openshift_openstack_subnet_prefix: "192.168.99" +openshift_openstack_master_hostname: master +openshift_openstack_infra_hostname: infra-node +openshift_openstack_node_hostname: app-node +openshift_openstack_lb_hostname: lb +openshift_openstack_etcd_hostname: etcd +openshift_openstack_dns_hostname: dns +openshift_openstack_keypair_name: openshift +openshift_openstack_lb_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_etcd_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_master_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_node_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_infra_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_dns_flavor: "{{ openshift_openstack_default_flavor }}" +openshift_openstack_master_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_infra_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_node_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_lb_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_etcd_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_dns_image: "{{ openshift_openstack_default_image_name }}" +openshift_openstack_provider_network_name: null +openshift_openstack_external_network_name: null +openshift_openstack_private_network: >- + {% if openshift_openstack_provider_network_name | default(None) -%} + {{ openshift_openstack_provider_network_name }} + {%- else -%} + {{ openshift_openstack_private_network_name | default ('openshift-ansible-' + openshift_openstack_stack_name + '-net') }} + {%- endif -%} +openshift_openstack_master_server_group_policies: [] +openshift_openstack_infra_server_group_policies: [] +openshift_openstack_docker_volume_size: 15 +openshift_openstack_master_volume_size: "{{ openshift_openstack_docker_volume_size }}" +openshift_openstack_infra_volume_size: "{{ openshift_openstack_docker_volume_size }}" +openshift_openstack_node_volume_size: "{{ openshift_openstack_docker_volume_size }}" +openshift_openstack_etcd_volume_size: 2 +openshift_openstack_dns_volume_size: 1 +openshift_openstack_lb_volume_size: 5 +openshift_openstack_use_bastion: false +openshift_openstack_ui_ssh_tunnel: false +openshift_openstack_ephemeral_volumes: false diff --git a/roles/openshift_openstack/tasks/check-prerequisites.yml b/roles/openshift_openstack/tasks/check-prerequisites.yml new file mode 100644 index 000000000..57c7238d1 --- /dev/null +++ b/roles/openshift_openstack/tasks/check-prerequisites.yml @@ -0,0 +1,105 @@ +--- +# Check ansible +- name: Check Ansible version + assert: + that: > + (ansible_version.major == 2 and ansible_version.minor >= 3) or + (ansible_version.major > 2) + msg: "Ansible version must be at least 2.3" + +# Check shade +- name: Try to import python module shade + command: python -c "import shade" + ignore_errors: yes + register: shade_result +- name: Check if shade is installed + assert: + that: 'shade_result.rc == 0' + msg: "Python module shade is not installed" + +# Check jmespath +- name: Try to import python module shade + command: python -c "import jmespath" + ignore_errors: yes + register: jmespath_result +- name: Check if jmespath is installed + assert: + that: 'jmespath_result.rc == 0' + msg: "Python module jmespath is not installed" + +# Check python-dns +- name: Try to import python DNS module + command: python -c "import dns" + ignore_errors: yes + register: pythondns_result +- name: Check if python-dns is installed + assert: + that: 'pythondns_result.rc == 0' + msg: "Python module python-dns is not installed" + +# Check jinja2 +- name: Try to import jinja2 module + command: python -c "import jinja2" + ignore_errors: yes + register: jinja_result +- name: Check if jinja2 is installed + assert: + that: 'jinja_result.rc == 0' + msg: "Python module jinja2 is not installed" + +# Check Glance image +- name: Try to get image facts + os_image_facts: + image: "{{ openshift_openstack_default_image_name }}" + register: image_result +- name: Check that image is available + assert: + that: "image_result.ansible_facts.openstack_image" + msg: "Image {{ openshift_openstack_default_image_name }} is not available" + +# Check network name +- name: Try to get network facts + os_networks_facts: + name: "{{ openshift_openstack_external_network_name }}" + register: network_result + when: not openshift_openstack_provider_network_name|default(None) +- name: Check that network is available + assert: + that: "network_result.ansible_facts.openstack_networks" + msg: "Network {{ openshift_openstack_external_network_name }} is not available" + when: not openshift_openstack_provider_network_name|default(None) + +# Check keypair +# TODO kpilatov: there is no Ansible module for getting OS keypairs +# (os_keypair is not suitable for this) +# this method does not force python-openstackclient dependency +- name: Try to show keypair + command: > + python -c 'import shade; cloud = shade.openstack_cloud(); + exit(cloud.get_keypair("{{ openshift_openstack_keypair_name }}") is None)' + ignore_errors: yes + register: key_result +- name: Check that keypair is available + assert: + that: 'key_result.rc == 0' + msg: "Keypair {{ openshift_openstack_keypair_name }} is not available" + +# Check that custom images are available +- include: custom_image_check.yaml + with_items: + - "{{ openshift_openstack_master_image }}" + - "{{ openshift_openstack_infra_image }}" + - "{{ openshift_openstack_node_image }}" + - "{{ openshift_openstack_lb_image }}" + - "{{ openshift_openstack_etcd_image }}" + - "{{ openshift_openstack_dns_image }}" + +# Check that custom flavors are available +- include: custom_flavor_check.yaml + with_items: + - "{{ openshift_openstack_master_flavor }}" + - "{{ openshift_openstack_infra_flavor }}" + - "{{ openshift_openstack_node_flavor }}" + - "{{ openshift_openstack_lb_flavor }}" + - "{{ openshift_openstack_etcd_flavor }}" + - "{{ openshift_openstack_dns_flavor }}" diff --git a/roles/openshift_openstack/tasks/cleanup.yml b/roles/openshift_openstack/tasks/cleanup.yml new file mode 100644 index 000000000..258334a6b --- /dev/null +++ b/roles/openshift_openstack/tasks/cleanup.yml @@ -0,0 +1,6 @@ +--- + +- name: cleanup temp files + file: + path: "{{ stack_template_pre.path }}" + state: absent diff --git a/roles/openshift_openstack/tasks/container-storage-setup.yml b/roles/openshift_openstack/tasks/container-storage-setup.yml new file mode 100644 index 000000000..82307b208 --- /dev/null +++ b/roles/openshift_openstack/tasks/container-storage-setup.yml @@ -0,0 +1,37 @@ +--- +- block: + - name: create the docker-storage config file + template: + src: docker-storage-setup-overlayfs.j2 + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + when: + - ansible_distribution_version | version_compare('7.4', '>=') + - ansible_distribution == "RedHat" + +- block: + - name: create the docker-storage-setup config file + template: + src: docker-storage-setup-dm.j2 + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + when: + - ansible_distribution_version | version_compare('7.4', '<') + - ansible_distribution == "RedHat" + +- block: + - name: create the docker-storage-setup config file for CentOS + template: + src: docker-storage-setup-dm.j2 + dest: /etc/sysconfig/docker-storage-setup + owner: root + group: root + mode: 0644 + + # TODO(shadower): Find out which CentOS version supports overlayfs2 + when: + - ansible_distribution == "CentOS" diff --git a/roles/openshift_openstack/tasks/custom_flavor_check.yaml b/roles/openshift_openstack/tasks/custom_flavor_check.yaml new file mode 100644 index 000000000..5fb7a76ff --- /dev/null +++ b/roles/openshift_openstack/tasks/custom_flavor_check.yaml @@ -0,0 +1,10 @@ +--- +- name: Try to get flavor facts + os_flavor_facts: + name: "{{ item }}" + register: flavor_result + +- name: Check that custom flavor is available + assert: + that: "flavor_result.ansible_facts.openstack_flavors" + msg: "Flavor {{ item }} is not available." diff --git a/roles/openshift_openstack/tasks/custom_image_check.yaml b/roles/openshift_openstack/tasks/custom_image_check.yaml new file mode 100644 index 000000000..4ae163406 --- /dev/null +++ b/roles/openshift_openstack/tasks/custom_image_check.yaml @@ -0,0 +1,10 @@ +--- +- name: Try to get image facts + os_image_facts: + image: "{{ item }}" + register: image_result + +- name: Check that custom image is available + assert: + that: "image_result.ansible_facts.openstack_image" + msg: "Image {{ item }} is not available." diff --git a/roles/openshift_openstack/tasks/generate-templates.yml b/roles/openshift_openstack/tasks/generate-templates.yml new file mode 100644 index 000000000..3a8b588e9 --- /dev/null +++ b/roles/openshift_openstack/tasks/generate-templates.yml @@ -0,0 +1,29 @@ +--- +- name: create HOT stack template prefix + register: stack_template_pre + tempfile: + state: directory + prefix: openshift-ansible + +- name: set template paths + set_fact: + stack_template_path: "{{ stack_template_pre.path }}/stack.yaml" + user_data_template_path: "{{ stack_template_pre.path }}/user-data" + +- name: Print out the Heat template directory + debug: var=stack_template_pre + +- name: generate HOT stack template from jinja2 template + template: + src: heat_stack.yaml.j2 + dest: "{{ stack_template_path }}" + +- name: generate HOT server template from jinja2 template + template: + src: heat_stack_server.yaml.j2 + dest: "{{ stack_template_pre.path }}/server.yaml" + +- name: generate user_data from jinja2 template + template: + src: user_data.j2 + dest: "{{ user_data_template_path }}" diff --git a/roles/openshift_openstack/tasks/hostname.yml b/roles/openshift_openstack/tasks/hostname.yml new file mode 100644 index 000000000..e1a18425f --- /dev/null +++ b/roles/openshift_openstack/tasks/hostname.yml @@ -0,0 +1,26 @@ +--- +- name: Setting Hostname Fact + set_fact: + new_hostname: "{{ custom_hostname | default(inventory_hostname_short) }}" + +- name: Setting FQDN Fact + set_fact: + new_fqdn: "{{ new_hostname }}.{{ openshift_openstack_full_dns_domain }}" + +- name: Setting hostname and DNS domain + hostname: name="{{ new_fqdn }}" + +- name: Check for cloud.cfg + stat: path=/etc/cloud/cloud.cfg + register: cloud_cfg + +- name: Prevent cloud-init updates of hostname/fqdn (if applicable) + lineinfile: + dest: /etc/cloud/cloud.cfg + state: present + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^ - set_hostname', line: '# - set_hostname' } + - { regexp: '^ - update_hostname', line: '# - update_hostname' } + when: cloud_cfg.stat.exists == True diff --git a/roles/openshift_openstack/tasks/net_vars_check.yaml b/roles/openshift_openstack/tasks/net_vars_check.yaml new file mode 100644 index 000000000..18b9b21b9 --- /dev/null +++ b/roles/openshift_openstack/tasks/net_vars_check.yaml @@ -0,0 +1,14 @@ +--- +- name: Check the provider network configuration + fail: + msg: "Flannel SDN requires a dedicated containers data network and can not work over a provider network" + when: + - openshift_openstack_provider_network_name is defined + - openstack_private_data_network_name is defined + +- name: Check the flannel network configuration + fail: + msg: "A dedicated containers data network is only supported with Flannel SDN" + when: + - openstack_private_data_network_name is defined + - not openshift_use_flannel|default(False)|bool diff --git a/roles/openshift_openstack/tasks/node-configuration.yml b/roles/openshift_openstack/tasks/node-configuration.yml new file mode 100644 index 000000000..89e58d830 --- /dev/null +++ b/roles/openshift_openstack/tasks/node-configuration.yml @@ -0,0 +1,11 @@ +--- +- name: "Verify SELinux is enforcing" + fail: + msg: "SELinux is required for OpenShift and has been detected as '{{ ansible_selinux.config_mode }}'" + when: ansible_selinux.config_mode != "enforcing" + +- include: hostname.yml + +- include: container-storage-setup.yml + +- include: node-network.yml diff --git a/roles/openshift_openstack/tasks/node-network.yml b/roles/openshift_openstack/tasks/node-network.yml new file mode 100644 index 000000000..f494e5158 --- /dev/null +++ b/roles/openshift_openstack/tasks/node-network.yml @@ -0,0 +1,19 @@ +--- +- name: configure NetworkManager + lineinfile: + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4['interface'] }}" + regexp: '^{{ item }}=' + line: '{{ item }}=yes' + state: present + create: yes + with_items: + - 'USE_PEERDNS' + - 'NM_CONTROLLED' + +- name: enable and start NetworkManager + service: + name: NetworkManager + state: restarted + enabled: yes + +# TODO(shadower): add the flannel interface tasks from post-provision-openstack.yml diff --git a/roles/openshift_openstack/tasks/node-packages.yml b/roles/openshift_openstack/tasks/node-packages.yml new file mode 100644 index 000000000..7864f5269 --- /dev/null +++ b/roles/openshift_openstack/tasks/node-packages.yml @@ -0,0 +1,15 @@ +--- +# TODO: subscribe to RHEL and install docker and other packages here + +- name: Install required packages + yum: + name: "{{ item }}" + state: latest + with_items: "{{ openshift_openstack_required_packages }}" + +- name: Install debug packages (optional) + yum: + name: "{{ item }}" + state: latest + with_items: "{{ openshift_openstack_debug_packages }}" + when: openshift_openstack_install_debug_packages|bool diff --git a/roles/openshift_openstack/tasks/populate-dns.yml b/roles/openshift_openstack/tasks/populate-dns.yml new file mode 100644 index 000000000..c03aceb94 --- /dev/null +++ b/roles/openshift_openstack/tasks/populate-dns.yml @@ -0,0 +1,128 @@ +--- +- name: "Generate list of private A records" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['private_v4'] } ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + +- name: "Add wildcard records to the private A records for infrahosts" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_openstack_app_subdomain, 'ip': hostvars[item]['private_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + +- name: "Add public master cluster hostname records to the private A records (single master)" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].private_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openshift_openstack_num_masters == 1 + +- name: "Add public master cluster hostname records to the private A records (multi-master)" + set_fact: + private_records: "{{ private_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].private_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openshift_openstack_num_masters > 1 + +- name: "Set the private DNS server to use the external value (if provided)" + set_fact: + nsupdate_server_private: "{{ openshift_openstack_external_nsupdate_keys['private']['server'] }}" + nsupdate_key_secret_private: "{{ openshift_openstack_external_nsupdate_keys['private']['key_secret'] }}" + nsupdate_key_algorithm_private: "{{ openshift_openstack_external_nsupdate_keys['private']['key_algorithm'] }}" + nsupdate_private_key_name: "{{ openshift_openstack_external_nsupdate_keys['private']['key_name']|default('private-' + openshift_openstack_full_dns_domain) }}" + when: + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys['private'] is defined + + +- name: "Generate the private Add section for DNS" + set_fact: + private_named_records: + - view: "private" + zone: "{{ openshift_openstack_full_dns_domain }}" + server: "{{ nsupdate_server_private }}" + key_name: "{{ nsupdate_private_key_name|default('private-' + openshift_openstack_full_dns_domain) }}" + key_secret: "{{ nsupdate_key_secret_private }}" + key_algorithm: "{{ nsupdate_key_algorithm_private | lower }}" + entries: "{{ private_records }}" + +- name: "Generate list of public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': hostvars[item]['ansible_hostname'], 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['cluster_hosts'] }}" + when: hostvars[item]['public_v4'] is defined + +- name: "Add wildcard records to the public A records" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': '*.' + openshift_openstack_app_subdomain, 'ip': hostvars[item]['public_v4'] } ] }}" + with_items: "{{ groups['infra_hosts'] }}" + when: hostvars[item]['public_v4'] is defined + +- name: "Add public master cluster hostname records to the public A records (single master)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.masters[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openshift_openstack_num_masters == 1 + - not openshift_openstack_use_bastion|bool + +- name: "Add public master cluster hostname records to the public A records (single master behind a bastion)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.bastions[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openshift_openstack_num_masters == 1 + - openshift_openstack_use_bastion|bool + +- name: "Add public master cluster hostname records to the public A records (multi-master)" + set_fact: + public_records: "{{ public_records | default([]) + [ { 'type': 'A', 'hostname': (hostvars[groups.masters[0]].openshift_master_cluster_public_hostname | replace(openshift_openstack_full_dns_domain, ''))[:-1], 'ip': hostvars[groups.lb[0]].public_v4 } ] }}" + when: + - hostvars[groups.masters[0]].openshift_master_cluster_public_hostname is defined + - openshift_openstack_num_masters > 1 + +- name: "Set the public DNS server details to use the external value (if provided)" + set_fact: + nsupdate_server_public: "{{ openshift_openstack_external_nsupdate_keys['public']['server'] }}" + nsupdate_key_secret_public: "{{ openshift_openstack_external_nsupdate_keys['public']['key_secret'] }}" + nsupdate_key_algorithm_public: "{{ openshift_openstack_external_nsupdate_keys['public']['key_algorithm'] }}" + nsupdate_public_key_name: "{{ openshift_openstack_external_nsupdate_keys['public']['key_name']|default('public-' + openshift_openstack_full_dns_domain) }}" + when: + - openshift_openstack_external_nsupdate_keys is defined + - openshift_openstack_external_nsupdate_keys['public'] is defined + +- name: "Generate the public Add section for DNS" + set_fact: + public_named_records: + - view: "public" + zone: "{{ openshift_openstack_full_dns_domain }}" + server: "{{ nsupdate_server_public }}" + key_name: "{{ nsupdate_public_key_name|default('public-' + openshift_openstack_full_dns_domain) }}" + key_secret: "{{ nsupdate_key_secret_public }}" + key_algorithm: "{{ nsupdate_key_algorithm_public | lower }}" + entries: "{{ public_records }}" + + +- name: "Generate the final openshift_openstack_dns_records_add" + set_fact: + openshift_openstack_dns_records_add: "{{ private_named_records + public_named_records }}" + + +- name: "Add DNS A records" + nsupdate: + key_name: "{{ item.0.key_name }}" + key_secret: "{{ item.0.key_secret }}" + key_algorithm: "{{ item.0.key_algorithm }}" + server: "{{ item.0.server }}" + zone: "{{ item.0.zone }}" + record: "{{ item.1.hostname }}" + value: "{{ item.1.ip }}" + type: "{{ item.1.type }}" + # TODO(shadower): add a cleanup playbook that removes these records, too! + state: present + with_subelements: + - "{{ openshift_openstack_dns_records_add | default({}) }}" + - entries + register: nsupdate_add_result + until: nsupdate_add_result|succeeded + retries: 10 + delay: 1 diff --git a/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml b/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml new file mode 100644 index 000000000..fc51f6dc2 --- /dev/null +++ b/roles/openshift_openstack/tasks/prepare-and-format-cinder-volume.yaml @@ -0,0 +1,59 @@ +--- +- name: Attach the volume to the VM + os_server_volume: + state: present + server: "{{ groups['masters'][0] }}" + volume: "{{ cinder_volume }}" + register: volume_attachment + +- set_fact: + attached_device: >- + {{ volume_attachment['attachments']|json_query("[?volume_id=='" + cinder_volume + "'].device | [0]") }} + +- delegate_to: "{{ groups['masters'][0] }}" + block: + - name: Wait for the device to appear + wait_for: path={{ attached_device }} + + - name: Create a temp directory for mounting the volume + tempfile: + prefix: cinder-volume + state: directory + register: cinder_mount_dir + + - name: Format the device + filesystem: + fstype: "{{ cinder_fs }}" + dev: "{{ attached_device }}" + + - name: Mount the device + mount: + name: "{{ cinder_mount_dir.path }}" + src: "{{ attached_device }}" + state: mounted + fstype: "{{ cinder_fs }}" + + - name: Change mode on the filesystem + file: + path: "{{ cinder_mount_dir.path }}" + state: directory + recurse: true + mode: 0777 + + - name: Unmount the device + mount: + name: "{{ cinder_mount_dir.path }}" + src: "{{ attached_device }}" + state: absent + fstype: "{{ cinder_fs }}" + + - name: Delete the temp directory + file: + name: "{{ cinder_mount_dir.path }}" + state: absent + +- name: Detach the volume from the VM + os_server_volume: + state: absent + server: "{{ groups['masters'][0] }}" + volume: "{{ cinder_volume }}" diff --git a/roles/openshift_openstack/tasks/provision.yml b/roles/openshift_openstack/tasks/provision.yml new file mode 100644 index 000000000..dccbe334c --- /dev/null +++ b/roles/openshift_openstack/tasks/provision.yml @@ -0,0 +1,25 @@ +--- +- name: Generate the templates + include: generate-templates.yml + when: + - openshift_openstack_stack_state == 'present' + +- name: Handle the Stack (create/delete) + ignore_errors: False + register: stack_create + os_stack: + name: "{{ openshift_openstack_stack_name }}" + state: "{{ openshift_openstack_stack_state }}" + template: "{{ stack_template_path | default(omit) }}" + wait: yes + +- name: Add the new nodes to the inventory + meta: refresh_inventory + +- name: CleanUp + include: cleanup.yml + when: + - openshift_openstack_stack_state == 'present' + +# TODO(shadower): create the registry and PV Cinder volumes if specified +# and include the `prepare-and-format-cinder-volume` tasks to set it up diff --git a/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 b/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 new file mode 100644 index 000000000..32c6b5838 --- /dev/null +++ b/roles/openshift_openstack/templates/docker-storage-setup-dm.j2 @@ -0,0 +1,4 @@ +DEVS="{{ openshift_openstack_container_storage_setup.docker_dev }}" +VG="{{ openshift_openstack_container_storage_setup.docker_vg }}" +DATA_SIZE="{{ openshift_openstack_container_storage_setup.docker_data_size }}" +EXTRA_DOCKER_STORAGE_OPTIONS="--storage-opt dm.basesize={{ openshift_openstack_container_storage_setup.docker_dm_basesize }}" diff --git a/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 b/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 new file mode 100644 index 000000000..1bf366bdc --- /dev/null +++ b/roles/openshift_openstack/templates/docker-storage-setup-overlayfs.j2 @@ -0,0 +1,7 @@ +DEVS="{{ openshift_openstack_container_storage_setup.docker_dev }}" +VG="{{ openshift_openstack_container_storage_setup.docker_vg }}" +DATA_SIZE="{{ openshift_openstack_container_storage_setup.docker_data_size }}" +STORAGE_DRIVER=overlay2 +CONTAINER_ROOT_LV_NAME="{{ openshift_openstack_container_storage_setup.container_root_lv_name }}" +CONTAINER_ROOT_LV_MOUNT_PATH="{{ openshift_openstack_container_storage_setup.container_root_lv_mount_path }}" +CONTAINER_ROOT_LV_SIZE=100%FREE diff --git a/roles/openshift_openstack/templates/heat_stack.yaml.j2 b/roles/openshift_openstack/templates/heat_stack.yaml.j2 new file mode 100644 index 000000000..bfa65b460 --- /dev/null +++ b/roles/openshift_openstack/templates/heat_stack.yaml.j2 @@ -0,0 +1,888 @@ +heat_template_version: 2016-10-14 + +description: OpenShift cluster + +parameters: + +outputs: + + etcd_names: + description: Name of the etcds + value: { get_attr: [ etcd, name ] } + + etcd_ips: + description: IPs of the etcds + value: { get_attr: [ etcd, private_ip ] } + + etcd_floating_ips: + description: Floating IPs of the etcds + value: { get_attr: [ etcd, floating_ip ] } + + master_names: + description: Name of the masters + value: { get_attr: [ masters, name ] } + + master_ips: + description: IPs of the masters + value: { get_attr: [ masters, private_ip ] } + + master_floating_ips: + description: Floating IPs of the masters + value: { get_attr: [ masters, floating_ip ] } + + node_names: + description: Name of the nodes + value: { get_attr: [ compute_nodes, name ] } + + node_ips: + description: IPs of the nodes + value: { get_attr: [ compute_nodes, private_ip ] } + + node_floating_ips: + description: Floating IPs of the nodes + value: { get_attr: [ compute_nodes, floating_ip ] } + + infra_names: + description: Name of the nodes + value: { get_attr: [ infra_nodes, name ] } + + infra_ips: + description: IPs of the nodes + value: { get_attr: [ infra_nodes, private_ip ] } + + infra_floating_ips: + description: Floating IPs of the nodes + value: { get_attr: [ infra_nodes, floating_ip ] } + +{% if openshift_openstack_num_dns|int > 0 %} + dns_name: + description: Name of the DNS + value: + get_attr: + - dns + - name + + dns_floating_ips: + description: Floating IPs of the DNS + value: { get_attr: [ dns, floating_ip ] } + + dns_private_ips: + description: Private IPs of the DNS + value: { get_attr: [ dns, private_ip ] } +{% endif %} + +conditions: + no_floating: {% if openshift_openstack_provider_network_name or openshift_openstack_use_bastion|bool %}true{% else %}false{% endif %} + +resources: + +{% if not openshift_openstack_provider_network_name %} + net: + type: OS::Neutron::Net + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} + + subnet: + type: OS::Neutron::Subnet + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-subnet + params: + cluster_id: {{ openshift_openstack_stack_name }} + network: { get_resource: net } + cidr: + str_replace: + template: subnet_24_prefix.0/24 + params: + subnet_24_prefix: {{ openshift_openstack_subnet_prefix }} + allocation_pools: + - start: + str_replace: + template: subnet_24_prefix.3 + params: + subnet_24_prefix: {{ openshift_openstack_subnet_prefix }} + end: + str_replace: + template: subnet_24_prefix.254 + params: + subnet_24_prefix: {{ openshift_openstack_subnet_prefix }} + dns_nameservers: +{% for nameserver in openshift_openstack_dns_nameservers %} + - {{ nameserver }} +{% endfor %} + +{% if openshift_use_flannel|default(False)|bool %} + data_net: + type: OS::Neutron::Net + properties: + name: openshift-ansible-{{ openshift_openstack_stack_name }}-data-net + port_security_enabled: false + + data_subnet: + type: OS::Neutron::Subnet + properties: + name: openshift-ansible-{{ openshift_openstack_stack_name }}-data-subnet + network: { get_resource: data_net } + cidr: {{ osm_cluster_network_cidr|default('10.128.0.0/14') }} + gateway_ip: null +{% endif %} + + router: + type: OS::Neutron::Router + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-router + params: + cluster_id: {{ openshift_openstack_stack_name }} + external_gateway_info: + network: {{ openshift_openstack_external_network_name }} + + interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: subnet } + +{% endif %} + +# keypair: +# type: OS::Nova::KeyPair +# properties: +# name: +# str_replace: +# template: openshift-ansible-cluster_id-keypair +# params: +# cluster_id: {{ openshift_openstack_stack_name }} +# public_key: {{ openshift_openstack_keypair_name }} + + common-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-common-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Basic ssh/icmp security group for cluster_id OpenShift cluster + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} +{% if openshift_openstack_use_bastion|bool %} + - direction: ingress + protocol: tcp + port_range_min: 22 + port_range_max: 22 + remote_ip_prefix: {{ openshift_openstack_bastion_ingress_cidr }} +{% endif %} + - direction: ingress + protocol: icmp + remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} + +{% if openshift_openstack_flat_secgrp|default(False)|bool %} + flat-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-flat-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift cluster + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 4001 + port_range_max: 4001 + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port|default(8443) }} + port_range_max: {{ openshift_master_api_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_console_port|default(8443) }} + port_range_max: {{ openshift_master_console_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: udp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: tcp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: udp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: tcp + port_range_min: 2224 + port_range_max: 2224 + - direction: ingress + protocol: udp + port_range_min: 5404 + port_range_max: 5405 + - direction: ingress + protocol: tcp + port_range_min: 9090 + port_range_max: 9090 + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2380 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 4789 + port_range_max: 4789 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" +{% else %} + master-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-master-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift cluster master + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 4001 + port_range_max: 4001 + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port|default(8443) }} + port_range_max: {{ openshift_master_api_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_console_port|default(8443) }} + port_range_max: {{ openshift_master_console_port|default(8443) }} + - direction: ingress + protocol: tcp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: udp + port_range_min: 8053 + port_range_max: 8053 + - direction: ingress + protocol: tcp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: udp + port_range_min: 24224 + port_range_max: 24224 + - direction: ingress + protocol: tcp + port_range_min: 2224 + port_range_max: 2224 + - direction: ingress + protocol: udp + port_range_min: 5404 + port_range_max: 5405 + - direction: ingress + protocol: tcp + port_range_min: 9090 + port_range_max: 9090 +{% if openshift_use_flannel|default(False)|bool %} + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2379 +{% endif %} + + etcd-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-etcd-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id etcd cluster + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 2379 + port_range_max: 2379 + remote_mode: remote_group_id + remote_group_id: { get_resource: master-secgrp } + - direction: ingress + protocol: tcp + port_range_min: 2380 + port_range_max: 2380 + remote_mode: remote_group_id + + node-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-node-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift cluster nodes + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 10250 + port_range_max: 10250 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 10255 + port_range_max: 10255 + remote_mode: remote_group_id + - direction: ingress + protocol: udp + port_range_min: 4789 + port_range_max: 4789 + remote_mode: remote_group_id + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} + - direction: ingress + protocol: tcp + port_range_min: 30000 + port_range_max: 32767 + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" +{% endif %} + + infra-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-infra-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id OpenShift infrastructure cluster nodes + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: tcp + port_range_min: 80 + port_range_max: 80 + - direction: ingress + protocol: tcp + port_range_min: 443 + port_range_max: 443 + +{% if openshift_openstack_num_dns|int > 0 %} + dns-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: + str_replace: + template: openshift-ansible-cluster_id-dns-secgrp + params: + cluster_id: {{ openshift_openstack_stack_name }} + description: + str_replace: + template: Security group for cluster_id cluster DNS + params: + cluster_id: {{ openshift_openstack_stack_name }} + rules: + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} + - direction: ingress + protocol: udp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" + - direction: ingress + protocol: tcp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: {{ openshift_openstack_node_ingress_cidr }} + - direction: ingress + protocol: tcp + port_range_min: 53 + port_range_max: 53 + remote_ip_prefix: "{{ openshift_openstack_subnet_prefix }}.0/24" +{% endif %} + +{% if openshift_openstack_num_masters|int > 1 or openshift_openstack_ui_ssh_tunnel|bool %} + lb-secgrp: + type: OS::Neutron::SecurityGroup + properties: + name: openshift-ansible-{{ openshift_openstack_stack_name }}-lb-secgrp + description: Security group for {{ openshift_openstack_stack_name }} cluster Load Balancer + rules: + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port | default(8443) }} + port_range_max: {{ openshift_master_api_port | default(8443) }} + remote_ip_prefix: {{ openshift_openstack_lb_ingress_cidr | default(openshift_openstack_bastion_ingress_cidr) }} +{% if openshift_openstack_ui_ssh_tunnel|bool %} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_api_port | default(8443) }} + port_range_max: {{ openshift_master_api_port | default(8443) }} + remote_ip_prefix: {{ openshift_openstack_ssh_ingress_cidr }} +{% endif %} +{% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %} + - direction: ingress + protocol: tcp + port_range_min: {{ openshift_master_console_port | default(8443) }} + port_range_max: {{ openshift_master_console_port | default(8443) }} + remote_ip_prefix: {{ openshift_openstack_lb_ingress_cidr | default(openshift_openstack_bastion_ingress_cidr) }} +{% endif %} +{% endif %} + + etcd: + type: OS::Heat::ResourceGroup + properties: + count: {{ openshift_openstack_num_etcd }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_etcd_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: etcds + cluster_id: {{ openshift_openstack_stack_name }} + type: etcd + image: {{ openshift_openstack_etcd_image }} + flavor: {{ openshift_openstack_etcd_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% endif %} + secgrp: + - { get_resource: {% if openshift_openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} } + - { get_resource: common-secgrp } + floating_network: + if: + - no_floating + - null + - {{ openshift_openstack_external_network_name }} +{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} + attach_float_net: false +{% endif %} + volume_size: {{ openshift_openstack_etcd_volume_size }} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} + +{% if openshift_openstack_master_server_group_policies|length > 0 %} + master_server_group: + type: OS::Nova::ServerGroup + properties: + name: master_server_group + policies: {{ openshift_openstack_master_server_group_policies }} +{% endif %} +{% if openshift_openstack_infra_server_group_policies|length > 0 %} + infra_server_group: + type: OS::Nova::ServerGroup + properties: + name: infra_server_group + policies: {{ openshift_openstack_infra_server_group_policies }} +{% endif %} +{% if openshift_openstack_num_masters|int > 1 %} + loadbalancer: + type: OS::Heat::ResourceGroup + properties: + count: 1 + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_lb_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: lb + cluster_id: {{ openshift_openstack_stack_name }} + type: lb + image: {{ openshift_openstack_lb_image }} + flavor: {{ openshift_openstack_lb_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% endif %} + secgrp: + - { get_resource: lb-secgrp } + - { get_resource: common-secgrp } +{% if not openshift_openstack_provider_network_name %} + floating_network: {{ openshift_openstack_external_network_name }} +{% endif %} + volume_size: {{ openshift_openstack_lb_volume_size }} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} +{% endif %} + + masters: + type: OS::Heat::ResourceGroup + properties: + count: {{ openshift_openstack_num_masters }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_master_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: masters + cluster_id: {{ openshift_openstack_stack_name }} + type: master + image: {{ openshift_openstack_master_image }} + flavor: {{ openshift_openstack_master_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: true + data_net: { get_resource: data_net } + data_subnet: { get_resource: data_subnet } +{% endif %} +{% endif %} + secgrp: +{% if openshift_openstack_flat_secgrp|default(False)|bool %} + - { get_resource: flat-secgrp } +{% else %} + - { get_resource: master-secgrp } + - { get_resource: node-secgrp } +{% if openshift_openstack_num_etcd|int == 0 %} + - { get_resource: etcd-secgrp } +{% endif %} +{% endif %} + - { get_resource: common-secgrp } + floating_network: + if: + - no_floating + - null + - {{ openshift_openstack_external_network_name }} +{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} + attach_float_net: false +{% endif %} + volume_size: {{ openshift_openstack_master_volume_size }} +{% if openshift_openstack_master_server_group_policies|length > 0 %} + scheduler_hints: + group: { get_resource: master_server_group } +{% endif %} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} + + compute_nodes: + type: OS::Heat::ResourceGroup + properties: + count: {{ openshift_openstack_num_nodes }} + removal_policies: + - resource_list: {{ openshift_openstack_nodes_to_remove }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: sub_type_k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + sub_type_k8s_type: {{ openshift_openstack_node_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: nodes + cluster_id: {{ openshift_openstack_stack_name }} + type: node + subtype: app + node_labels: +{% for k, v in openshift_openstack_cluster_node_labels.app.iteritems() %} + {{ k|e }}: {{ v|e }} +{% endfor %} + image: {{ openshift_openstack_node_image }} + flavor: {{ openshift_openstack_node_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: true + data_net: { get_resource: data_net } + data_subnet: { get_resource: data_subnet } +{% endif %} +{% endif %} + secgrp: + - { get_resource: {% if openshift_openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} } + - { get_resource: common-secgrp } + floating_network: + if: + - no_floating + - null + - {{ openshift_openstack_external_network_name }} +{% if openshift_openstack_use_bastion|bool or openshift_openstack_provider_network_name %} + attach_float_net: false +{% endif %} + volume_size: {{ openshift_openstack_node_volume_size }} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} + + infra_nodes: + type: OS::Heat::ResourceGroup + properties: + count: {{ openshift_openstack_num_infra }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: sub_type_k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + sub_type_k8s_type: {{ openshift_openstack_infra_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: infra + cluster_id: {{ openshift_openstack_stack_name }} + type: node + subtype: infra + node_labels: +{% for k, v in openshift_openstack_cluster_node_labels.infra.iteritems() %} + {{ k|e }}: {{ v|e }} +{% endfor %} + image: {{ openshift_openstack_infra_image }} + flavor: {{ openshift_openstack_infra_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: true + data_net: { get_resource: data_net } + data_subnet: { get_resource: data_subnet } +{% endif %} +{% endif %} + secgrp: +# TODO(bogdando) filter only required node rules into infra-secgrp +{% if openshift_openstack_flat_secgrp|default(False)|bool %} + - { get_resource: flat-secgrp } +{% else %} + - { get_resource: node-secgrp } +{% endif %} +{% if openshift_openstack_ui_ssh_tunnel|bool and openshift_openstack_num_masters|int < 2 %} + - { get_resource: lb-secgrp } +{% endif %} + - { get_resource: infra-secgrp } + - { get_resource: common-secgrp } +{% if not openshift_openstack_provider_network_name %} + floating_network: {{ openshift_openstack_external_network_name }} +{% endif %} + volume_size: {{ openshift_openstack_infra_volume_size }} +{% if openshift_openstack_infra_server_group_policies|length > 0 %} + scheduler_hints: + group: { get_resource: infra_server_group } +{% endif %} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} + +{% if openshift_openstack_num_dns|int > 0 %} + dns: + type: OS::Heat::ResourceGroup + properties: + count: {{ openshift_openstack_num_dns }} + resource_def: + type: server.yaml + properties: + name: + str_replace: + template: k8s_type-%index%.cluster_id + params: + cluster_id: {{ openshift_openstack_stack_name }} + k8s_type: {{ openshift_openstack_dns_hostname }} + cluster_env: {{ openshift_openstack_public_dns_domain }} + cluster_id: {{ openshift_openstack_stack_name }} + group: + str_replace: + template: k8s_type.cluster_id + params: + k8s_type: dns + cluster_id: {{ openshift_openstack_stack_name }} + type: dns + image: {{ openshift_openstack_dns_image }} + flavor: {{ openshift_openstack_dns_flavor }} + key_name: {{ openshift_openstack_keypair_name }} +{% if openshift_openstack_provider_network_name %} + net: {{ openshift_openstack_provider_network_name }} + net_name: {{ openshift_openstack_provider_network_name }} +{% else %} + net: { get_resource: net } + subnet: { get_resource: subnet } + net_name: + str_replace: + template: openshift-ansible-cluster_id-net + params: + cluster_id: {{ openshift_openstack_stack_name }} +{% endif %} + secgrp: + - { get_resource: dns-secgrp } + - { get_resource: common-secgrp } +{% if not openshift_openstack_provider_network_name %} + floating_network: {{ openshift_openstack_external_network_name }} +{% endif %} + volume_size: {{ openshift_openstack_dns_volume_size }} +{% if not openshift_openstack_provider_network_name %} + depends_on: + - interface +{% endif %} +{% endif %} diff --git a/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 new file mode 100644 index 000000000..a829da34f --- /dev/null +++ b/roles/openshift_openstack/templates/heat_stack_server.yaml.j2 @@ -0,0 +1,270 @@ +heat_template_version: 2016-10-14 + +description: OpenShift cluster server + +parameters: + + name: + type: string + label: Name + description: Name + + group: + type: string + label: Host Group + description: The Primary Ansible Host Group + default: host + + cluster_env: + type: string + label: Cluster environment + description: Environment of the cluster + + cluster_id: + type: string + label: Cluster ID + description: Identifier of the cluster + + type: + type: string + label: Type + description: Type master or node + + subtype: + type: string + label: Sub-type + description: Sub-type compute or infra for nodes, default otherwise + default: default + + key_name: + type: string + label: Key name + description: Key name of keypair + + image: + type: string + label: Image + description: Name of the image + + flavor: + type: string + label: Flavor + description: Name of the flavor + + net: + type: string + label: Net ID + description: Net resource + + net_name: + type: string + label: Net name + description: Net name + +{% if not openshift_openstack_provider_network_name %} + subnet: + type: string + label: Subnet ID + description: Subnet resource +{% endif %} + +{% if openshift_use_flannel|default(False)|bool %} + attach_data_net: + type: boolean + default: false + label: Attach-data-net + description: A switch for data port connection + + data_net: + type: string + default: '' + label: Net ID + description: Net resource + +{% if not openshift_openstack_provider_network_name %} + data_subnet: + type: string + default: '' + label: Subnet ID + description: Subnet resource +{% endif %} +{% endif %} + + secgrp: + type: comma_delimited_list + label: Security groups + description: Security group resources + + attach_float_net: + type: boolean + default: true + + label: Attach-float-net + description: A switch for floating network port connection + +{% if not openshift_openstack_provider_network_name %} + floating_network: + type: string + default: '' + label: Floating network + description: Network to allocate floating IP from +{% endif %} + + availability_zone: + type: string + description: The Availability Zone to launch the instance. + default: nova + + volume_size: + type: number + description: Size of the volume to be created. + default: 1 + constraints: + - range: { min: 1, max: 1024 } + description: must be between 1 and 1024 Gb. + + node_labels: + type: json + description: OpenShift Node Labels + default: {"region": "default" } + + scheduler_hints: + type: json + description: Server scheduler hints. + default: {} + +outputs: + + name: + description: Name of the server + value: { get_attr: [ server, name ] } + + private_ip: + description: Private IP of the server + value: + get_attr: + - server + - addresses + - { get_param: net_name } + - 0 + - addr + + floating_ip: + description: Floating IP of the server + value: + get_attr: + - server + - addresses + - { get_param: net_name } +{% if openshift_openstack_provider_network_name %} + - 0 +{% else %} + - 1 +{% endif %} + - addr + +conditions: + no_floating: {not: { get_param: attach_float_net} } +{% if openshift_use_flannel|default(False)|bool %} + no_data_subnet: {not: { get_param: attach_data_net} } +{% endif %} + +resources: + + server: + type: OS::Nova::Server + properties: + name: { get_param: name } + key_name: { get_param: key_name } + image: { get_param: image } + flavor: { get_param: flavor } + networks: +{% if openshift_use_flannel|default(False)|bool %} + if: + - no_data_subnet +{% if use_trunk_ports|default(false)|bool %} + - - port: { get_attr: [trunk-port, port_id] } +{% else %} + - - port: { get_resource: port } +{% endif %} +{% if use_trunk_ports|default(false)|bool %} + - - port: { get_attr: [trunk-port, port_id] } +{% else %} + - - port: { get_resource: port } + - port: { get_resource: data_port } +{% endif %} + +{% else %} +{% if use_trunk_ports|default(false)|bool %} + - port: { get_attr: [trunk-port, port_id] } +{% else %} + - port: { get_resource: port } +{% endif %} +{% endif %} + user_data: + get_file: user-data + user_data_format: RAW + user_data_update_policy: IGNORE + metadata: + group: { get_param: group } + environment: { get_param: cluster_env } + clusterid: { get_param: cluster_id } + host-type: { get_param: type } + sub-host-type: { get_param: subtype } + node_labels: { get_param: node_labels } + scheduler_hints: { get_param: scheduler_hints } + +{% if use_trunk_ports|default(false)|bool %} + trunk-port: + type: OS::Neutron::Trunk + properties: + name: { get_param: name } + port: { get_resource: port } +{% endif %} + + port: + type: OS::Neutron::Port + properties: + network: { get_param: net } +{% if not openshift_openstack_provider_network_name %} + fixed_ips: + - subnet: { get_param: subnet } +{% endif %} + security_groups: { get_param: secgrp } + +{% if openshift_use_flannel|default(False)|bool %} + data_port: + type: OS::Neutron::Port + condition: { not: no_data_subnet } + properties: + network: { get_param: data_net } + port_security_enabled: false +{% if not openshift_openstack_provider_network_name %} + fixed_ips: + - subnet: { get_param: data_subnet } +{% endif %} +{% endif %} + +{% if not openshift_openstack_provider_network_name %} + floating-ip: + condition: { not: no_floating } + type: OS::Neutron::FloatingIP + properties: + floating_network: { get_param: floating_network } + port_id: { get_resource: port } +{% endif %} + +{% if not openshift_openstack_ephemeral_volumes|default(false)|bool %} + cinder_volume: + type: OS::Cinder::Volume + properties: + size: { get_param: volume_size } + availability_zone: { get_param: availability_zone } + + volume_attachment: + type: OS::Cinder::VolumeAttachment + properties: + volume_id: { get_resource: cinder_volume } + instance_uuid: { get_resource: server } + mountpoint: /dev/sdb +{% endif %} diff --git a/roles/openshift_openstack/templates/user_data.j2 b/roles/openshift_openstack/templates/user_data.j2 new file mode 100644 index 000000000..eb65f7cec --- /dev/null +++ b/roles/openshift_openstack/templates/user_data.j2 @@ -0,0 +1,13 @@ +#cloud-config +disable_root: true + +system_info: + default_user: + name: openshift + sudo: ["ALL=(ALL) NOPASSWD: ALL"] + +write_files: + - path: /etc/sudoers.d/00-openshift-no-requiretty + permissions: 440 + content: | + Defaults:openshift !requiretty diff --git a/roles/openshift_project_request_template/README.md b/roles/openshift_project_request_template/README.md new file mode 100644 index 000000000..81c3aca5c --- /dev/null +++ b/roles/openshift_project_request_template/README.md @@ -0,0 +1,33 @@ +OpenShift Project Request Template +================================== + +Configure template used when creating new projects. If enabled only the template is managed. It must still be enabled in the OpenShift master configuration. The base template is created using `oc adm create-bootstrap-project-template` and can be modified by setting `openshift_project_request_template_edits`. + + +Requirements +------------ + + +Role Variables +-------------- + +From this role: + +| Name | Default value | Description | +|----------------------------------------------|-----------------|------------------------------------------------| +| openshift_project_request_template_manage | false | Whether to manage the project request template | +| openshift_project_request_template_namespace | default | Namespace for template | +| openshift_project_request_template_name | project-request | Template name | +| openshift_project_request_template_edits | [] | Changes for template | + + +Dependencies +------------ + +* lib_utils + + +License +------- + +Apache License Version 2.0 diff --git a/roles/openshift_project_request_template/defaults/main.yml b/roles/openshift_project_request_template/defaults/main.yml new file mode 100644 index 000000000..2dab6f99e --- /dev/null +++ b/roles/openshift_project_request_template/defaults/main.yml @@ -0,0 +1,5 @@ +--- +openshift_project_request_template_manage: false +openshift_project_request_template_namespace: default +openshift_project_request_template_name: project-request +openshift_project_request_template_edits: [] diff --git a/roles/openshift_project_request_template/meta/main.yml b/roles/openshift_project_request_template/meta/main.yml new file mode 100644 index 000000000..3bc6dfb45 --- /dev/null +++ b/roles/openshift_project_request_template/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: Michael Hanselmann + description: Configure project request template + company: VSHN AG + license: Apache License, Version 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: lib_utils diff --git a/roles/openshift_project_request_template/tasks/main.yml b/roles/openshift_project_request_template/tasks/main.yml new file mode 100644 index 000000000..c31ee5795 --- /dev/null +++ b/roles/openshift_project_request_template/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Create temp file for template + command: mktemp /tmp/openshift-ansible-XXXXXX.yaml + register: mktemp + changed_when: False + +- name: Generate default project template + command: | + {{ openshift.common.client_binary | quote }} \ + --config {{ openshift.common.config_base | quote }}/master/admin.kubeconfig \ + --output yaml \ + adm create-bootstrap-project-template \ + --name {{ openshift_project_request_template_name | quote }} + register: default_project_template + +- name: Write default project template to file + copy: + mode=0600 + content="{{ default_project_template.stdout }}" + dest="{{ mktemp.stdout }}" + +- name: Apply template modifications + yedit: + state: present + src: "{{ mktemp.stdout }}" + edits: "{{ openshift_project_request_template_edits }}" + when: "openshift_project_request_template_edits | length > 0" + +- name: Create or update project request template + command: | + {{ openshift.common.client_binary }} \ + --config {{ openshift.common.config_base }}/master/admin.kubeconfig \ + --namespace {{ openshift_project_request_template_namespace | quote }} \ + apply --filename {{ mktemp.stdout }} + +- name: Delete temp file + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_prometheus/README.md b/roles/openshift_prometheus/README.md index c5a44bffb..92f74928c 100644 --- a/roles/openshift_prometheus/README.md +++ b/roles/openshift_prometheus/README.md @@ -17,16 +17,16 @@ For default values, see [`defaults/main.yaml`](defaults/main.yaml). - `openshift_prometheus_namespace`: project (i.e. namespace) where the components will be deployed. -- `openshift_prometheus_replicas`: The number of replicas for prometheus deployment. - - `openshift_prometheus_node_selector`: Selector for the nodes prometheus will be deployed on. -- `openshift_prometheus_image_<COMPONENT>`: specify image for the component +- `openshift_prometheus_<COMPONENT>_image_prefix`: specify image prefix for the component + +- `openshift_prometheus_<COMPONENT>_image_version`: specify image version for the component -## Storage related variables -Each prometheus component (prometheus, alertmanager, alert-buffer, oauth-proxy) can set pv claim by setting corresponding role variable: +## PVC related variables +Each prometheus component (prometheus, alertmanager, alertbuffer) can set pv claim by setting corresponding role variable: ``` -openshift_prometheus_<COMPONENT>_storage_type: <VALUE> +openshift_prometheus_<COMPONENT>_storage_type: <VALUE> (pvc, emptydir) openshift_prometheus_<COMPONENT>_pvc_(name|size|access_modes|pv_selector): <VALUE> ``` e.g @@ -37,6 +37,29 @@ openshift_prometheus_alertbuffer_pvc_size: 10G openshift_prometheus_pvc_access_modes: [ReadWriteOnce] ``` +## NFS PV Storage variables +Each prometheus component (prometheus, alertmanager, alertbuffer) can set nfs pv by setting corresponding variable: +``` +openshift_prometheus_<COMPONENT>_storage_kind=<VALUE> +openshift_prometheus_<COMPONENT>_storage_(access_modes|host|labels)=<VALUE> +openshift_prometheus_<COMPONENT>_storage_volume_(name|size)=<VALUE> +openshift_prometheus_<COMPONENT>_storage_nfs_(directory|options)=<VALUE> +``` +e.g +``` +openshift_prometheus_storage_kind=nfs +openshift_prometheus_storage_access_modes=['ReadWriteOnce'] +openshift_prometheus_storage_host=nfs.example.com #for external host +openshift_prometheus_storage_nfs_directory=/exports +openshift_prometheus_storage_alertmanager_nfs_options='*(rw,root_squash)' +openshift_prometheus_storage_volume_name=prometheus +openshift_prometheus_storage_alertbuffer_volume_size=10Gi +openshift_prometheus_storage_labels={'storage': 'prometheus'} +``` + +NOTE: Setting `openshift_prometheus_<COMPONENT>_storage_labels` overrides `openshift_prometheus_<COMPONENT>_pvc_pv_selector` + + ## Additional Alert Rules file variable An external file with alert rules can be added by setting path to additional rules variable: ``` diff --git a/roles/openshift_prometheus/defaults/main.yaml b/roles/openshift_prometheus/defaults/main.yaml index 5aa8aecec..4e2cea0b9 100644 --- a/roles/openshift_prometheus/defaults/main.yaml +++ b/roles/openshift_prometheus/defaults/main.yaml @@ -2,58 +2,34 @@ # defaults file for openshift_prometheus openshift_prometheus_state: present -openshift_prometheus_namespace: prometheus +openshift_prometheus_namespace: openshift-metrics -openshift_prometheus_replicas: 1 openshift_prometheus_node_selector: {"region":"infra"} -# images -openshift_prometheus_image_proxy: "openshift/oauth-proxy:v1.0.0" -openshift_prometheus_image_prometheus: "openshift/prometheus:v2.0.0-dev" -openshift_prometheus_image_alertmanager: "openshift/prometheus-alertmanager:dev" -openshift_prometheus_image_alertbuffer: "openshift/prometheus-alert-buffer:v0.0.1" - # additional prometheus rules file openshift_prometheus_additional_rules_file: null -# All the required exports -openshift_prometheus_pv_exports: - - prometheus - - prometheus-alertmanager - - prometheus-alertbuffer -# PV template files and their created object names -openshift_prometheus_pv_data: - - pv_name: prometheus - pv_template: prom-pv-server.yml - pv_label: Prometheus Server PV - - pv_name: prometheus-alertmanager - pv_template: prom-pv-alertmanager.yml - pv_label: Prometheus Alertmanager PV - - pv_name: prometheus-alertbuffer - pv_template: prom-pv-alertbuffer.yml - pv_label: Prometheus Alert Buffer PV - -# Hostname/IP of the NFS server. Currently defaults to first master -openshift_prometheus_nfs_server: "{{ groups.nfs.0 }}" - # storage -openshift_prometheus_storage_type: pvc +# One of ['emptydir', 'pvc'] +openshift_prometheus_storage_type: "emptydir" openshift_prometheus_pvc_name: prometheus -openshift_prometheus_pvc_size: 10G +openshift_prometheus_pvc_size: "{{ openshift_prometheus_storage_volume_size | default('10Gi') }}" openshift_prometheus_pvc_access_modes: [ReadWriteOnce] -openshift_prometheus_pvc_pv_selector: {} +openshift_prometheus_pvc_pv_selector: "{{ openshift_prometheus_storage_labels | default({}) }}" -openshift_prometheus_alertmanager_storage_type: pvc +# One of ['emptydir', 'pvc'] +openshift_prometheus_alertmanager_storage_type: "emptydir" openshift_prometheus_alertmanager_pvc_name: prometheus-alertmanager -openshift_prometheus_alertmanager_pvc_size: 10G +openshift_prometheus_alertmanager_pvc_size: "{{ openshift_prometheus_alertmanager_storage_volume_size | default('10Gi') }}" openshift_prometheus_alertmanager_pvc_access_modes: [ReadWriteOnce] -openshift_prometheus_alertmanager_pvc_pv_selector: {} +openshift_prometheus_alertmanager_pvc_pv_selector: "{{ openshift_prometheus_alertmanager_storage_labels | default({}) }}" -openshift_prometheus_alertbuffer_storage_type: pvc +# One of ['emptydir', 'pvc'] +openshift_prometheus_alertbuffer_storage_type: "emptydir" openshift_prometheus_alertbuffer_pvc_name: prometheus-alertbuffer -openshift_prometheus_alertbuffer_pvc_size: 10G +openshift_prometheus_alertbuffer_pvc_size: "{{ openshift_prometheus_alertbuffer_storage_volume_size | default('10Gi') }}" openshift_prometheus_alertbuffer_pvc_access_modes: [ReadWriteOnce] -openshift_prometheus_alertbuffer_pvc_pv_selector: {} +openshift_prometheus_alertbuffer_pvc_pv_selector: "{{ openshift_prometheus_alertbuffer_storage_labels | default({}) }}" # container resources openshift_prometheus_cpu_limit: null diff --git a/roles/openshift_prometheus/files/openshift_prometheus.exports b/roles/openshift_prometheus/files/openshift_prometheus.exports deleted file mode 100644 index 3ccedb1fd..000000000 --- a/roles/openshift_prometheus/files/openshift_prometheus.exports +++ /dev/null @@ -1,3 +0,0 @@ -/exports/prometheus *(rw,no_root_squash,no_wdelay) -/exports/prometheus-alertmanager *(rw,no_root_squash,no_wdelay) -/exports/prometheus-alertbuffer *(rw,no_root_squash,no_wdelay) diff --git a/roles/openshift_prometheus/tasks/create_pvs.yaml b/roles/openshift_prometheus/tasks/create_pvs.yaml deleted file mode 100644 index 4e79da05f..000000000 --- a/roles/openshift_prometheus/tasks/create_pvs.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Check for existance and then conditionally: -# - evaluate templates -# - PVs -# -# These tasks idempotently create required Prometheus PV objects. Do not -# call this file directly. This file is intended to be ran as an -# include that has a 'with_items' attached to it. Hence the use below -# of variables like "{{ item.pv_label }}" - -- name: "Check if the {{ item.pv_label }} template has been created already" - oc_obj: - namespace: "{{ openshift_prometheus_namespace }}" - state: list - kind: pv - name: "{{ item.pv_name }}" - register: prom_pv_check - -# Skip all of this if the PV already exists -- block: - - name: "Ensure the {{ item.pv_label }} template is evaluated" - template: - src: "{{ item.pv_template }}.j2" - dest: "{{ tempdir }}/templates/{{ item.pv_template }}" - - - name: "Ensure {{ item.pv_label }} is created" - oc_obj: - namespace: "{{ openshift_prometheus_namespace }}" - kind: pv - name: "{{ item.pv_name }}" - state: present - delete_after: True - files: - - "{{ tempdir }}/templates/{{ item.pv_template }}" - when: - - not prom_pv_check.results.results.0 diff --git a/roles/openshift_prometheus/tasks/install_prometheus.yaml b/roles/openshift_prometheus/tasks/install_prometheus.yaml index a9bce2fb1..21da4bc9d 100644 --- a/roles/openshift_prometheus/tasks/install_prometheus.yaml +++ b/roles/openshift_prometheus/tasks/install_prometheus.yaml @@ -54,15 +54,6 @@ resource_name: cluster-reader user: "system:serviceaccount:{{ openshift_prometheus_namespace }}:prometheus" - -###################################################################### -# NFS -# In the case that we are not running on a cloud provider, volumes must be statically provisioned - -- include: nfs.yaml - when: not (openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce')) - - # create prometheus and alerts services # TODO join into 1 task with loop - name: Create prometheus service @@ -137,6 +128,7 @@ access_modes: "{{ openshift_prometheus_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_pvc_size }}" selector: "{{ openshift_prometheus_pvc_pv_selector }}" + when: openshift_prometheus_storage_type == 'pvc' - name: create alertmanager pvc oc_pvc: @@ -145,6 +137,7 @@ access_modes: "{{ openshift_prometheus_alertmanager_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_alertmanager_pvc_size }}" selector: "{{ openshift_prometheus_alertmanager_pvc_pv_selector }}" + when: openshift_prometheus_alertmanager_storage_type == 'pvc' - name: create alertbuffer pvc oc_pvc: @@ -153,25 +146,7 @@ access_modes: "{{ openshift_prometheus_alertbuffer_pvc_access_modes }}" volume_capacity: "{{ openshift_prometheus_alertbuffer_pvc_size }}" selector: "{{ openshift_prometheus_alertbuffer_pvc_pv_selector }}" - -# create prometheus deployment -- name: Set prometheus deployment template - template: - src: prometheus_deployment.j2 - dest: "{{ tempdir }}/templates/prometheus.yaml" - vars: - namespace: "{{ openshift_prometheus_namespace }}" - prom_replicas: "{{ openshift_prometheus_replicas }}" - -- name: Set prometheus deployment - oc_obj: - state: "{{ state }}" - name: "prometheus" - namespace: "{{ openshift_prometheus_namespace }}" - kind: deployment - files: - - "{{ tempdir }}/templates/prometheus.yaml" - delete_after: true + when: openshift_prometheus_alertbuffer_storage_type == 'pvc' # prometheus configmap # Copy the additional rules file if it is defined @@ -242,3 +217,22 @@ namespace: "{{ openshift_prometheus_namespace }}" from_file: alertmanager.yml: "{{ tempdir }}/alertmanager.yml" + +# create prometheus stateful set +- name: Set prometheus template + template: + src: prometheus.j2 + dest: "{{ tempdir }}/templates/prometheus.yaml" + vars: + namespace: "{{ openshift_prometheus_namespace }}" +# prom_replicas: "{{ openshift_prometheus_replicas }}" + +- name: Set prometheus stateful set + oc_obj: + state: "{{ state }}" + name: "prometheus" + namespace: "{{ openshift_prometheus_namespace }}" + kind: statefulset + files: + - "{{ tempdir }}/templates/prometheus.yaml" + delete_after: true diff --git a/roles/openshift_prometheus/tasks/main.yaml b/roles/openshift_prometheus/tasks/main.yaml index 523a64334..5cc9a67eb 100644 --- a/roles/openshift_prometheus/tasks/main.yaml +++ b/roles/openshift_prometheus/tasks/main.yaml @@ -1,4 +1,9 @@ --- +- name: Set default image variables based on deployment_type + include_vars: "{{ item }}" + with_first_found: + - "{{ openshift_deployment_type }}.yml" + - "default_images.yml" - name: Create temp directory for doing work in on target command: mktemp -td openshift-prometheus-ansible-XXXXXX diff --git a/roles/openshift_prometheus/tasks/nfs.yaml b/roles/openshift_prometheus/tasks/nfs.yaml deleted file mode 100644 index 0b45f2cee..000000000 --- a/roles/openshift_prometheus/tasks/nfs.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Tasks to statically provision NFS volumes -# Include if not using dynamic volume provisioning -- name: Ensure the /exports/ directory exists - file: - path: /exports/ - state: directory - mode: 0755 - owner: root - group: root - -- name: Ensure the prom-pv0X export directories exist - file: - path: "/exports/{{ item }}" - state: directory - mode: 0777 - owner: nfsnobody - group: nfsnobody - with_items: "{{ openshift_prometheus_pv_exports }}" - -- name: Ensure the NFS exports for Prometheus PVs exist - copy: - src: openshift_prometheus.exports - dest: /etc/exports.d/openshift_prometheus.exports - register: nfs_exports_updated - -- name: Ensure the NFS export table is refreshed if exports were added - command: exportfs -ar - when: - - nfs_exports_updated.changed - - -###################################################################### -# Create the required Prometheus PVs. Check out these online docs if you -# need a refresher on includes looping with items: -# * http://docs.ansible.com/ansible/playbooks_loops.html#loops-and-includes-in-2-0 -# * http://stackoverflow.com/a/35128533 -# -# TODO: Handle the case where a PV template is updated in -# openshift-ansible and the change needs to be landed on the managed -# cluster. - -- include: create_pvs.yaml - with_items: "{{ openshift_prometheus_pv_data }}" diff --git a/roles/openshift_prometheus/templates/prom-pv-alertbuffer.yml.j2 b/roles/openshift_prometheus/templates/prom-pv-alertbuffer.yml.j2 deleted file mode 100644 index 55a5e19c3..000000000 --- a/roles/openshift_prometheus/templates/prom-pv-alertbuffer.yml.j2 +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: prometheus-alertbuffer - labels: - storage: prometheus-alertbuffer -spec: - capacity: - storage: 15Gi - accessModes: - - ReadWriteOnce - nfs: - path: /exports/prometheus-alertbuffer - server: {{ openshift_prometheus_nfs_server }} - persistentVolumeReclaimPolicy: Retain diff --git a/roles/openshift_prometheus/templates/prom-pv-alertmanager.yml.j2 b/roles/openshift_prometheus/templates/prom-pv-alertmanager.yml.j2 deleted file mode 100644 index 4ee518735..000000000 --- a/roles/openshift_prometheus/templates/prom-pv-alertmanager.yml.j2 +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: prometheus-alertmanager - labels: - storage: prometheus-alertmanager -spec: - capacity: - storage: 15Gi - accessModes: - - ReadWriteOnce - nfs: - path: /exports/prometheus-alertmanager - server: {{ openshift_prometheus_nfs_server }} - persistentVolumeReclaimPolicy: Retain diff --git a/roles/openshift_prometheus/templates/prom-pv-server.yml.j2 b/roles/openshift_prometheus/templates/prom-pv-server.yml.j2 deleted file mode 100644 index 933bf0f60..000000000 --- a/roles/openshift_prometheus/templates/prom-pv-server.yml.j2 +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: prometheus - labels: - storage: prometheus -spec: - capacity: - storage: 15Gi - accessModes: - - ReadWriteOnce - nfs: - path: /exports/prometheus - server: {{ openshift_prometheus_nfs_server }} - persistentVolumeReclaimPolicy: Retain diff --git a/roles/openshift_prometheus/templates/prometheus_deployment.j2 b/roles/openshift_prometheus/templates/prometheus.j2 index 98c117f19..456db3a57 100644 --- a/roles/openshift_prometheus/templates/prometheus_deployment.j2 +++ b/roles/openshift_prometheus/templates/prometheus.j2 @@ -1,12 +1,14 @@ -apiVersion: extensions/v1beta1 -kind: Deployment +apiVersion: apps/v1beta1 +kind: StatefulSet metadata: name: prometheus namespace: {{ namespace }} labels: app: prometheus spec: - replicas: {{ prom_replicas|default(1) }} + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel selector: provider: openshift matchLabels: @@ -21,28 +23,28 @@ spec: {% if openshift_prometheus_node_selector is iterable and openshift_prometheus_node_selector | length > 0 %} nodeSelector: {% for key, value in openshift_prometheus_node_selector.iteritems() %} - {{key}}: "{{value}}" + {{ key }}: "{{ value }}" {% endfor %} {% endif %} containers: # Deploy Prometheus behind an oauth proxy - name: prom-proxy - image: "{{ openshift_prometheus_image_proxy }}" + image: "{{ l_openshift_prometheus_proxy_image_prefix }}oauth-proxy:{{ l_openshift_prometheus_proxy_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_requests }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_requests }}" {% endif %} limits: -{% if openshift_prometheus_memory_requests_limit_proxy is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" +{% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} + memory: "{{ openshift_prometheus_oauth_proxy_memory_limit }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_limit }}" {% endif %} ports: - containerPort: 8443 @@ -60,6 +62,8 @@ spec: - -tls-key=/etc/tls/private/tls.key - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - -skip-auth-regex=^/metrics volumeMounts: - mountPath: /etc/tls/private @@ -72,24 +76,25 @@ spec: - name: prometheus args: - --storage.tsdb.retention=6h + - --storage.tsdb.min-block-duration=2m - --config.file=/etc/prometheus/prometheus.yml - --web.listen-address=localhost:9090 - image: "{{ openshift_prometheus_image_prometheus }}" + image: "{{ l_openshift_prometheus_image_prefix }}prometheus:{{ l_openshift_prometheus_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_memory_requests is defined and openshift_prometheus_memory_requests is not none %} - memory: "{{openshift_prometheus_memory_requests}}" + memory: "{{ openshift_prometheus_memory_requests }}" {% endif %} {% if openshift_prometheus_cpu_requests is defined and openshift_prometheus_cpu_requests is not none %} - cpu: "{{openshift_prometheus_cpu_requests}}" + cpu: "{{ openshift_prometheus_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_memory_limit is defined and openshift_prometheus_memory_limit is not none %} memory: "{{ openshift_prometheus_memory_limit }}" {% endif %} {% if openshift_prometheus_cpu_limit is defined and openshift_prometheus_cpu_limit is not none %} - cpu: "{{openshift_prometheus_cpu_limit}}" + cpu: "{{ openshift_prometheus_cpu_limit }}" {% endif %} volumeMounts: @@ -100,22 +105,22 @@ spec: # Deploy alertmanager behind prometheus-alert-buffer behind an oauth proxy - name: alerts-proxy - image: "{{ openshift_prometheus_image_proxy }}" + image: "{{ l_openshift_prometheus_proxy_image_prefix }}oauth-proxy:{{ l_openshift_prometheus_proxy_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_oauth_proxy_memory_requests is defined and openshift_prometheus_oauth_proxy_memory_requests is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_requests}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_requests }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_requests is defined and openshift_prometheus_oauth_proxy_cpu_requests is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_requests}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_oauth_proxy_memory_limit is defined and openshift_prometheus_oauth_proxy_memory_limit is not none %} - memory: "{{openshift_prometheus_oauth_proxy_memory_limit}}" + memory: "{{ openshift_prometheus_oauth_proxy_memory_limit }}" {% endif %} {% if openshift_prometheus_oauth_proxy_cpu_limit is defined and openshift_prometheus_oauth_proxy_cpu_limit is not none %} - cpu: "{{openshift_prometheus_oauth_proxy_cpu_limit}}" + cpu: "{{ openshift_prometheus_oauth_proxy_cpu_limit }}" {% endif %} ports: - containerPort: 9443 @@ -133,6 +138,8 @@ spec: - -tls-key=/etc/tls/private/tls.key - -client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token - -cookie-secret-file=/etc/proxy/secrets/session_secret + - -openshift-ca=/etc/pki/tls/cert.pem + - -openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt volumeMounts: - mountPath: /etc/tls/private name: alerts-tls @@ -142,22 +149,22 @@ spec: - name: alert-buffer args: - --storage-path=/alert-buffer/messages.db - image: "{{ openshift_prometheus_image_alertbuffer }}" + image: "{{ l_openshift_prometheus_alertbuffer_image_prefix }}prometheus-alert-buffer:{{ l_openshift_prometheus_alertbuffer_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_alertbuffer_memory_requests is defined and openshift_prometheus_alertbuffer_memory_requests is not none %} - memory: "{{openshift_prometheus_alertbuffer_memory_requests}}" + memory: "{{ openshift_prometheus_alertbuffer_memory_requests }}" {% endif %} {% if openshift_prometheus_alertbuffer_cpu_requests is defined and openshift_prometheus_alertbuffer_cpu_requests is not none %} - cpu: "{{openshift_prometheus_alertbuffer_cpu_requests}}" + cpu: "{{ openshift_prometheus_alertbuffer_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_alertbuffer_memory_limit is defined and openshift_prometheus_alertbuffer_memory_limit is not none %} - memory: "{{openshift_prometheus_alertbuffer_memory_limit}}" + memory: "{{ openshift_prometheus_alertbuffer_memory_limit }}" {% endif %} {% if openshift_prometheus_alertbuffer_cpu_limit is defined and openshift_prometheus_alertbuffer_cpu_limit is not none %} - cpu: "{{openshift_prometheus_alertbuffer_cpu_limit}}" + cpu: "{{ openshift_prometheus_alertbuffer_cpu_limit }}" {% endif %} volumeMounts: - mountPath: /alert-buffer @@ -169,22 +176,22 @@ spec: - name: alertmanager args: - -config.file=/etc/alertmanager/alertmanager.yml - image: "{{ openshift_prometheus_image_alertmanager }}" + image: "{{ l_openshift_prometheus_alertmanager_image_prefix }}prometheus-alertmanager:{{ l_openshift_prometheus_alertmanager_image_version }}" imagePullPolicy: IfNotPresent resources: requests: {% if openshift_prometheus_alertmanager_memory_requests is defined and openshift_prometheus_alertmanager_memory_requests is not none %} - memory: "{{openshift_prometheus_alertmanager_memory_requests}}" + memory: "{{ openshift_prometheus_alertmanager_memory_requests }}" {% endif %} {% if openshift_prometheus_alertmanager_cpu_requests is defined and openshift_prometheus_alertmanager_cpu_requests is not none %} - cpu: "{{openshift_prometheus_alertmanager_cpu_requests}}" + cpu: "{{ openshift_prometheus_alertmanager_cpu_requests }}" {% endif %} limits: {% if openshift_prometheus_alertmanager_memory_limit is defined and openshift_prometheus_alertmanager_memory_limit is not none %} - memory: "{{openshift_prometheus_alertmanager_memory_limit}}" + memory: "{{ openshift_prometheus_alertmanager_memory_limit }}" {% endif %} {% if openshift_prometheus_alertmanager_cpu_limit is defined and openshift_prometheus_alertmanager_cpu_limit is not none %} - cpu: "{{openshift_prometheus_alertmanager_cpu_limit}}" + cpu: "{{ openshift_prometheus_alertmanager_cpu_limit }}" {% endif %} ports: - containerPort: 9093 diff --git a/roles/openshift_prometheus/vars/default_images.yml b/roles/openshift_prometheus/vars/default_images.yml new file mode 100644 index 000000000..ad52a3125 --- /dev/null +++ b/roles/openshift_prometheus/vars/default_images.yml @@ -0,0 +1,12 @@ +--- +# image prefix defaults +l_openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default('openshift/') }}" +l_openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}" + +# image version defaults +l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v2.0.0-dev.3') }}" +l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v1.0.0') }}" +l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v0.9.1') }}" +l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v0.0.2') }}" diff --git a/roles/openshift_prometheus/vars/openshift-enterprise.yml b/roles/openshift_prometheus/vars/openshift-enterprise.yml new file mode 100644 index 000000000..9bb4c99bb --- /dev/null +++ b/roles/openshift_prometheus/vars/openshift-enterprise.yml @@ -0,0 +1,12 @@ +--- +# image prefix defaults +l_openshift_prometheus_image_prefix: "{{ openshift_prometheus_image_prefix | default('registry.access.redhat.com/openshift3/') }}" +l_openshift_prometheus_proxy_image_prefix: "{{ openshift_prometheus_proxy_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertmanager_image_prefix: "{{ openshift_prometheus_altermanager_image_prefix | default(l_openshift_prometheus_image_prefix) }}" +l_openshift_prometheus_alertbuffer_image_prefix: "{{ openshift_prometheus_alertbuffer_image_prefix | default(l_openshift_prometheus_image_prefix) }}" + +# image version defaults +l_openshift_prometheus_image_version: "{{ openshift_prometheus_image_version | default('v3.7') }}" +l_openshift_prometheus_proxy_image_version: "{{ openshift_prometheus_proxy_image_version | default('v3.7') }}" +l_openshift_prometheus_alertmanager_image_version: "{{ openshift_prometheus_alertmanager_image_version | default('v3.7') }}" +l_openshift_prometheus_alertbuffer_image_version: "{{ openshift_prometheus_alertbuffer_image_version | default('v3.7') }}" diff --git a/roles/openshift_provisioners/tasks/generate_clusterrolebindings.yaml b/roles/openshift_provisioners/tasks/generate_clusterrolebindings.yaml index ac21a5e37..1e6aafd00 100644 --- a/roles/openshift_provisioners/tasks/generate_clusterrolebindings.yaml +++ b/roles/openshift_provisioners/tasks/generate_clusterrolebindings.yaml @@ -1,6 +1,8 @@ --- - name: Generate ClusterRoleBindings - template: src=clusterrolebinding.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-clusterrolebinding.yaml + template: + src: clusterrolebinding.j2 + dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-clusterrolebinding.yaml" vars: acct_name: provisioners-{{item}} obj_name: run-provisioners-{{item}} diff --git a/roles/openshift_provisioners/tasks/generate_secrets.yaml b/roles/openshift_provisioners/tasks/generate_secrets.yaml index e6cbb1bbf..fe5ff9f18 100644 --- a/roles/openshift_provisioners/tasks/generate_secrets.yaml +++ b/roles/openshift_provisioners/tasks/generate_secrets.yaml @@ -1,6 +1,8 @@ --- - name: Generate secret for efs - template: src=secret.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-secret.yaml + template: + src: secret.j2 + dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-secret.yaml" vars: name: efs obj_name: "provisioners-efs" diff --git a/roles/openshift_provisioners/tasks/generate_serviceaccounts.yaml b/roles/openshift_provisioners/tasks/generate_serviceaccounts.yaml index 4fe0583ee..000f19994 100644 --- a/roles/openshift_provisioners/tasks/generate_serviceaccounts.yaml +++ b/roles/openshift_provisioners/tasks/generate_serviceaccounts.yaml @@ -1,6 +1,8 @@ --- - name: Generating serviceaccounts - template: src=serviceaccount.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-sa.yaml + template: + src: serviceaccount.j2 + dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-sa.yaml" vars: obj_name: provisioners-{{item}} labels: diff --git a/roles/openshift_provisioners/tasks/install_efs.yaml b/roles/openshift_provisioners/tasks/install_efs.yaml index 4a6e00513..6e8792446 100644 --- a/roles/openshift_provisioners/tasks/install_efs.yaml +++ b/roles/openshift_provisioners/tasks/install_efs.yaml @@ -9,7 +9,9 @@ changed_when: no - name: Generate efs PersistentVolumeClaim - template: src=pvc.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-pvc.yaml + template: + src: pvc.j2 + dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-pvc.yaml" vars: obj_name: "provisioners-efs" size: "1Mi" @@ -21,7 +23,9 @@ changed_when: no - name: Generate efs PersistentVolume - template: src=pv.j2 dest={{mktemp.stdout}}/templates/{{obj_name}}-pv.yaml + template: + src: pv.j2 + dest: "{{ mktemp.stdout }}/templates/{{ obj_name }}-pv.yaml" vars: obj_name: "provisioners-efs" size: "1Mi" diff --git a/roles/openshift_provisioners/tasks/install_support.yaml b/roles/openshift_provisioners/tasks/install_support.yaml index ba472f1c9..d6db81ab9 100644 --- a/roles/openshift_provisioners/tasks/install_support.yaml +++ b/roles/openshift_provisioners/tasks/install_support.yaml @@ -1,16 +1,9 @@ --- -- name: Check for provisioners project already exists - command: > - {{ openshift.common.client_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig get project {{openshift_provisioners_project}} --no-headers - register: provisioners_project_result - ignore_errors: yes - when: not ansible_check_mode - changed_when: no - -- name: Create provisioners project - command: > - {{ openshift.common.admin_binary }} --config={{ mktemp.stdout }}/admin.kubeconfig new-project {{openshift_provisioners_project}} - when: not ansible_check_mode and "not found" in provisioners_project_result.stderr +- name: Set provisioners project + oc_project: + state: present + kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + name: "{{ openshift_provisioners_project }}" - name: Create temp directory for all our templates file: path={{mktemp.stdout}}/templates state=directory mode=0755 diff --git a/roles/openshift_provisioners/templates/pv.j2 b/roles/openshift_provisioners/templates/pv.j2 index f4128f9f0..f81b1617a 100644 --- a/roles/openshift_provisioners/templates/pv.j2 +++ b/roles/openshift_provisioners/templates/pv.j2 @@ -30,3 +30,4 @@ spec: name: {{claim_name}} namespace: {{openshift_provisioners_project}} {% endif %} + storageClassName: "" diff --git a/roles/openshift_provisioners/templates/pvc.j2 b/roles/openshift_provisioners/templates/pvc.j2 index 83d503056..0dd8772eb 100644 --- a/roles/openshift_provisioners/templates/pvc.j2 +++ b/roles/openshift_provisioners/templates/pvc.j2 @@ -23,4 +23,5 @@ spec: resources: requests: storage: {{size}} + storageClassName: "" diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index d41245093..95ba9fe4c 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -10,6 +10,11 @@ - name: Ensure libselinux-python is installed package: name=libselinux-python state=present + - name: Remove openshift_additional.repo file + file: + dest: /etc/yum.repos.d/openshift_additional.repo + state: absent + - name: Create any additional repos that are defined yum_repository: description: "{{ item.description | default(item.name | default(item.id)) }}" diff --git a/roles/openshift_sanitize_inventory/filter_plugins/openshift_logging.py b/roles/openshift_sanitize_inventory/filter_plugins/openshift_logging.py deleted file mode 100644 index d42c9bdb9..000000000 --- a/roles/openshift_sanitize_inventory/filter_plugins/openshift_logging.py +++ /dev/null @@ -1,25 +0,0 @@ -''' - Openshift Logging class that provides useful filters used in Logging. - - This should be removed after map_from_pairs is no longer used in __deprecations_logging.yml -''' - - -def map_from_pairs(source, delim="="): - ''' Returns a dict given the source and delim delimited ''' - if source == '': - return dict() - - return dict(item.split(delim) for item in source.split(",")) - - -# pylint: disable=too-few-public-methods -class FilterModule(object): - ''' OpenShift Logging Filters ''' - - # pylint: disable=no-self-use, too-few-public-methods - def filters(self): - ''' Returns the names of the filters provided by this class ''' - return { - 'map_from_pairs': map_from_pairs - } diff --git a/roles/openshift_sanitize_inventory/filter_plugins/openshift_sanitize_inventory.py b/roles/openshift_sanitize_inventory/filter_plugins/openshift_sanitize_inventory.py new file mode 100644 index 000000000..72c47b8ee --- /dev/null +++ b/roles/openshift_sanitize_inventory/filter_plugins/openshift_sanitize_inventory.py @@ -0,0 +1,44 @@ +''' + Openshift Sanitize inventory class that provides useful filters used in Logging. +''' + + +import re + + +# This should be removed after map_from_pairs is no longer used in __deprecations_logging.yml +def map_from_pairs(source, delim="="): + ''' Returns a dict given the source and delim delimited ''' + if source == '': + return dict() + + return dict(item.split(delim) for item in source.split(",")) + + +def vars_with_pattern(source, pattern=""): + ''' Returns a list of variables whose name matches the given pattern ''' + if source == '': + return list() + + var_list = list() + + var_pattern = re.compile(pattern) + + for item in source: + if var_pattern.match(item): + var_list.append(item) + + return var_list + + +# pylint: disable=too-few-public-methods +class FilterModule(object): + ''' OpenShift Logging Filters ''' + + # pylint: disable=no-self-use, too-few-public-methods + def filters(self): + ''' Returns the names of the filters provided by this class ''' + return { + 'map_from_pairs': map_from_pairs, + 'vars_with_pattern': vars_with_pattern + } diff --git a/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml b/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml index e534e0cca..7c1573096 100644 --- a/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml +++ b/roles/openshift_sanitize_inventory/tasks/__deprecations_logging.yml @@ -21,16 +21,22 @@ openshift_logging_image_pull_secret: openshift_hosted_logging_image_pull_secret openshift_logging_kibana_hostname: openshift_hosted_logging_hostname openshift_logging_kibana_ops_hostname: openshift_hosted_logging_ops_hostname + openshift_logging_kibana_nodeselector: openshift_hosted_logging_kibana_nodeselector + openshift_logging_kibana_ops_nodeselector: openshift_hosted_logging_kibana_ops_nodeselector openshift_logging_fluentd_journal_source: openshift_hosted_logging_journal_source openshift_logging_fluentd_journal_read_from_head: openshift_hosted_logging_journal_read_from_head + openshift_logging_fluentd_nodeselector: openshift_hosted_logging_fluentd_nodeselector_label openshift_logging_es_memory_limit: openshift_hosted_logging_elasticsearch_instance_ram openshift_logging_es_nodeselector: openshift_hosted_logging_elasticsearch_nodeselector + openshift_logging_es_ops_nodeselector: openshift_hosted_logging_elasticsearch_ops_nodeselector openshift_logging_es_ops_memory_limit: openshift_hosted_logging_elasticsearch_ops_instance_ram openshift_logging_storage_access_modes: openshift_hosted_logging_storage_access_modes openshift_logging_master_public_url: openshift_hosted_logging_master_public_url openshift_logging_image_prefix: openshift_hosted_logging_deployer_prefix openshift_logging_image_version: openshift_hosted_logging_deployer_version openshift_logging_install_logging: openshift_hosted_logging_deploy + openshift_logging_curator_nodeselector: openshift_hosted_logging_curator_nodeselector + openshift_logging_curator_ops_nodeselector: openshift_hosted_logging_curator_ops_nodeselector - set_fact: @@ -40,9 +46,3 @@ openshift_logging_elasticsearch_ops_pvc_dynamic: "{{ 'true' if openshift_loggingops_storage_kind | default(none) == 'dynamic' else '' }}" openshift_logging_elasticsearch_ops_pvc_size: "{{ openshift_loggingops_storage_volume_size | default('10Gi') if openshift_loggingops_storage_kind | default(none) in ['dynamic','nfs'] else '' }}" openshift_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es-ops' if openshift_loggingops_storage_kind | default(none) == 'dynamic' else '' }}" - openshift_logging_curator_nodeselector: "{{ openshift_hosted_logging_curator_nodeselector | default('') | map_from_pairs }}" - openshift_logging_curator_ops_nodeselector: "{{ openshift_hosted_logging_curator_ops_nodeselector | default('') | map_from_pairs }}" - openshift_logging_kibana_nodeselector: "{{ openshift_hosted_logging_kibana_nodeselector | default('') | map_from_pairs }}" - openshift_logging_kibana_ops_nodeselector: "{{ openshift_hosted_logging_kibana_ops_nodeselector | default('') | map_from_pairs }}" - openshift_logging_fluentd_nodeselector: "{{ openshift_hosted_logging_fluentd_nodeselector_label | default('logging-infra-fluentd=true') | map_from_pairs }}" - openshift_logging_es_ops_nodeselector: "{{ openshift_hosted_logging_elasticsearch_ops_nodeselector | default('') | map_from_pairs }}" diff --git a/roles/openshift_sanitize_inventory/tasks/main.yml b/roles/openshift_sanitize_inventory/tasks/main.yml index e327ee9f5..70b236033 100644 --- a/roles/openshift_sanitize_inventory/tasks/main.yml +++ b/roles/openshift_sanitize_inventory/tasks/main.yml @@ -23,6 +23,8 @@ # TODO: once this is well-documented, add deprecation notice if using old name. deployment_type: "{{ openshift_deployment_type | default(deployment_type) | default | string }}" openshift_deployment_type: "{{ openshift_deployment_type | default(deployment_type) | default | string }}" + deployment_subtype: "{{ openshift_deployment_subtype | default(deployment_subtype) | default('basic') | string }}" + openshift_deployment_subtype: "{{ openshift_deployment_subtype | default(deployment_subtype) | default('basic') | string }}" - name: Abort when deployment type is invalid # this variable is required; complain early and clearly if it is invalid. @@ -45,7 +47,7 @@ - name: Abort when openshift_release is invalid when: - openshift_release is defined - - not openshift_release | match('\d+(\.\d+){1,3}$') + - not openshift_release | match('^\d+(\.\d+){1,3}$') fail: msg: |- openshift_release is "{{ openshift_release }}" which is not a valid version string. @@ -54,3 +56,34 @@ - include: unsupported.yml when: - not openshift_enable_unsupported_configurations | default(false) | bool + +- name: Ensure clusterid is set along with the cloudprovider + fail: + msg: > + Ensure that the openshift_clusterid is set and that all infrastructure has the required tags. + + For dynamic provisioning when using multiple clusters in different zones, tag each node with Key=kubernetes.io/cluster/xxxx,Value=clusterid where xxxx and clusterid are unique per cluster. In versions prior to 3.6, this was Key=KubernetesCluster,Value=clusterid. + + https://github.com/openshift/openshift-docs/blob/master/install_config/persistent_storage/dynamically_provisioning_pvs.adoc#available-dynamically-provisioned-plug-ins + when: + - openshift_clusterid is not defined + - openshift_cloudprovider_kind is defined + - openshift_cloudprovider_kind == 'aws' + +- name: Ensure ansible_service_broker_remove and ansible_service_broker_install are mutually exclusive + fail: + msg: > + Ensure ansible_service_broker_remove and ansible_service_broker_install are mutually exclusive, + do not set both to true. ansible_service_broker_install defaults to true. + when: + - ansible_service_broker_remove | default(false) | bool + - ansible_service_broker_install | default(true) | bool + +- name: Ensure template_service_broker_remove and template_service_broker_install are mutually exclusive + fail: + msg: > + Ensure that template_service_broker_remove and template_service_broker_install are mutually exclusive, + do not set both to true. template_service_broker_remove defaults to true. + when: + - template_service_broker_remove | default(false) | bool + - template_service_broker_install | default(true) | bool diff --git a/roles/openshift_sanitize_inventory/tasks/unsupported.yml b/roles/openshift_sanitize_inventory/tasks/unsupported.yml index 24e44ea85..b70ab90a1 100644 --- a/roles/openshift_sanitize_inventory/tasks/unsupported.yml +++ b/roles/openshift_sanitize_inventory/tasks/unsupported.yml @@ -10,3 +10,33 @@ Starting in 3.6 openshift_use_dnsmasq must be true or critical features will not function. This also means that NetworkManager must be installed enabled and responsible for management of the primary interface. + +- name: Ensure that openshift_node_dnsmasq_install_network_manager_hook is true + when: + - not openshift_node_dnsmasq_install_network_manager_hook | default(true) | bool + fail: + msg: |- + The NetworkManager hook is considered a critical part of the DNS + infrastructure. + +- set_fact: + __using_dynamic: True + when: + - hostvars[inventory_hostname][item] in ['dynamic'] + with_items: + - "{{ hostvars[inventory_hostname] | vars_with_pattern(pattern='openshift_.*_storage_kind') }}" + +- name: Ensure that dynamic provisioning is set if using dynamic storage + when: + - dynamic_volumes_check | default(true) | bool + - not openshift_master_dynamic_provisioning_enabled | default(false) | bool + - not openshift_cloudprovider_kind is defined + - __using_dynamic is defined and __using_dynamic | bool + fail: + msg: |- + Using a storage kind of 'dynamic' without enabling dynamic provisioning nor + setting a cloud provider will cause generated PVCs to not be able to bind as + intended. Either update to not use a dynamic storage or set + openshift_master_dynamic_provisioning_enabled to True and set an + openshift_cloudprovider_kind. You can disable this check with + 'dynamic_volumes_check=False'. diff --git a/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml b/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml index 71e21a269..a0b41a4eb 100644 --- a/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml +++ b/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml @@ -1,25 +1,26 @@ apiVersion: v1 kind: Template metadata: - name: service-catalog + name: service-catalog-role-bindings objects: -- kind: ClusterRole - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRole metadata: name: servicecatalog-serviceclass-viewer rules: - apiGroups: - servicecatalog.k8s.io resources: - - serviceclasses + - clusterserviceclasses + - clusterserviceplans verbs: - list - watch - get -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: servicecatalog-serviceclass-viewer-binding roleRef: @@ -37,8 +38,8 @@ objects: metadata: name: service-catalog-apiserver -- kind: ClusterRole - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRole metadata: name: sar-creator rules: @@ -49,17 +50,19 @@ objects: verbs: - create -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: service-catalog-sar-creator-binding roleRef: name: sar-creator - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-apiserver + subjects: + - kind: ServiceAccount + name: service-catalog-apiserver + namespace: kube-service-catalog -- kind: ClusterRole - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRole metadata: name: namespace-viewer rules: @@ -72,26 +75,30 @@ objects: - watch - get -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: service-catalog-namespace-viewer-binding roleRef: name: namespace-viewer - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-apiserver + subjects: + - kind: ServiceAccount + name: service-catalog-apiserver + namespace: kube-service-catalog -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: service-catalog-controller-namespace-viewer-binding roleRef: name: namespace-viewer - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-controller + subjects: + - kind: ServiceAccount + name: service-catalog-controller + namespace: kube-service-catalog -- kind: ClusterRole - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRole metadata: name: service-catalog-controller rules: @@ -102,6 +109,7 @@ objects: verbs: - create - update + - patch - delete - get - list @@ -109,19 +117,24 @@ objects: - apiGroups: - servicecatalog.k8s.io resources: - - brokers/status - - instances/status - - bindings/status + - clusterservicebrokers/status + - clusterserviceclasses/status + - clusterserviceplans/status + - serviceinstances/status + - servicebindings/status + - servicebindings/finalizers + - serviceinstances/reference verbs: - update - apiGroups: - servicecatalog.k8s.io resources: - - brokers - - instances - - bindings + - clusterservicebrokers + - serviceinstances + - servicebindings verbs: - list + - get - watch - apiGroups: - "" @@ -133,7 +146,8 @@ objects: - apiGroups: - servicecatalog.k8s.io resources: - - serviceclasses + - clusterserviceclasses + - clusterserviceplans verbs: - create - delete @@ -154,17 +168,19 @@ objects: - list - watch -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: service-catalog-controller-binding roleRef: name: service-catalog-controller - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-controller - -- kind: Role - apiVersion: v1 + subjects: + - kind: ServiceAccount + name: service-catalog-controller + namespace: kube-service-catalog + +- apiVersion: authorization.openshift.io/v1 + kind: Role metadata: name: endpoint-accessor rules: @@ -179,21 +195,25 @@ objects: - create - update -- kind: RoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: RoleBinding metadata: - name: endpoint-accessor-binding + name: endpointer-accessor-binding roleRef: name: endpoint-accessor namespace: kube-service-catalog - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-controller + subjects: + - kind: ServiceAccount + namespace: kube-service-catalog + name: service-catalog-controller -- kind: ClusterRoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: ClusterRoleBinding metadata: name: system:auth-delegator-binding roleRef: name: system:auth-delegator - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-apiserver + subjects: + - kind: ServiceAccount + name: service-catalog-apiserver + namespace: kube-service-catalog diff --git a/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml b/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml index f6ee0955d..f563ae42e 100644 --- a/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml +++ b/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Template metadata: - name: kube-system-service-catalog + name: kube-system-service-catalog-role-bindings objects: -- kind: Role - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: Role metadata: name: extension-apiserver-authentication-reader namespace: ${KUBE_SYSTEM_NAMESPACE} @@ -19,16 +19,18 @@ objects: verbs: - get -- kind: RoleBinding - apiVersion: v1 +- apiVersion: authorization.openshift.io/v1 + kind: RoleBinding metadata: name: extension-apiserver-authentication-reader-binding namespace: ${KUBE_SYSTEM_NAMESPACE} roleRef: name: extension-apiserver-authentication-reader - namespace: kube-system - userNames: - - system:serviceaccount:kube-service-catalog:service-catalog-apiserver + namespace: ${KUBE_SYSTEM_NAMESPACE} + subjects: + - kind: ServiceAccount + name: service-catalog-apiserver + namespace: kube-service-catalog parameters: - description: Do not change this value. diff --git a/roles/openshift_service_catalog/tasks/generate_certs.yml b/roles/openshift_service_catalog/tasks/generate_certs.yml index cc897b032..cd7bda2c6 100644 --- a/roles/openshift_service_catalog/tasks/generate_certs.yml +++ b/roles/openshift_service_catalog/tasks/generate_certs.yml @@ -16,6 +16,16 @@ --key={{ generated_certs_dir }}/ca.key --cert={{ generated_certs_dir }}/ca.crt --serial={{ generated_certs_dir }}/apiserver.serial.txt --name=service-catalog-signer +- name: Delete old apiserver.crt + file: + path: "{{ generated_certs_dir }}/apiserver.crt" + state: absent + +- name: Delete old apiserver.key + file: + path: "{{ generated_certs_dir }}/apiserver.key" + state: absent + - name: Generating server keys oc_adm_ca_server_cert: cert: "{{ generated_certs_dir }}/apiserver.crt" @@ -36,19 +46,28 @@ - name: tls.key path: "{{ generated_certs_dir }}/apiserver.key" +- name: Create service-catalog-ssl secret + oc_secret: + state: present + name: service-catalog-ssl + namespace: kube-service-catalog + files: + - name: tls.crt + path: "{{ generated_certs_dir }}/apiserver.crt" + - slurp: src: "{{ generated_certs_dir }}/ca.crt" register: apiserver_ca - shell: > - oc get apiservices.apiregistration.k8s.io/v1alpha1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found" + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig get apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found" register: get_apiservices changed_when: no - name: Create api service oc_obj: state: present - name: v1alpha1.servicecatalog.k8s.io + name: v1beta1.servicecatalog.k8s.io kind: apiservices.apiregistration.k8s.io namespace: "kube-service-catalog" content: @@ -57,10 +76,10 @@ apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: - name: v1alpha1.servicecatalog.k8s.io + name: v1beta1.servicecatalog.k8s.io spec: group: servicecatalog.k8s.io - version: v1alpha1 + version: v1beta1 service: namespace: "kube-service-catalog" name: apiserver diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml index e202ae173..3507330e3 100644 --- a/roles/openshift_service_catalog/tasks/install.yml +++ b/roles/openshift_service_catalog/tasks/install.yml @@ -38,7 +38,7 @@ - name: Make kube-service-catalog project network global command: > - oc adm pod-network make-projects-global kube-service-catalog + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig adm pod-network make-projects-global kube-service-catalog - include: generate_certs.yml @@ -47,16 +47,15 @@ dest: "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml" - oc_obj: - name: service-catalog + name: service-catalog-role-bindings kind: template namespace: "kube-service-catalog" files: - "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml" - delete_after: yes - oc_process: create: True - template_name: service-catalog + template_name: service-catalog-role-bindings namespace: "kube-service-catalog" - copy: @@ -64,16 +63,15 @@ dest: "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml" - oc_obj: - name: kube-system-service-catalog + name: kube-system-service-catalog-role-bindings kind: template namespace: kube-system files: - "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml" - delete_after: yes - oc_process: create: True - template_name: kube-system-service-catalog + template_name: kube-system-service-catalog-role-bindings namespace: kube-system - oc_obj: @@ -85,19 +83,19 @@ # only do this if we don't already have the updated role info - name: Generate apply template for clusterrole/edit template: - src: sc_role_patching.j2 + src: sc_admin_edit_role_patching.j2 dest: "{{ mktemp.stdout }}/edit_sc_patch.yml" vars: original_content: "{{ edit_yaml.results.results[0] | to_yaml }}" when: - - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) # only do this if we don't already have the updated role info - name: update edit role for service catalog and pod preset access command: > - oc replace -f {{ mktemp.stdout }}/edit_sc_patch.yml + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/edit_sc_patch.yml when: - - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not edit_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not edit_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) - oc_obj: name: admin @@ -108,19 +106,42 @@ # only do this if we don't already have the updated role info - name: Generate apply template for clusterrole/admin template: - src: sc_role_patching.j2 + src: sc_admin_edit_role_patching.j2 dest: "{{ mktemp.stdout }}/admin_sc_patch.yml" vars: original_content: "{{ admin_yaml.results.results[0] | to_yaml }}" when: - - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) # only do this if we don't already have the updated role info - name: update admin role for service catalog and pod preset access command: > - oc replace -f {{ mktemp.stdout }}/admin_sc_patch.yml + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/admin_sc_patch.yml + when: + - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['create', 'update', 'delete', 'get', 'list', 'watch', 'patch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + +- oc_obj: + name: view + kind: clusterrole + state: list + register: view_yaml + +# only do this if we don't already have the updated role info +- name: Generate apply template for clusterrole/view + template: + src: sc_view_role_patching.j2 + dest: "{{ mktemp.stdout }}/view_sc_patch.yml" + vars: + original_content: "{{ view_yaml.results.results[0] | to_yaml }}" + when: + - not view_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch']) + +# only do this if we don't already have the updated role info +- name: update view role for service catalog access + command: > + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig replace -f {{ mktemp.stdout }}/view_sc_patch.yml when: - - not admin_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['instances', 'bindings'], ['create', 'update', 'delete', 'get', 'list', 'watch']) or not admin_yaml.results.results[0] | oo_contains_rule(['settings.k8s.io'], ['podpresets'], ['create', 'update', 'delete', 'get', 'list', 'watch']) + - not view_yaml.results.results[0] | oo_contains_rule(['servicecatalog.k8s.io'], ['serviceinstances', 'servicebindings'], ['get', 'list', 'watch']) - oc_adm_policy_user: namespace: kube-service-catalog diff --git a/roles/openshift_service_catalog/tasks/remove.yml b/roles/openshift_service_catalog/tasks/remove.yml index 2fb1ec440..a832e1f85 100644 --- a/roles/openshift_service_catalog/tasks/remove.yml +++ b/roles/openshift_service_catalog/tasks/remove.yml @@ -1,11 +1,7 @@ --- - name: Remove Service Catalog APIServer command: > - oc delete apiservices.apiregistration.k8s.io/v1alpha1.servicecatalog.k8s.io --ignore-not-found -n kube-service-catalog - -- name: Remove Policy Binding - command: > - oc delete policybindings/kube-system:default -n kube-system --ignore-not-found + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig delete apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io --ignore-not-found -n kube-service-catalog # TODO: this module doesn't currently remove this #- name: Remove service catalog api service @@ -13,7 +9,7 @@ # state: absent # namespace: "kube-service-catalog" # kind: apiservices.apiregistration.k8s.io -# name: v1alpha1.servicecatalog.k8s.io +# name: v1beta1.servicecatalog.k8s.io - name: Remove Service Catalog API Server route oc_obj: @@ -50,6 +46,26 @@ kind: deployment name: controller-manager +- name: Remove Service Catalog kube-system Role Bindinds + shell: > + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig process kube-system-service-catalog-role-bindings -n kube-system | {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig delete --ignore-not-found -f - + +- oc_obj: + kind: template + name: "kube-system-service-catalog-role-bindings" + namespace: kube-system + state: absent + +- name: Remove Service Catalog kube-service-catalog Role Bindinds + shell: > + {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig process service-catalog-role-bindings -n kube-service-catalog | {{ openshift.common.client_binary }} --config=/etc/origin/master/admin.kubeconfig delete --ignore-not-found -f - + +- oc_obj: + kind: template + name: "service-catalog-role-bindings" + namespace: kube-service-catalog + state: absent + - name: Remove Service Catalog namespace oc_project: state: absent diff --git a/roles/openshift_service_catalog/templates/api_server.j2 b/roles/openshift_service_catalog/templates/api_server.j2 index c09834fd4..0e5bb7230 100644 --- a/roles/openshift_service_catalog/templates/api_server.j2 +++ b/roles/openshift_service_catalog/templates/api_server.j2 @@ -24,6 +24,7 @@ spec: {% endfor %} containers: - args: + - apiserver - --storage-type - etcd - --secure-port @@ -41,9 +42,11 @@ spec: - --cors-allowed-origins - {{ cors_allowed_origin }} - --admission-control - - "KubernetesNamespaceLifecycle" + - KubernetesNamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck + - --feature-gates + - OriginatingIdentity=true image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }} - command: ["/usr/bin/apiserver"] + command: ["/usr/bin/service-catalog"] imagePullPolicy: Always name: apiserver ports: diff --git a/roles/openshift_service_catalog/templates/controller_manager.j2 b/roles/openshift_service_catalog/templates/controller_manager.j2 index 1bbc0fa2c..e5e5f6b50 100644 --- a/roles/openshift_service_catalog/templates/controller_manager.j2 +++ b/roles/openshift_service_catalog/templates/controller_manager.j2 @@ -29,11 +29,17 @@ spec: fieldRef: fieldPath: metadata.namespace args: + - controller-manager - -v - "5" - - "--leader-election-namespace=$(K8S_NAMESPACE)" + - --leader-election-namespace + - kube-service-catalog + - --broker-relist-interval + - "5m" + - --feature-gates + - OriginatingIdentity=true image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }} - command: ["/usr/bin/controller-manager"] + command: ["/usr/bin/service-catalog"] imagePullPolicy: Always name: controller-manager ports: @@ -41,7 +47,19 @@ spec: protocol: TCP resources: {} terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /var/run/kubernetes-service-catalog + name: service-catalog-ssl + readOnly: true dnsPolicy: ClusterFirst restartPolicy: Always securityContext: {} terminationGracePeriodSeconds: 30 + volumes: + - name: service-catalog-ssl + secret: + defaultMode: 420 + items: + - key: tls.crt + path: apiserver.crt + secretName: apiserver-ssl diff --git a/roles/openshift_service_catalog/templates/sc_role_patching.j2 b/roles/openshift_service_catalog/templates/sc_admin_edit_role_patching.j2 index 69b062b3f..59cceafcf 100644 --- a/roles/openshift_service_catalog/templates/sc_role_patching.j2 +++ b/roles/openshift_service_catalog/templates/sc_admin_edit_role_patching.j2 @@ -3,8 +3,8 @@ - "servicecatalog.k8s.io" attributeRestrictions: null resources: - - instances - - bindings + - serviceinstances + - servicebindings verbs: - create - update @@ -12,6 +12,7 @@ - get - list - watch + - patch - apiGroups: - "settings.k8s.io" attributeRestrictions: null diff --git a/roles/openshift_service_catalog/templates/sc_view_role_patching.j2 b/roles/openshift_service_catalog/templates/sc_view_role_patching.j2 new file mode 100644 index 000000000..838993854 --- /dev/null +++ b/roles/openshift_service_catalog/templates/sc_view_role_patching.j2 @@ -0,0 +1,11 @@ +{{ original_content }} +- apiGroups: + - "servicecatalog.k8s.io" + attributeRestrictions: null + resources: + - serviceinstances + - servicebindings + verbs: + - get + - list + - watch diff --git a/roles/openshift_service_catalog/vars/openshift-enterprise.yml b/roles/openshift_service_catalog/vars/openshift-enterprise.yml index 4df60e9a8..cab9cc7d8 100644 --- a/roles/openshift_service_catalog/vars/openshift-enterprise.yml +++ b/roles/openshift_service_catalog/vars/openshift-enterprise.yml @@ -1,3 +1,3 @@ --- __openshift_service_catalog_image_prefix: "registry.access.redhat.com/openshift3/ose-" -__openshift_service_catalog_image_version: "v3.6" +__openshift_service_catalog_image_version: "v3.7" diff --git a/roles/openshift_storage_glusterfs/README.md b/roles/openshift_storage_glusterfs/README.md index d0bc0e028..54adcf78d 100644 --- a/roles/openshift_storage_glusterfs/README.md +++ b/roles/openshift_storage_glusterfs/README.md @@ -84,6 +84,22 @@ GlusterFS cluster into a new or existing OpenShift cluster: | openshift_storage_glusterfs_storageclass | True | Automatically create a StorageClass for each GlusterFS cluster | openshift_storage_glusterfs_image | 'gluster/gluster-centos'| Container image to use for GlusterFS pods, enterprise default is 'rhgs3/rhgs-server-rhel7' | openshift_storage_glusterfs_version | 'latest' | Container image version to use for GlusterFS pods +| openshift_storage_glusterfs_block_deploy | True | Deploy glusterblock provisioner service +| openshift_storage_glusterfs_block_image | 'gluster/glusterblock-provisioner'| Container image to use for glusterblock-provisioner pod, enterprise default is 'rhgs3/rhgs-gluster-block-prov-rhel7' +| openshift_storage_glusterfs_block_version | 'latest' | Container image version to use for glusterblock-provisioner pod +| openshift_storage_glusterfs_block_host_vol_create| True | Automatically create GlusterFS volumes to host glusterblock volumes. **NOTE:** If this is False, block-hosting volumes will need to be manually created before glusterblock volumes can be provisioned +| openshift_storage_glusterfs_block_host_vol_size | 100 | Size, in GB, of GlusterFS volumes that will be automatically create to host glusterblock volumes if not enough space is available for a glusterblock volume create request. **NOTE:** This value is effectively an upper limit on the size of glusterblock volumes unless you manually create larger GlusterFS block-hosting volumes +| openshift_storage_glusterfs_block_host_vol_max | 15 | Max number of GlusterFS volumes to host glusterblock volumes +| openshift_storage_glusterfs_s3_deploy | True | Deploy gluster-s3 service +| openshift_storage_glusterfs_s3_image | 'gluster/gluster-object'| Container image to use for gluster-s3 pod, enterprise default is 'rhgs3/rhgs-gluster-s3-server-rhel7' +| openshift_storage_glusterfs_s3_version | 'latest' | Container image version to use for gluster=s3 pod +| openshift_storage_glusterfs_s3_account | Undefined | S3 account name for the S3 service, required for S3 service deployment +| openshift_storage_glusterfs_s3_user | Undefined | S3 user name for the S3 service, required for S3 service deployment +| openshift_storage_glusterfs_s3_password | Undefined | S3 user password for the S3 service, required for S3 service deployment +| openshift_storage_glusterfs_s3_pvc | Dynamic | Name of the GlusterFS-backed PVC which will be used for S3 object data storage, generated from the cluster name and S3 account by default +| openshift_storage_glusterfs_s3_pvc_size | "2Gi" | Size, in Gi, of the GlusterFS-backed PVC which will be used for S3 object data storage +| openshift_storage_glusterfs_s3_meta_pvc | Dynamic | Name of the GlusterFS-backed PVC which will be used for S3 object metadata storage, generated from the cluster name and S3 account by default +| openshift_storage_glusterfs_s3_meta_pvc_size | "1Gi" | Size, in Gi, of the GlusterFS-backed PVC which will be used for S3 object metadata storage | openshift_storage_glusterfs_wipe | False | Destroy any existing GlusterFS resources and wipe storage devices. **WARNING: THIS WILL DESTROY ANY DATA ON THOSE DEVICES.** | openshift_storage_glusterfs_heketi_is_native | True | heketi should be containerized | openshift_storage_glusterfs_heketi_cli | 'heketi-cli' | Command/Path to invoke the heketi-cli tool **NOTE:** Change this only for **non-native heketi** if heketi-cli is not in the global `$PATH` of the machine running openshift-ansible @@ -99,6 +115,7 @@ GlusterFS cluster into a new or existing OpenShift cluster: | openshift_storage_glusterfs_heketi_ssh_user | 'root' | SSH user for external GlusterFS nodes via native heketi | openshift_storage_glusterfs_heketi_ssh_sudo | False | Whether to sudo (if non-root user) for SSH to external GlusterFS nodes via native heketi | openshift_storage_glusterfs_heketi_ssh_keyfile | Undefined | Path to a private key file for use with SSH connections to external GlusterFS nodes via native heketi **NOTE:** This must be an absolute path +| openshift_storage_glusterfs_heketi_fstab | '/var/lib/heketi/fstab' | When heketi is native, sets the path to the fstab file on the GlusterFS nodes to update on LVM volume mounts, changes to '/etc/fstab/' when the heketi executor is 'ssh' **NOTE:** This should not need to be changed | openshift_storage_glusterfs_heketi_wipe | False | Destroy any existing heketi resources, defaults to the value of `openshift_storage_glusterfs_wipe` Each role variable also has a corresponding variable to optionally configure a @@ -119,13 +136,13 @@ are an exception: Additionally, this role's behavior responds to the following registry-specific variables: -| Name | Default value | Description | -|-----------------------------------------------|------------------------------|-----------------------------------------| -| openshift_hosted_registry_glusterfs_endpoints | glusterfs-registry-endpoints | The name for the Endpoints resource that will point the registry to the GlusterFS nodes -| openshift_hosted_registry_glusterfs_path | glusterfs-registry-volume | The name for the GlusterFS volume that will provide registry storage -| openshift_hosted_registry_glusterfs_readonly | False | Whether the GlusterFS volume should be read-only -| openshift_hosted_registry_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume -| openshift_hosted_registry_glusterfs_swapcopy | True | If swapping, copy the contents of the pre-existing registry storage to the new GlusterFS volume +| Name | Default value | Description | +|-------------------------------------------------------|------------------------------|-----------------------------------------| +| openshift_hosted_registry_storage_glusterfs_endpoints | glusterfs-registry-endpoints | The name for the Endpoints resource that will point the registry to the GlusterFS nodes +| openshift_hosted_registry_storage_glusterfs_path | glusterfs-registry-volume | The name for the GlusterFS volume that will provide registry storage +| openshift_hosted_registry_storage_glusterfs_readonly | False | Whether the GlusterFS volume should be read-only +| openshift_hosted_registry_storage_glusterfs_swap | False | Whether to swap an existing registry's storage volume for a GlusterFS volume +| openshift_hosted_registry_storage_glusterfs_swapcopy | True | If swapping, copy the contents of the pre-existing registry storage to the new GlusterFS volume Dependencies ------------ diff --git a/roles/openshift_storage_glusterfs/defaults/main.yml b/roles/openshift_storage_glusterfs/defaults/main.yml index 148549887..814d6ff28 100644 --- a/roles/openshift_storage_glusterfs/defaults/main.yml +++ b/roles/openshift_storage_glusterfs/defaults/main.yml @@ -7,6 +7,22 @@ openshift_storage_glusterfs_use_default_selector: False openshift_storage_glusterfs_storageclass: True openshift_storage_glusterfs_image: "{{ 'rhgs3/rhgs-server-rhel7' | quote if deployment_type == 'openshift-enterprise' else 'gluster/gluster-centos' | quote }}" openshift_storage_glusterfs_version: 'latest' +openshift_storage_glusterfs_block_deploy: True +openshift_storage_glusterfs_block_image: "{{ 'rhgs3/rhgs-gluster-block-prov-rhel7' | quote if deployment_type == 'openshift-enterprise' else 'gluster/glusterblock-provisioner' | quote }}" +openshift_storage_glusterfs_block_version: 'latest' +openshift_storage_glusterfs_block_host_vol_create: True +openshift_storage_glusterfs_block_host_vol_size: 100 +openshift_storage_glusterfs_block_host_vol_max: 15 +openshift_storage_glusterfs_s3_deploy: True +openshift_storage_glusterfs_s3_image: "{{ 'rhgs3/rhgs-gluster-s3-server-rhel7' | quote if deployment_type == 'openshift-enterprise' else 'gluster/gluster-object' | quote }}" +openshift_storage_glusterfs_s3_version: 'latest' +openshift_storage_glusterfs_s3_account: "{{ omit }}" +openshift_storage_glusterfs_s3_user: "{{ omit }}" +openshift_storage_glusterfs_s3_password: "{{ omit }}" +openshift_storage_glusterfs_s3_pvc: "gluster-s3-{{ openshift_storage_glusterfs_name }}-{{ openshift_storage_glusterfs_s3_account }}-claim" +openshift_storage_glusterfs_s3_pvc_size: "2Gi" +openshift_storage_glusterfs_s3_meta_pvc: "gluster-s3-{{ openshift_storage_glusterfs_name }}-{{ openshift_storage_glusterfs_s3_account }}-meta-claim" +openshift_storage_glusterfs_s3_meta_pvc_size: "1Gi" openshift_storage_glusterfs_wipe: False openshift_storage_glusterfs_heketi_is_native: "{{ openshift_storage_glusterfs_is_native }}" openshift_storage_glusterfs_heketi_is_missing: True @@ -25,6 +41,7 @@ openshift_storage_glusterfs_heketi_ssh_port: 22 openshift_storage_glusterfs_heketi_ssh_user: 'root' openshift_storage_glusterfs_heketi_ssh_sudo: False openshift_storage_glusterfs_heketi_ssh_keyfile: "{{ omit }}" +openshift_storage_glusterfs_heketi_fstab: "{{ '/var/lib/heketi/fstab' | quote if openshift_storage_glusterfs_heketi_executor == 'kubernetes' else '/etc/fstab' | quote }}" openshift_storage_glusterfs_namespace: "{{ 'glusterfs' | quote if openshift_storage_glusterfs_is_native or openshift_storage_glusterfs_heketi_is_native else 'default' | quote }}" openshift_storage_glusterfs_registry_timeout: "{{ openshift_storage_glusterfs_timeout }}" @@ -36,6 +53,22 @@ openshift_storage_glusterfs_registry_use_default_selector: "{{ openshift_storage openshift_storage_glusterfs_registry_storageclass: False openshift_storage_glusterfs_registry_image: "{{ openshift_storage_glusterfs_image }}" openshift_storage_glusterfs_registry_version: "{{ openshift_storage_glusterfs_version }}" +openshift_storage_glusterfs_registry_block_deploy: "{{ openshift_storage_glusterfs_block_deploy }}" +openshift_storage_glusterfs_registry_block_image: "{{ openshift_storage_glusterfs_block_image }}" +openshift_storage_glusterfs_registry_block_version: "{{ openshift_storage_glusterfs_block_version }}" +openshift_storage_glusterfs_registry_block_host_vol_create: "{{ openshift_storage_glusterfs_block_host_vol_create }}" +openshift_storage_glusterfs_registry_block_host_vol_size: "{{ openshift_storage_glusterfs_block_host_vol_size }}" +openshift_storage_glusterfs_registry_block_host_vol_max: "{{ openshift_storage_glusterfs_block_host_vol_max }}" +openshift_storage_glusterfs_registry_s3_deploy: "{{ openshift_storage_glusterfs_s3_deploy }}" +openshift_storage_glusterfs_registry_s3_image: "{{ openshift_storage_glusterfs_s3_image }}" +openshift_storage_glusterfs_registry_s3_version: "{{ openshift_storage_glusterfs_s3_version }}" +openshift_storage_glusterfs_registry_s3_account: "{{ openshift_storage_glusterfs_s3_account }}" +openshift_storage_glusterfs_registry_s3_user: "{{ openshift_storage_glusterfs_s3_user }}" +openshift_storage_glusterfs_registry_s3_password: "{{ openshift_storage_glusterfs_s3_password }}" +openshift_storage_glusterfs_registry_s3_pvc: "gluster-s3-{{ openshift_storage_glusterfs_registry_name }}-{{ openshift_storage_glusterfs_registry_s3_account }}-claim" +openshift_storage_glusterfs_registry_s3_pvc_size: "{{ openshift_storage_glusterfs_s3_pvc_size }}" +openshift_storage_glusterfs_registry_s3_meta_pvc: "gluster-s3-{{ openshift_storage_glusterfs_registry_name }}-{{ openshift_storage_glusterfs_registry_s3_account }}-meta-claim" +openshift_storage_glusterfs_registry_s3_meta_pvc_size: "{{ openshift_storage_glusterfs_s3_meta_pvc_size }}" openshift_storage_glusterfs_registry_wipe: "{{ openshift_storage_glusterfs_wipe }}" openshift_storage_glusterfs_registry_heketi_is_native: "{{ openshift_storage_glusterfs_registry_is_native }}" openshift_storage_glusterfs_registry_heketi_is_missing: "{{ openshift_storage_glusterfs_heketi_is_missing }}" @@ -54,6 +87,8 @@ openshift_storage_glusterfs_registry_heketi_ssh_port: "{{ openshift_storage_glus openshift_storage_glusterfs_registry_heketi_ssh_user: "{{ openshift_storage_glusterfs_heketi_ssh_user }}" openshift_storage_glusterfs_registry_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_heketi_ssh_sudo }}" openshift_storage_glusterfs_registry_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_heketi_ssh_keyfile | default(omit) }}" +openshift_storage_glusterfs_registry_heketi_fstab: "{{ '/var/lib/heketi/fstab' | quote if openshift_storage_glusterfs_registry_heketi_executor == 'kubernetes' else '/etc/fstab' | quote }}" + r_openshift_storage_glusterfs_firewall_enabled: "{{ os_firewall_enabled | default(True) }}" r_openshift_storage_glusterfs_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}" r_openshift_storage_glusterfs_os_firewall_deny: [] diff --git a/roles/openshift_storage_glusterfs/files/v1.5/deploy-heketi-template.yml b/roles/openshift_storage_glusterfs/files/v1.5/deploy-heketi-template.yml new file mode 100644 index 000000000..7b705c2d4 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v1.5/deploy-heketi-template.yml @@ -0,0 +1,135 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: deploy-heketi + labels: + glusterfs: heketi-template + deploy-heketi: support + annotations: + description: Bootstrap Heketi installation + tags: glusterfs,heketi,installation +objects: +- kind: Service + apiVersion: v1 + metadata: + name: deploy-heketi-${CLUSTER_NAME} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-service + deploy-heketi: support + annotations: + description: Exposes Heketi service + spec: + ports: + - name: deploy-heketi-${CLUSTER_NAME} + port: 8080 + targetPort: 8080 + selector: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod +- kind: Route + apiVersion: v1 + metadata: + name: ${HEKETI_ROUTE} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-route + deploy-heketi: support + spec: + to: + kind: Service + name: deploy-heketi-${CLUSTER_NAME} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: deploy-heketi-${CLUSTER_NAME} + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-dc + deploy-heketi: support + annotations: + description: Defines how to deploy Heketi + spec: + replicas: 1 + selector: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: deploy-heketi + labels: + glusterfs: deploy-heketi-${CLUSTER_NAME}-pod + deploy-heketi: support + spec: + serviceAccountName: heketi-${CLUSTER_NAME}-service-account + containers: + - name: heketi + image: ${IMAGE_NAME}:${IMAGE_VERSION} + env: + - name: HEKETI_USER_KEY + value: ${HEKETI_USER_KEY} + - name: HEKETI_ADMIN_KEY + value: ${HEKETI_ADMIN_KEY} + - name: HEKETI_EXECUTOR + value: ${HEKETI_EXECUTOR} + - name: HEKETI_FSTAB + value: /var/lib/heketi/fstab + - name: HEKETI_SNAPSHOT_LIMIT + value: '14' + - name: HEKETI_KUBE_GLUSTER_DAEMONSET + value: '1' + - name: HEKETI_KUBE_NAMESPACE + value: ${HEKETI_KUBE_NAMESPACE} + ports: + - containerPort: 8080 + volumeMounts: + - name: db + mountPath: /var/lib/heketi + - name: config + mountPath: /etc/heketi + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 3 + httpGet: + path: /hello + port: 8080 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 30 + httpGet: + path: /hello + port: 8080 + volumes: + - name: db + - name: config + secret: + secretName: heketi-${CLUSTER_NAME}-config-secret +parameters: +- name: HEKETI_USER_KEY + displayName: Heketi User Secret + description: Set secret for those creating volumes as type _user_ +- name: HEKETI_ADMIN_KEY + displayName: Heketi Administrator Secret + description: Set secret for administration of the Heketi service as user _admin_ +- name: HEKETI_EXECUTOR + displayName: heketi executor type + description: Set the executor type, kubernetes or ssh + value: kubernetes +- name: HEKETI_KUBE_NAMESPACE + displayName: Namespace + description: Set the namespace where the GlusterFS pods reside + value: default +- name: HEKETI_ROUTE + displayName: heketi route name + description: Set the hostname for the route URL + value: "heketi-glusterfs" +- name: IMAGE_NAME + displayName: heketi container image name + required: True +- name: IMAGE_VERSION + displayName: heketi container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify this heketi service, useful for running multiple heketi instances + value: glusterfs diff --git a/roles/openshift_storage_glusterfs/files/v1.5/glusterfs-template.yml b/roles/openshift_storage_glusterfs/files/v1.5/glusterfs-template.yml new file mode 100644 index 000000000..8c5e1ded3 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v1.5/glusterfs-template.yml @@ -0,0 +1,136 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: glusterfs + labels: + glusterfs: template + annotations: + description: GlusterFS DaemonSet template + tags: glusterfs +objects: +- kind: DaemonSet + apiVersion: extensions/v1beta1 + metadata: + name: glusterfs-${CLUSTER_NAME} + labels: + glusterfs: ${CLUSTER_NAME}-daemonset + annotations: + description: GlusterFS DaemonSet + tags: glusterfs + spec: + selector: + matchLabels: + glusterfs: ${CLUSTER_NAME}-pod + template: + metadata: + name: glusterfs-${CLUSTER_NAME} + labels: + glusterfs: ${CLUSTER_NAME}-pod + glusterfs-node: pod + spec: + nodeSelector: "${{NODE_LABELS}}" + hostNetwork: true + containers: + - name: glusterfs + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + volumeMounts: + - name: glusterfs-heketi + mountPath: "/var/lib/heketi" + - name: glusterfs-run + mountPath: "/run" + - name: glusterfs-lvm + mountPath: "/run/lvm" + - name: glusterfs-etc + mountPath: "/etc/glusterfs" + - name: glusterfs-logs + mountPath: "/var/log/glusterfs" + - name: glusterfs-config + mountPath: "/var/lib/glusterd" + - name: glusterfs-dev + mountPath: "/dev" + - name: glusterfs-misc + mountPath: "/var/lib/misc/glusterfsd" + - name: glusterfs-cgroup + mountPath: "/sys/fs/cgroup" + readOnly: true + - name: glusterfs-ssl + mountPath: "/etc/ssl" + readOnly: true + securityContext: + capabilities: {} + privileged: true + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 40 + exec: + command: + - "/bin/bash" + - "-c" + - systemctl status glusterd.service + periodSeconds: 25 + successThreshold: 1 + failureThreshold: 15 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 40 + exec: + command: + - "/bin/bash" + - "-c" + - systemctl status glusterd.service + periodSeconds: 25 + successThreshold: 1 + failureThreshold: 15 + resources: {} + terminationMessagePath: "/dev/termination-log" + volumes: + - name: glusterfs-heketi + hostPath: + path: "/var/lib/heketi" + - name: glusterfs-run + emptyDir: {} + - name: glusterfs-lvm + hostPath: + path: "/run/lvm" + - name: glusterfs-etc + hostPath: + path: "/etc/glusterfs" + - name: glusterfs-logs + hostPath: + path: "/var/log/glusterfs" + - name: glusterfs-config + hostPath: + path: "/var/lib/glusterd" + - name: glusterfs-dev + hostPath: + path: "/dev" + - name: glusterfs-misc + hostPath: + path: "/var/lib/misc/glusterfsd" + - name: glusterfs-cgroup + hostPath: + path: "/sys/fs/cgroup" + - name: glusterfs-ssl + hostPath: + path: "/etc/ssl" + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} +parameters: +- name: NODE_LABELS + displayName: Daemonset Node Labels + description: Labels which define the daemonset node selector. Must contain at least one label of the format \'glusterfs=<CLUSTER_NAME>-host\' + value: '{ "glusterfs": "storage-host" }' +- name: IMAGE_NAME + displayName: GlusterFS container image name + required: True +- name: IMAGE_VERSION + displayName: GlusterFS container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v1.5/heketi-template.yml b/roles/openshift_storage_glusterfs/files/v1.5/heketi-template.yml new file mode 100644 index 000000000..61b6a8c13 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v1.5/heketi-template.yml @@ -0,0 +1,134 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: heketi + labels: + glusterfs: heketi-template + annotations: + description: Heketi service deployment template + tags: glusterfs,heketi +objects: +- kind: Service + apiVersion: v1 + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-service + annotations: + description: Exposes Heketi service + spec: + ports: + - name: heketi + port: 8080 + targetPort: 8080 + selector: + glusterfs: heketi-${CLUSTER_NAME}-pod +- kind: Route + apiVersion: v1 + metadata: + name: ${HEKETI_ROUTE} + labels: + glusterfs: heketi-${CLUSTER_NAME}-route + spec: + to: + kind: Service + name: heketi-${CLUSTER_NAME} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-dc + annotations: + description: Defines how to deploy Heketi + spec: + replicas: 1 + selector: + glusterfs: heketi-${CLUSTER_NAME}-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: heketi-${CLUSTER_NAME} + labels: + glusterfs: heketi-${CLUSTER_NAME}-pod + spec: + serviceAccountName: heketi-${CLUSTER_NAME}-service-account + containers: + - name: heketi + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + env: + - name: HEKETI_USER_KEY + value: ${HEKETI_USER_KEY} + - name: HEKETI_ADMIN_KEY + value: ${HEKETI_ADMIN_KEY} + - name: HEKETI_EXECUTOR + value: ${HEKETI_EXECUTOR} + - name: HEKETI_FSTAB + value: /var/lib/heketi/fstab + - name: HEKETI_SNAPSHOT_LIMIT + value: '14' + - name: HEKETI_KUBE_GLUSTER_DAEMONSET + value: '1' + - name: HEKETI_KUBE_NAMESPACE + value: ${HEKETI_KUBE_NAMESPACE} + ports: + - containerPort: 8080 + volumeMounts: + - name: db + mountPath: /var/lib/heketi + - name: config + mountPath: /etc/heketi + readinessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 3 + httpGet: + path: /hello + port: 8080 + livenessProbe: + timeoutSeconds: 3 + initialDelaySeconds: 30 + httpGet: + path: /hello + port: 8080 + volumes: + - name: db + glusterfs: + endpoints: heketi-db-${CLUSTER_NAME}-endpoints + path: heketidbstorage + - name: config + secret: + secretName: heketi-${CLUSTER_NAME}-config-secret +parameters: +- name: HEKETI_USER_KEY + displayName: Heketi User Secret + description: Set secret for those creating volumes as type _user_ +- name: HEKETI_ADMIN_KEY + displayName: Heketi Administrator Secret + description: Set secret for administration of the Heketi service as user _admin_ +- name: HEKETI_EXECUTOR + displayName: heketi executor type + description: Set the executor type, kubernetes or ssh + value: kubernetes +- name: HEKETI_KUBE_NAMESPACE + displayName: Namespace + description: Set the namespace where the GlusterFS pods reside + value: default +- name: HEKETI_ROUTE + displayName: heketi route name + description: Set the hostname for the route URL + value: "heketi-glusterfs" +- name: IMAGE_NAME + displayName: heketi container image name + required: True +- name: IMAGE_VERSION + displayName: heketi container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify this heketi service, useful for running multiple heketi instances + value: glusterfs diff --git a/roles/openshift_storage_glusterfs/files/v3.7/deploy-heketi-template.yml b/roles/openshift_storage_glusterfs/files/v3.7/deploy-heketi-template.yml index 9ebb0d5ec..34af652c2 100644 --- a/roles/openshift_storage_glusterfs/files/v3.7/deploy-heketi-template.yml +++ b/roles/openshift_storage_glusterfs/files/v3.7/deploy-heketi-template.yml @@ -73,20 +73,16 @@ objects: - name: HEKETI_EXECUTOR value: ${HEKETI_EXECUTOR} - name: HEKETI_FSTAB - value: /var/lib/heketi/fstab + value: ${HEKETI_FSTAB} - name: HEKETI_SNAPSHOT_LIMIT value: '14' - name: HEKETI_KUBE_GLUSTER_DAEMONSET value: '1' - - name: HEKETI_KUBE_NAMESPACE - value: ${HEKETI_KUBE_NAMESPACE} ports: - containerPort: 8080 volumeMounts: - name: db mountPath: /var/lib/heketi - - name: topology - mountPath: ${TOPOLOGY_PATH} - name: config mountPath: /etc/heketi readinessProbe: @@ -103,9 +99,6 @@ objects: port: 8080 volumes: - name: db - - name: topology - secret: - secretName: heketi-${CLUSTER_NAME}-topology-secret - name: config secret: secretName: heketi-${CLUSTER_NAME}-config-secret @@ -120,10 +113,10 @@ parameters: displayName: heketi executor type description: Set the executor type, kubernetes or ssh value: kubernetes -- name: HEKETI_KUBE_NAMESPACE - displayName: Namespace - description: Set the namespace where the GlusterFS pods reside - value: default +- name: HEKETI_FSTAB + displayName: heketi fstab path + description: Set the fstab path, file that is populated with bricks that heketi creates + value: /var/lib/heketi/fstab - name: HEKETI_ROUTE displayName: heketi route name description: Set the hostname for the route URL @@ -138,6 +131,3 @@ parameters: displayName: GlusterFS cluster name description: A unique name to identify this heketi service, useful for running multiple heketi instances value: glusterfs -- name: TOPOLOGY_PATH - displayName: heketi topology file location - required: True diff --git a/roles/openshift_storage_glusterfs/files/v3.7/gluster-s3-pvcs-template.yml b/roles/openshift_storage_glusterfs/files/v3.7/gluster-s3-pvcs-template.yml new file mode 100644 index 000000000..064b51473 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.7/gluster-s3-pvcs-template.yml @@ -0,0 +1,67 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: gluster-s3-pvcs + labels: + glusterfs: s3-pvcs-template + gluster-s3: pvcs-template + annotations: + description: Gluster S3 service template + tags: glusterfs,heketi,gluster-s3 +objects: +- kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: "${PVC}" + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-storage + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-pvc + annotations: + volume.beta.kubernetes.io/storage-class: "glusterfs-${CLUSTER_NAME}" + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: "${PVC_SIZE}" +- kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: "${META_PVC}" + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-storage + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-meta-pvc + annotations: + volume.beta.kubernetes.io/storage-class: "glusterfs-${CLUSTER_NAME}" + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: "${META_PVC_SIZE}" +parameters: +- name: S3_ACCOUNT + displayName: S3 Account Name + description: S3 storage account which will provide storage on GlusterFS volumes + required: true +- name: PVC + displayName: Primary GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage + required: true +- name: PVC_SIZE + displayName: Primary GlusterFS-backed PVC capacity + description: Capacity for GlusterFS-backed PVC for object storage + value: 2Gi +- name: META_PVC + displayName: Metadata GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage metadata + required: true +- name: META_PVC_SIZE + displayName: Metadata GlusterFS-backed PVC capacity + description: Capacity for GlusterFS-backed PVC for object storage metadata + value: 1Gi +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v3.7/gluster-s3-template.yml b/roles/openshift_storage_glusterfs/files/v3.7/gluster-s3-template.yml new file mode 100644 index 000000000..896a1b226 --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.7/gluster-s3-template.yml @@ -0,0 +1,140 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: gluster-s3 + labels: + glusterfs: s3-template + gluster-s3: template + annotations: + description: Gluster S3 service template + tags: glusterfs,heketi,gluster-s3 +objects: +- kind: Service + apiVersion: v1 + metadata: + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-service + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-service + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-service + spec: + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 + selector: + glusterfs: s3-pod + type: ClusterIP + sessionAffinity: None + status: + loadBalancer: {} +- kind: Route + apiVersion: v1 + metadata: + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-route + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-route + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-route + spec: + to: + kind: Service + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-service +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: gluster-s3-${CLUSTER_NAME}-${S3_ACCOUNT}-dc + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-dc + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-dc + annotations: + openshift.io/scc: privileged + description: Defines how to deploy gluster s3 object storage + spec: + replicas: 1 + selector: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-pod + template: + metadata: + name: gluster-${CLUSTER_NAME}-${S3_ACCOUNT}-s3 + labels: + glusterfs: s3-${CLUSTER_NAME}-${S3_ACCOUNT}-pod + gluster-s3: ${CLUSTER_NAME}-${S3_ACCOUNT}-pod + spec: + containers: + - name: gluster-s3 + image: ${IMAGE_NAME}:${IMAGE_VERSION} + imagePullPolicy: IfNotPresent + ports: + - name: gluster + containerPort: 8080 + protocol: TCP + env: + - name: S3_ACCOUNT + value: "${S3_ACCOUNT}" + - name: S3_USER + value: "${S3_USER}" + - name: S3_PASSWORD + value: "${S3_PASSWORD}" + resources: {} + volumeMounts: + - name: gluster-vol1 + mountPath: "/mnt/gluster-object/${S3_ACCOUNT}" + - name: gluster-vol2 + mountPath: "/mnt/gluster-object/gsmetadata" + - name: glusterfs-cgroup + readOnly: true + mountPath: "/sys/fs/cgroup" + terminationMessagePath: "/dev/termination-log" + securityContext: + privileged: true + volumes: + - name: glusterfs-cgroup + hostPath: + path: "/sys/fs/cgroup" + - name: gluster-vol1 + persistentVolumeClaim: + claimName: ${PVC} + - name: gluster-vol2 + persistentVolumeClaim: + claimName: ${META_PVC} + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + serviceAccountName: default + serviceAccount: default + securityContext: {} +parameters: +- name: IMAGE_NAME + displayName: glusterblock provisioner container image name + required: True +- name: IMAGE_VERSION + displayName: glusterblock provisioner container image version + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage +- name: S3_ACCOUNT + displayName: S3 Account Name + description: S3 storage account which will provide storage on GlusterFS volumes + required: true +- name: S3_USER + displayName: S3 User + description: S3 user who can access the S3 storage account + required: true +- name: S3_PASSWORD + displayName: S3 User Password + description: Password for the S3 user + required: true +- name: PVC + displayName: Primary GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage + value: gluster-s3-claim +- name: META_PVC + displayName: Metadata GlusterFS-backed PVC + description: GlusterFS-backed PVC for object storage metadata + value: gluster-s3-meta-claim +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml b/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml new file mode 100644 index 000000000..9c1409dee --- /dev/null +++ b/roles/openshift_storage_glusterfs/files/v3.7/glusterblock-provisioner.yml @@ -0,0 +1,105 @@ +--- +kind: Template +apiVersion: v1 +metadata: + name: glusterblock-provisioner + labels: + glusterfs: block-template + glusterblock: template + annotations: + description: glusterblock provisioner template + tags: glusterfs +objects: +- kind: ClusterRole + apiVersion: v1 + metadata: + name: glusterblock-provisioner-runner + labels: + glusterfs: block-provisioner-runner-clusterrole + glusterblock: provisioner-runner-clusterrole + rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "delete"] + - apiGroups: [""] + resources: ["routes"] + verbs: ["get", "list"] +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: glusterblock-${CLUSTER_NAME}-provisioner + labels: + glusterfs: block-${CLUSTER_NAME}-provisioner-sa + glusterblock: ${CLUSTER_NAME}-provisioner-sa +- apiVersion: v1 + kind: ClusterRoleBinding + metadata: + name: glusterblock-${CLUSTER_NAME}-provisioner + roleRef: + name: glusterblock-provisioner-runner + subjects: + - kind: ServiceAccount + name: glusterblock-${CLUSTER_NAME}-provisioner + namespace: ${NAMESPACE} +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: glusterblock-${CLUSTER_NAME}-provisioner-dc + labels: + glusterfs: block-${CLUSTER_NAME}-provisioner-dc + glusterblock: ${CLUSTER_NAME}-provisioner-dc + annotations: + description: Defines how to deploy the glusterblock provisioner pod. + spec: + replicas: 1 + selector: + glusterfs: block-${CLUSTER_NAME}-provisioner-pod + triggers: + - type: ConfigChange + strategy: + type: Recreate + template: + metadata: + name: glusterblock-provisioner + labels: + glusterfs: block-${CLUSTER_NAME}-provisioner-pod + spec: + serviceAccountName: glusterblock-${CLUSTER_NAME}-provisioner + containers: + - name: glusterblock-provisioner + image: ${IMAGE_NAME}:${IMAGE_VERSION} + image: gluster/glusterblock-provisioner:latest + imagePullPolicy: IfNotPresent + env: + - name: PROVISIONER_NAME + value: gluster.org/glusterblock +parameters: +- name: IMAGE_NAME + displayName: glusterblock provisioner container image name + required: True +- name: IMAGE_VERSION + displayName: glusterblock provisioner container image version + required: True +- name: NAMESPACE + displayName: glusterblock provisioner namespace + description: The namespace in which these resources are being created + required: True +- name: CLUSTER_NAME + displayName: GlusterFS cluster name + description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances + value: storage diff --git a/roles/openshift_storage_glusterfs/files/v3.7/glusterfs-template.yml b/roles/openshift_storage_glusterfs/files/v3.7/glusterfs-template.yml index 8c5e1ded3..09850a2c2 100644 --- a/roles/openshift_storage_glusterfs/files/v3.7/glusterfs-template.yml +++ b/roles/openshift_storage_glusterfs/files/v3.7/glusterfs-template.yml @@ -35,6 +35,15 @@ objects: - name: glusterfs image: ${IMAGE_NAME}:${IMAGE_VERSION} imagePullPolicy: IfNotPresent + env: + - name: GB_GLFS_LRU_COUNT + value: "${GB_GLFS_LRU_COUNT}" + - name: TCMU_LOGDIR + value: "${TCMU_LOGDIR}" + resources: + requests: + memory: 100Mi + cpu: 100m volumeMounts: - name: glusterfs-heketi mountPath: "/var/lib/heketi" @@ -83,7 +92,6 @@ objects: periodSeconds: 25 successThreshold: 1 failureThreshold: 15 - resources: {} terminationMessagePath: "/dev/termination-log" volumes: - name: glusterfs-heketi @@ -134,3 +142,13 @@ parameters: displayName: GlusterFS cluster name description: A unique name to identify which heketi service manages this cluster, useful for running multiple heketi instances value: storage +- name: GB_GLFS_LRU_COUNT + displayName: Maximum number of block hosting volumes + description: This value is to set maximum number of block hosting volumes. + value: "15" + required: true +- name: TCMU_LOGDIR + displayName: Tcmu runner log directory + description: This value is to set tcmu runner log directory + value: "/var/log/glusterfs/gluster-block" + required: true diff --git a/roles/openshift_storage_glusterfs/files/v3.7/heketi-template.yml b/roles/openshift_storage_glusterfs/files/v3.7/heketi-template.yml index 61b6a8c13..28cdb2982 100644 --- a/roles/openshift_storage_glusterfs/files/v3.7/heketi-template.yml +++ b/roles/openshift_storage_glusterfs/files/v3.7/heketi-template.yml @@ -15,6 +15,7 @@ objects: name: heketi-${CLUSTER_NAME} labels: glusterfs: heketi-${CLUSTER_NAME}-service + heketi: ${CLUSTER_NAME}-service annotations: description: Exposes Heketi service spec: @@ -30,6 +31,7 @@ objects: name: ${HEKETI_ROUTE} labels: glusterfs: heketi-${CLUSTER_NAME}-route + heketi: ${CLUSTER_NAME}-route spec: to: kind: Service @@ -40,6 +42,7 @@ objects: name: heketi-${CLUSTER_NAME} labels: glusterfs: heketi-${CLUSTER_NAME}-dc + heketi: ${CLUSTER_NAME}-dc annotations: description: Defines how to deploy Heketi spec: @@ -55,6 +58,7 @@ objects: name: heketi-${CLUSTER_NAME} labels: glusterfs: heketi-${CLUSTER_NAME}-pod + heketi: ${CLUSTER_NAME}-pod spec: serviceAccountName: heketi-${CLUSTER_NAME}-service-account containers: @@ -69,13 +73,11 @@ objects: - name: HEKETI_EXECUTOR value: ${HEKETI_EXECUTOR} - name: HEKETI_FSTAB - value: /var/lib/heketi/fstab + value: ${HEKETI_FSTAB} - name: HEKETI_SNAPSHOT_LIMIT value: '14' - name: HEKETI_KUBE_GLUSTER_DAEMONSET value: '1' - - name: HEKETI_KUBE_NAMESPACE - value: ${HEKETI_KUBE_NAMESPACE} ports: - containerPort: 8080 volumeMounts: @@ -114,10 +116,10 @@ parameters: displayName: heketi executor type description: Set the executor type, kubernetes or ssh value: kubernetes -- name: HEKETI_KUBE_NAMESPACE - displayName: Namespace - description: Set the namespace where the GlusterFS pods reside - value: default +- name: HEKETI_FSTAB + displayName: heketi fstab path + description: Set the fstab path, file that is populated with bricks that heketi creates + value: /var/lib/heketi/fstab - name: HEKETI_ROUTE displayName: heketi route name description: Set the hostname for the route URL diff --git a/roles/openshift_storage_glusterfs/tasks/gluster_s3_deploy.yml b/roles/openshift_storage_glusterfs/tasks/gluster_s3_deploy.yml new file mode 100644 index 000000000..1664ecc1e --- /dev/null +++ b/roles/openshift_storage_glusterfs/tasks/gluster_s3_deploy.yml @@ -0,0 +1,113 @@ +--- +- name: Delete pre-existing gluster-s3 resources + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: "{{ item.kind }}" + name: "{{ item.name | default(omit) }}" + selector: "{{ item.selector | default(omit) }}" + state: absent + with_items: + - kind: "all,svc,deploy,secret,sc,pvc" + selector: "gluster-s3" + failed_when: False + when: glusterfs_wipe + +- name: Wait for gluster-s3 pods to terminate + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: pod + state: list + selector: "glusterfs=s3-{{ glusterfs_name }}-provisioner-pod" + register: gluster_s3_pod + until: "gluster_s3_pod.results.results[0]['items'] | count == 0" + delay: 10 + retries: "{{ (glusterfs_timeout | int / 10) | int }}" + when: glusterfs_wipe + +- name: Copy gluster-s3 PVCs template file + copy: + src: "{{ openshift.common.examples_content_version }}/{{ item }}" + dest: "{{ mktemp.stdout }}/{{ item }}" + with_items: + - "gluster-s3-pvcs-template.yml" + +- name: Create gluster-s3 PVCs template + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: template + name: "gluster-s3-pvcs" + state: present + files: + - "{{ mktemp.stdout }}/gluster-s3-pvcs-template.yml" + +- name: Create gluster-s3 PVCs + oc_process: + namespace: "{{ glusterfs_namespace }}" + template_name: "gluster-s3-pvcs" + create: True + params: + S3_ACCOUNT: "{{ glusterfs_s3_account }}" + PVC: "{{ glusterfs_s3_pvc }}" + PVC_SIZE: "{{ glusterfs_s3_pvc_size }}" + META_PVC: "{{ glusterfs_s3_meta_pvc }}" + META_PVC_SIZE: "{{ glusterfs_s3_meta_pvc_size }}" + CLUSTER_NAME: "{{ glusterfs_name }}" + +- name: Wait for gluster-s3 PVCs + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: pvc + state: list + selector: "glusterfs=s3-{{ glusterfs_name }}-{{ glusterfs_s3_account }}-storage" + register: gluster_s3_pvcs + until: + - "gluster_s3_pvcs.results.results[0]['items'] | count > 0" + # Pod's 'Bound' status must be True + - "gluster_s3_pvcs.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Bound'}) | map('bool') | select | list | count == 2" + delay: 10 + retries: "{{ (glusterfs_timeout | int / 10) | int }}" + +- name: Copy gluster-s3 template file + copy: + src: "{{ openshift.common.examples_content_version }}/{{ item }}" + dest: "{{ mktemp.stdout }}/{{ item }}" + with_items: + - "gluster-s3-template.yml" + +- name: Create gluster-s3 template + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: template + name: "gluster-s3" + state: present + files: + - "{{ mktemp.stdout }}/gluster-s3-template.yml" + +- name: Deploy gluster-s3 service + oc_process: + namespace: "{{ glusterfs_namespace }}" + template_name: "gluster-s3" + create: True + params: + IMAGE_NAME: "{{ glusterfs_s3_image }}" + IMAGE_VERSION: "{{ glusterfs_s3_version }}" + S3_ACCOUNT: "{{ glusterfs_s3_account }}" + S3_USER: "{{ glusterfs_s3_user }}" + S3_PASSWORD: "{{ glusterfs_s3_password }}" + PVC: "{{ glusterfs_s3_pvc }}" + META_PVC: "{{ glusterfs_s3_meta_pvc }}" + CLUSTER_NAME: "{{ glusterfs_name }}" + +- name: Wait for gluster-s3 pod + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: pod + state: list + selector: "glusterfs=s3-{{ glusterfs_name }}-{{ glusterfs_s3_account }}-pod" + register: gluster_s3_pod + until: + - "gluster_s3_pod.results.results[0]['items'] | count > 0" + # Pod's 'Ready' status must be True + - "gluster_s3_pod.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1" + delay: 10 + retries: "{{ (glusterfs_timeout | int / 10) | int }}" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml new file mode 100644 index 000000000..d6be8c726 --- /dev/null +++ b/roles/openshift_storage_glusterfs/tasks/glusterblock_deploy.yml @@ -0,0 +1,66 @@ +--- +- name: Delete pre-existing glusterblock provisioner resources + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: "{{ item.kind }}" + name: "{{ item.name | default(omit) }}" + selector: "{{ item.selector | default(omit) }}" + state: absent + with_items: + - kind: "all,deploy,sa,clusterrole,clusterrolebinding" + selector: "glusterblock" + failed_when: False + when: glusterfs_wipe + +- name: Wait for glusterblock provisioner pods to terminate + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: pod + state: list + selector: "glusterfs=block-{{ glusterfs_name }}-provisioner-pod" + register: glusterblock_pod + until: "glusterblock_pod.results.results[0]['items'] | count == 0" + delay: 10 + retries: "{{ (glusterfs_timeout | int / 10) | int }}" + when: glusterfs_wipe + +- name: Copy initial glusterblock provisioner resource file + copy: + src: "{{ openshift.common.examples_content_version }}/{{ item }}" + dest: "{{ mktemp.stdout }}/{{ item }}" + with_items: + - "glusterblock-provisioner.yml" + +- name: Create glusterblock provisioner template + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: template + name: "glusterblock-provisioner" + state: present + files: + - "{{ mktemp.stdout }}/glusterblock-provisioner.yml" + +- name: Deploy glusterblock provisioner + oc_process: + namespace: "{{ glusterfs_namespace }}" + template_name: "glusterblock-provisioner" + create: True + params: + IMAGE_NAME: "{{ glusterfs_block_image }}" + IMAGE_VERSION: "{{ glusterfs_block_version }}" + NAMESPACE: "{{ glusterfs_namespace }}" + CLUSTER_NAME: "{{ glusterfs_name }}" + +- name: Wait for glusterblock provisioner pod + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: pod + state: list + selector: "glusterfs=block-{{ glusterfs_name }}-provisioner-pod" + register: glusterblock_pod + until: + - "glusterblock_pod.results.results[0]['items'] | count > 0" + # Pod's 'Ready' status must be True + - "glusterblock_pod.results.results[0]['items'] | oo_collect(attribute='status.conditions') | oo_collect(attribute='status', filters={'type': 'Ready'}) | map('bool') | select | list | count == 1" + delay: 10 + retries: "{{ (glusterfs_timeout | int / 10) | int }}" diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml index 51724f979..2a678af57 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_common.yml @@ -259,51 +259,59 @@ - glusterfs_heketi_is_native - glusterfs_heketi_is_missing -- name: Create heketi secret - oc_secret: - namespace: "{{ glusterfs_namespace }}" - state: present - name: "heketi-{{ glusterfs_name }}-admin-secret" - type: "kubernetes.io/glusterfs" - force: True - contents: - - path: key - data: "{{ glusterfs_heketi_admin_key }}" - when: - - glusterfs_storageclass - - glusterfs_heketi_admin_key is defined - -- name: Get heketi route - oc_obj: - namespace: "{{ glusterfs_namespace }}" - kind: route - state: list - name: "heketi-{{ glusterfs_name }}" - register: heketi_route - when: - - glusterfs_storageclass - - glusterfs_heketi_is_native - -- name: Determine StorageClass heketi URL +- name: Check if gluster-s3 can't be deployed set_fact: - glusterfs_heketi_route: "{{ heketi_route.results.results[0]['spec']['host'] }}" + glusterfs_s3_deploy: False when: - - glusterfs_storageclass - - glusterfs_heketi_is_native - -- name: Generate GlusterFS StorageClass file - template: - src: "{{ openshift.common.examples_content_version }}/glusterfs-storageclass.yml.j2" - dest: "{{ mktemp.stdout }}/glusterfs-storageclass.yml" + - "glusterfs_s3_account is not defined or glusterfs_s3_user is not defined or glusterfs_s3_password is not defined" + +- block: + - name: Create heketi secret + oc_secret: + namespace: "{{ glusterfs_namespace }}" + state: present + name: "heketi-{{ glusterfs_name }}-admin-secret" + type: "kubernetes.io/glusterfs" + force: True + contents: + - path: key + data: "{{ glusterfs_heketi_admin_key }}" + when: + - glusterfs_heketi_admin_key is defined + + - name: Get heketi route + oc_obj: + namespace: "{{ glusterfs_namespace }}" + kind: route + state: list + name: "heketi-{{ glusterfs_name }}" + register: heketi_route + when: + - glusterfs_heketi_is_native + + - name: Determine StorageClass heketi URL + set_fact: + glusterfs_heketi_route: "{{ heketi_route.results.results[0]['spec']['host'] }}" + when: + - glusterfs_heketi_is_native + + - name: Generate GlusterFS StorageClass file + template: + src: "{{ openshift.common.examples_content_version }}/glusterfs-storageclass.yml.j2" + dest: "{{ mktemp.stdout }}/glusterfs-storageclass.yml" + + - name: Create GlusterFS StorageClass + oc_obj: + state: present + kind: storageclass + name: "glusterfs-{{ glusterfs_name }}" + files: + - "{{ mktemp.stdout }}/glusterfs-storageclass.yml" when: - - glusterfs_storageclass + - glusterfs_storageclass or glusterfs_s3_deploy -- name: Create GlusterFS StorageClass - oc_obj: - state: present - kind: storageclass - name: "glusterfs-{{ glusterfs_name }}" - files: - - "{{ mktemp.stdout }}/glusterfs-storageclass.yml" - when: - - glusterfs_storageclass +- include: glusterblock_deploy.yml + when: glusterfs_block_deploy + +- include: gluster_s3_deploy.yml + when: glusterfs_s3_deploy diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml index 012c722ff..1ede0ae94 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_config.yml @@ -9,6 +9,22 @@ glusterfs_storageclass: "{{ openshift_storage_glusterfs_storageclass }}" glusterfs_image: "{{ openshift_storage_glusterfs_image }}" glusterfs_version: "{{ openshift_storage_glusterfs_version }}" + glusterfs_block_deploy: "{{ openshift_storage_glusterfs_block_deploy | bool }}" + glusterfs_block_image: "{{ openshift_storage_glusterfs_block_image }}" + glusterfs_block_version: "{{ openshift_storage_glusterfs_block_version }}" + glusterfs_block_host_vol_create: "{{ openshift_storage_glusterfs_block_host_vol_create }}" + glusterfs_block_host_vol_size: "{{ openshift_storage_glusterfs_block_host_vol_size }}" + glusterfs_block_host_vol_max: "{{ openshift_storage_glusterfs_block_host_vol_max }}" + glusterfs_s3_deploy: "{{ openshift_storage_glusterfs_s3_deploy | bool }}" + glusterfs_s3_image: "{{ openshift_storage_glusterfs_s3_image }}" + glusterfs_s3_version: "{{ openshift_storage_glusterfs_s3_version }}" + glusterfs_s3_account: "{{ openshift_storage_glusterfs_s3_account }}" + glusterfs_s3_user: "{{ openshift_storage_glusterfs_s3_user }}" + glusterfs_s3_password: "{{ openshift_storage_glusterfs_s3_password }}" + glusterfs_s3_pvc: "{{ openshift_storage_glusterfs_s3_pvc }}" + glusterfs_s3_pvc_size: "{{ openshift_storage_glusterfs_s3_pvc_size }}" + glusterfs_s3_meta_pvc: "{{ openshift_storage_glusterfs_s3_meta_pvc }}" + glusterfs_s3_meta_pvc_size: "{{ openshift_storage_glusterfs_s3_meta_pvc_size }}" glusterfs_wipe: "{{ openshift_storage_glusterfs_wipe | bool }}" glusterfs_heketi_is_native: "{{ openshift_storage_glusterfs_heketi_is_native | bool }}" glusterfs_heketi_is_missing: "{{ openshift_storage_glusterfs_heketi_is_missing | bool }}" @@ -27,6 +43,7 @@ glusterfs_heketi_ssh_user: "{{ openshift_storage_glusterfs_heketi_ssh_user }}" glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_heketi_ssh_sudo | bool }}" glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_heketi_ssh_keyfile }}" + glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_heketi_fstab }}" glusterfs_nodes: "{{ groups.glusterfs }}" - include: glusterfs_common.yml diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml index 932d06038..ef37762f9 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_deploy.yml @@ -87,6 +87,7 @@ IMAGE_VERSION: "{{ glusterfs_version }}" NODE_LABELS: "{{ glusterfs_nodeselector }}" CLUSTER_NAME: "{{ glusterfs_name }}" + GB_GLFS_LRU_COUNT: "{{ glusterfs_block_host_vol_max }}" - name: Wait for GlusterFS pods oc_obj: diff --git a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml index 1bcab8e49..1fa42efa7 100644 --- a/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml +++ b/roles/openshift_storage_glusterfs/tasks/glusterfs_registry.yml @@ -9,6 +9,22 @@ glusterfs_storageclass: "{{ openshift_storage_glusterfs_registry_storageclass }}" glusterfs_image: "{{ openshift_storage_glusterfs_registry_image }}" glusterfs_version: "{{ openshift_storage_glusterfs_registry_version }}" + glusterfs_block_deploy: "{{ openshift_storage_glusterfs_registry_block_deploy | bool }}" + glusterfs_block_image: "{{ openshift_storage_glusterfs_registry_block_image }}" + glusterfs_block_version: "{{ openshift_storage_glusterfs_registry_block_version }}" + glusterfs_block_host_vol_create: "{{ openshift_storage_glusterfs_registry_block_host_vol_create }}" + glusterfs_block_host_vol_size: "{{ openshift_storage_glusterfs_registry_block_host_vol_size }}" + glusterfs_block_host_vol_max: "{{ openshift_storage_glusterfs_registry_block_host_vol_max }}" + glusterfs_s3_deploy: "{{ openshift_storage_glusterfs_registry_s3_deploy | bool }}" + glusterfs_s3_image: "{{ openshift_storage_glusterfs_registry_s3_image }}" + glusterfs_s3_version: "{{ openshift_storage_glusterfs_registry_s3_version }}" + glusterfs_s3_account: "{{ openshift_storage_glusterfs_registry_s3_account }}" + glusterfs_s3_user: "{{ openshift_storage_glusterfs_registry_s3_user }}" + glusterfs_s3_password: "{{ openshift_storage_glusterfs_registry_s3_password }}" + glusterfs_s3_pvc: "{{ openshift_storage_glusterfs_registry_s3_pvc }}" + glusterfs_s3_pvc_size: "{{ openshift_storage_glusterfs_registry_s3_pvc_size }}" + glusterfs_s3_meta_pvc: "{{ openshift_storage_glusterfs_registry_s3_meta_pvc }}" + glusterfs_s3_meta_pvc_size: "{{ openshift_storage_glusterfs_registry_s3_meta_pvc_size }}" glusterfs_wipe: "{{ openshift_storage_glusterfs_registry_wipe | bool }}" glusterfs_heketi_is_native: "{{ openshift_storage_glusterfs_registry_heketi_is_native | bool }}" glusterfs_heketi_is_missing: "{{ openshift_storage_glusterfs_registry_heketi_is_missing | bool }}" @@ -27,6 +43,7 @@ glusterfs_heketi_ssh_user: "{{ openshift_storage_glusterfs_registry_heketi_ssh_user }}" glusterfs_heketi_ssh_sudo: "{{ openshift_storage_glusterfs_registry_heketi_ssh_sudo | bool }}" glusterfs_heketi_ssh_keyfile: "{{ openshift_storage_glusterfs_registry_heketi_ssh_keyfile }}" + glusterfs_heketi_fstab: "{{ openshift_storage_glusterfs_registry_heketi_fstab }}" glusterfs_nodes: "{{ groups.glusterfs_registry | default(groups.glusterfs) }}" - include: glusterfs_common.yml diff --git a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part1.yml b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part1.yml index 73396c9af..935d3b689 100644 --- a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part1.yml +++ b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part1.yml @@ -27,7 +27,7 @@ HEKETI_USER_KEY: "{{ glusterfs_heketi_user_key }}" HEKETI_ADMIN_KEY: "{{ glusterfs_heketi_admin_key }}" HEKETI_EXECUTOR: "{{ glusterfs_heketi_executor }}" - HEKETI_KUBE_NAMESPACE: "{{ glusterfs_namespace }}" + HEKETI_FSTAB: "{{ glusterfs_heketi_fstab }}" CLUSTER_NAME: "{{ glusterfs_name }}" - name: Set heketi Deployed fact diff --git a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml index 074904bec..d23bd42b9 100644 --- a/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml +++ b/roles/openshift_storage_glusterfs/tasks/heketi_deploy_part2.yml @@ -1,6 +1,6 @@ --- - name: Create heketi DB volume - command: "{{ glusterfs_heketi_client }} setup-openshift-heketi-storage --image {{ glusterfs_heketi_image}}:{{ glusterfs_heketi_version }} --listfile /tmp/heketi-storage.json" + command: "{{ glusterfs_heketi_client }} setup-openshift-heketi-storage --listfile /tmp/heketi-storage.json" register: setup_storage - name: Copy heketi-storage list @@ -107,7 +107,7 @@ HEKETI_USER_KEY: "{{ glusterfs_heketi_user_key }}" HEKETI_ADMIN_KEY: "{{ glusterfs_heketi_admin_key }}" HEKETI_EXECUTOR: "{{ glusterfs_heketi_executor }}" - HEKETI_KUBE_NAMESPACE: "{{ glusterfs_namespace }}" + HEKETI_FSTAB: "{{ glusterfs_heketi_fstab }}" CLUSTER_NAME: "{{ glusterfs_name }}" - name: Wait for heketi pod diff --git a/roles/openshift_storage_glusterfs/tasks/kernel_modules.yml b/roles/openshift_storage_glusterfs/tasks/kernel_modules.yml new file mode 100644 index 000000000..030fa81c9 --- /dev/null +++ b/roles/openshift_storage_glusterfs/tasks/kernel_modules.yml @@ -0,0 +1,12 @@ +--- +- name: Ensure device mapper modules loaded + template: + src: glusterfs.conf + dest: /etc/modules-load.d/glusterfs.conf + register: km + +- name: load kernel modules + systemd: + name: systemd-modules-load.service + state: restarted + when: km | changed diff --git a/roles/openshift_storage_glusterfs/templates/glusterfs.conf b/roles/openshift_storage_glusterfs/templates/glusterfs.conf new file mode 100644 index 000000000..dd4d6e6f7 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/glusterfs.conf @@ -0,0 +1,4 @@ +#{{ ansible_managed }} +dm_thin_pool +dm_snapshot +dm_mirror
\ No newline at end of file diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-endpoints.yml.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-endpoints.yml.j2 new file mode 100644 index 000000000..11c9195bb --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: glusterfs-{{ glusterfs_name }}-endpoints +subsets: +- addresses: +{% for node in glusterfs_nodes %} + - ip: {{ hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip) }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-service.yml.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-service.yml.j2 new file mode 100644 index 000000000..3f869d2b7 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-registry-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: glusterfs-{{ glusterfs_name }}-endpoints +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-storageclass.yml.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-storageclass.yml.j2 new file mode 100644 index 000000000..454e84aaf --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/glusterfs-storageclass.yml.j2 @@ -0,0 +1,13 @@ +--- +apiVersion: storage.k8s.io/v1beta1 +kind: StorageClass +metadata: + name: glusterfs-{{ glusterfs_name }} +provisioner: kubernetes.io/glusterfs +parameters: + resturl: "http://{% if glusterfs_heketi_is_native %}{{ glusterfs_heketi_route }}{% else %}{{ glusterfs_heketi_url }}:{{ glusterfs_heketi_port }}{% endif %}" + restuser: "admin" +{% if glusterfs_heketi_admin_key is defined %} + secretNamespace: "{{ glusterfs_namespace }}" + secretName: "heketi-{{ glusterfs_name }}-admin-secret" +{%- endif -%} diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/heketi-endpoints.yml.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/heketi-endpoints.yml.j2 new file mode 100644 index 000000000..99cbdf748 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/heketi-endpoints.yml.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: heketi-db-{{ glusterfs_name }}-endpoints +subsets: +- addresses: +{% for node in glusterfs_nodes %} + - ip: {{ hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip) }} +{% endfor %} + ports: + - port: 1 diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/heketi-service.yml.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/heketi-service.yml.j2 new file mode 100644 index 000000000..dcb896441 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/heketi-service.yml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: heketi-db-{{ glusterfs_name }}-endpoints +spec: + ports: + - port: 1 +status: + loadBalancer: {} diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/heketi.json.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/heketi.json.j2 new file mode 100644 index 000000000..579b11bb7 --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/heketi.json.j2 @@ -0,0 +1,36 @@ +{ + "_port_comment": "Heketi Server Port Number", + "port" : "8080", + + "_use_auth": "Enable JWT authorization. Please enable for deployment", + "use_auth" : false, + + "_jwt" : "Private keys for access", + "jwt" : { + "_admin" : "Admin has access to all APIs", + "admin" : { + "key" : "My Secret" + }, + "_user" : "User only has access to /volumes endpoint", + "user" : { + "key" : "My Secret" + } + }, + + "_glusterfs_comment": "GlusterFS Configuration", + "glusterfs" : { + + "_executor_comment": "Execute plugin. Possible choices: mock, kubernetes, ssh", + "executor" : "{{ glusterfs_heketi_executor }}", + + "_db_comment": "Database file name", + "db" : "/var/lib/heketi/heketi.db", + + "sshexec" : { + "keyfile" : "/etc/heketi/private_key", + "port" : "{{ glusterfs_heketi_ssh_port }}", + "user" : "{{ glusterfs_heketi_ssh_user }}", + "sudo" : {{ glusterfs_heketi_ssh_sudo | lower }} + } + } +} diff --git a/roles/openshift_storage_glusterfs/templates/v1.5/topology.json.j2 b/roles/openshift_storage_glusterfs/templates/v1.5/topology.json.j2 new file mode 100644 index 000000000..d6c28f6dd --- /dev/null +++ b/roles/openshift_storage_glusterfs/templates/v1.5/topology.json.j2 @@ -0,0 +1,49 @@ +{ + "clusters": [ +{%- set clusters = {} -%} +{%- for node in glusterfs_nodes -%} + {%- set cluster = hostvars[node].glusterfs_cluster if 'glusterfs_cluster' in node else '1' -%} + {%- if cluster in clusters -%} + {%- set _dummy = clusters[cluster].append(node) -%} + {%- else -%} + {%- set _dummy = clusters.update({cluster: [ node, ]}) -%} + {%- endif -%} +{%- endfor -%} +{%- for cluster in clusters -%} + { + "nodes": [ +{%- for node in clusters[cluster] -%} + { + "node": { + "hostnames": { + "manage": [ +{%- if 'glusterfs_hostname' in hostvars[node] -%} + "{{ hostvars[node].glusterfs_hostname }}" +{%- elif 'openshift' in hostvars[node] -%} + "{{ hostvars[node].openshift.node.nodename }}" +{%- else -%} + "{{ node }}" +{%- endif -%} + ], + "storage": [ +{%- if 'glusterfs_ip' in hostvars[node] -%} + "{{ hostvars[node].glusterfs_ip }}" +{%- else -%} + "{{ hostvars[node].openshift.common.ip }}" +{%- endif -%} + ] + }, + "zone": {{ hostvars[node].glusterfs_zone | default(1) }} + }, + "devices": [ +{%- for device in hostvars[node].glusterfs_devices -%} + "{{ device }}"{% if not loop.last %},{% endif %} +{%- endfor -%} + ] + }{% if not loop.last %},{% endif %} +{%- endfor -%} + ] + }{% if not loop.last %},{% endif %} +{%- endfor -%} + ] +} diff --git a/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 b/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 index 579b11bb7..565e9be98 100644 --- a/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 +++ b/roles/openshift_storage_glusterfs/templates/v3.7/heketi.json.j2 @@ -31,6 +31,12 @@ "port" : "{{ glusterfs_heketi_ssh_port }}", "user" : "{{ glusterfs_heketi_ssh_user }}", "sudo" : {{ glusterfs_heketi_ssh_sudo | lower }} - } + }, + + "_auto_create_block_hosting_volume": "Creates Block Hosting volumes automatically if not found or exsisting volume exhausted", + "auto_create_block_hosting_volume": {{ glusterfs_block_host_vol_create | lower }}, + + "_block_hosting_volume_size": "New block hosting volume will be created in size mentioned, This is considered only if auto-create is enabled.", + "block_hosting_volume_size": {{ glusterfs_block_host_vol_size }} } } diff --git a/roles/openshift_storage_nfs/tasks/main.yml b/roles/openshift_storage_nfs/tasks/main.yml index 3047fbaf9..c4e023c1e 100644 --- a/roles/openshift_storage_nfs/tasks/main.yml +++ b/roles/openshift_storage_nfs/tasks/main.yml @@ -35,6 +35,9 @@ - "{{ openshift.logging }}" - "{{ openshift.loggingops }}" - "{{ openshift.hosted.etcd }}" + - "{{ openshift.prometheus }}" + - "{{ openshift.prometheus.alertmanager }}" + - "{{ openshift.prometheus.alertbuffer }}" - name: Configure exports template: diff --git a/roles/openshift_storage_nfs/templates/exports.j2 b/roles/openshift_storage_nfs/templates/exports.j2 index 0141e0d25..c2a741035 100644 --- a/roles/openshift_storage_nfs/templates/exports.j2 +++ b/roles/openshift_storage_nfs/templates/exports.j2 @@ -3,3 +3,6 @@ {{ openshift.logging.storage.nfs.directory }}/{{ openshift.logging.storage.volume.name }} {{ openshift.logging.storage.nfs.options }} {{ openshift.loggingops.storage.nfs.directory }}/{{ openshift.loggingops.storage.volume.name }} {{ openshift.loggingops.storage.nfs.options }} {{ openshift.hosted.etcd.storage.nfs.directory }}/{{ openshift.hosted.etcd.storage.volume.name }} {{ openshift.hosted.etcd.storage.nfs.options }} +{{ openshift.prometheus.storage.nfs.directory }}/{{ openshift.prometheus.storage.volume.name }} {{ openshift.prometheus.storage.nfs.options }} +{{ openshift.prometheus.alertmanager.storage.nfs.directory }}/{{ openshift.prometheus.alertmanager.storage.volume.name }} {{ openshift.prometheus.alertmanager.storage.nfs.options }} +{{ openshift.prometheus.alertbuffer.storage.nfs.directory }}/{{ openshift.prometheus.alertbuffer.storage.volume.name }} {{ openshift.prometheus.alertbuffer.storage.nfs.options }} diff --git a/roles/openshift_version/defaults/main.yml b/roles/openshift_version/defaults/main.yml index 53d10f1f8..01a1a7472 100644 --- a/roles/openshift_version/defaults/main.yml +++ b/roles/openshift_version/defaults/main.yml @@ -1,3 +1,2 @@ --- openshift_protect_installed_version: True -version_install_base_package: False diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index f4e9ff43a..1c8b9046c 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -5,16 +5,6 @@ is_containerized: "{{ openshift.common.is_containerized | default(False) | bool }}" is_atomic: "{{ openshift.common.is_atomic | default(False) | bool }}" -# This is only needed on masters and nodes; version_install_base_package -# should be set by a play externally. -- name: Install the base package for versioning - package: - name: "{{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }}" - state: present - when: - - not is_containerized | bool - - version_install_base_package | bool - # Block attempts to install origin without specifying some kind of version information. # This is because the latest tags for origin are usually alpha builds, which should not # be used by default. Users must indicate what they want. diff --git a/roles/template_service_broker/defaults/main.yml b/roles/template_service_broker/defaults/main.yml index fb407c4a2..421b4ecf9 100644 --- a/roles/template_service_broker/defaults/main.yml +++ b/roles/template_service_broker/defaults/main.yml @@ -1,4 +1,5 @@ --- # placeholder file? template_service_broker_remove: False -template_service_broker_install: False +template_service_broker_install: True +openshift_template_service_broker_namespaces: ['openshift'] diff --git a/roles/template_service_broker/files/openshift-ansible-catalog-console.js b/roles/template_service_broker/files/openshift-ansible-catalog-console.js deleted file mode 100644 index b3a3d3428..000000000 --- a/roles/template_service_broker/files/openshift-ansible-catalog-console.js +++ /dev/null @@ -1 +0,0 @@ -window.OPENSHIFT_CONSTANTS.ENABLE_TECH_PREVIEW_FEATURE.template_service_broker = true; diff --git a/roles/template_service_broker/tasks/install.yml b/roles/template_service_broker/tasks/install.yml index f5fd6487c..99a58baff 100644 --- a/roles/template_service_broker/tasks/install.yml +++ b/roles/template_service_broker/tasks/install.yml @@ -6,7 +6,7 @@ - "{{ openshift_deployment_type | default(deployment_type) }}.yml" - "default_images.yml" -- name: set ansible_service_broker facts +- name: set template_service_broker facts set_fact: template_service_broker_prefix: "{{ template_service_broker_prefix | default(__template_service_broker_prefix) }}" template_service_broker_version: "{{ template_service_broker_version | default(__template_service_broker_version) }}" @@ -28,20 +28,29 @@ - "{{ __tsb_template_file }}" - "{{ __tsb_rbac_file }}" - "{{ __tsb_broker_file }}" + - "{{ __tsb_config_file }}" + +- yedit: + src: "{{ mktemp.stdout }}/{{ __tsb_config_file }}" + key: templateNamespaces + value: "{{ openshift_template_service_broker_namespaces }}" + value_type: list + +- slurp: + src: "{{ mktemp.stdout }}/{{ __tsb_config_file }}" + register: config - name: Apply template file shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" --param API_SERVER_CONFIG="{{ lookup('file', __tsb_files_location ~ '/' ~ __tsb_config_file) }}" --param IMAGE="{{ template_service_broker_prefix }}{{ template_service_broker_image_name }}:{{ template_service_broker_version }}" | kubectl apply -f - + {{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" + --param API_SERVER_CONFIG="{{ config['content'] | b64decode }}" + --param IMAGE="{{ template_service_broker_prefix }}{{ template_service_broker_image_name }}:{{ template_service_broker_version }}" + | {{ openshift.common.client_binary }} apply -f - # reconcile with rbac - name: Reconcile with RBAC file shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_rbac_file }}" | oc auth reconcile -f - - -- name: copy tech preview extension file for service console UI - copy: - src: openshift-ansible-catalog-console.js - dest: /etc/origin/master/openshift-ansible-catalog-console.js + {{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_rbac_file }}" | {{ openshift.common.client_binary }} auth reconcile -f - # Check that the TSB is running - name: Verify that TSB is running @@ -62,13 +71,13 @@ when: openshift_master_config_dir is undefined - slurp: - src: "{{ openshift_master_config_dir }}/ca.crt" + src: "{{ openshift_master_config_dir }}/service-signer.crt" register: __ca_bundle # Register with broker - name: Register TSB with broker shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" --param CA_BUNDLE="{{ __ca_bundle.content }}" | oc apply -f - + {{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" --param CA_BUNDLE="{{ __ca_bundle.content }}" | {{ openshift.common.client_binary }} apply -f - - file: state: absent diff --git a/roles/template_service_broker/tasks/main.yml b/roles/template_service_broker/tasks/main.yml index d7ca970c7..6a4d89a46 100644 --- a/roles/template_service_broker/tasks/main.yml +++ b/roles/template_service_broker/tasks/main.yml @@ -2,7 +2,7 @@ # do any asserts here - include: install.yml - when: template_service_broker_install | default(false) | bool + when: template_service_broker_install | bool - include: remove.yml - when: template_service_broker_remove | default(false) | bool + when: template_service_broker_remove | bool diff --git a/roles/template_service_broker/tasks/remove.yml b/roles/template_service_broker/tasks/remove.yml index f3afe65ed..8b5593ff9 100644 --- a/roles/template_service_broker/tasks/remove.yml +++ b/roles/template_service_broker/tasks/remove.yml @@ -13,11 +13,11 @@ - name: Delete TSB broker shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" | oc delete -f - + {{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" | {{ openshift.common.client_binary }} delete --ignore-not-found -f - - name: Delete TSB objects shell: > - oc process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" | kubectl delete -f - + {{ openshift.common.client_binary }} process -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}" | {{ openshift.common.client_binary }} delete --ignore-not-found -f - - name: empty out tech preview extension file for service console UI copy: diff --git a/roles/tuned/defaults/main.yml b/roles/tuned/defaults/main.yml new file mode 100644 index 000000000..418a4b521 --- /dev/null +++ b/roles/tuned/defaults/main.yml @@ -0,0 +1,3 @@ +--- +tuned_etc_directory: '/etc/tuned' +tuned_templates_source: '../templates' diff --git a/roles/tuned/meta/main.yml b/roles/tuned/meta/main.yml new file mode 100644 index 000000000..833d94c13 --- /dev/null +++ b/roles/tuned/meta/main.yml @@ -0,0 +1,13 @@ +--- +galaxy_info: + author: Jiri Mencak + description: Restart the tuned daemon if present and make it use the recommended profile + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.3 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud diff --git a/roles/openshift_node/tasks/tuned.yml b/roles/tuned/tasks/main.yml index 425bf6a26..e95d274d5 100644 --- a/roles/openshift_node/tasks/tuned.yml +++ b/roles/tuned/tasks/main.yml @@ -12,8 +12,6 @@ - name: Set tuned OpenShift variables set_fact: openshift_tuned_guest_profile: "{{ 'atomic-guest' if openshift.common.is_atomic else 'virtual-guest' }}" - tuned_etc_directory: '/etc/tuned' - tuned_templates_source: '../templates/tuned' - name: Ensure directory structure exists file: diff --git a/roles/openshift_node/templates/tuned/openshift-control-plane/tuned.conf b/roles/tuned/templates/openshift-control-plane/tuned.conf index f22f21065..f22f21065 100644 --- a/roles/openshift_node/templates/tuned/openshift-control-plane/tuned.conf +++ b/roles/tuned/templates/openshift-control-plane/tuned.conf diff --git a/roles/openshift_node/templates/tuned/openshift-node/tuned.conf b/roles/tuned/templates/openshift-node/tuned.conf index 78c7d19c9..78c7d19c9 100644 --- a/roles/openshift_node/templates/tuned/openshift-node/tuned.conf +++ b/roles/tuned/templates/openshift-node/tuned.conf diff --git a/roles/openshift_node/templates/tuned/openshift/tuned.conf b/roles/tuned/templates/openshift/tuned.conf index 68ac5dadb..68ac5dadb 100644 --- a/roles/openshift_node/templates/tuned/openshift/tuned.conf +++ b/roles/tuned/templates/openshift/tuned.conf diff --git a/roles/openshift_node/templates/tuned/recommend.conf b/roles/tuned/templates/recommend.conf index 5fa765798..086e5673d 100644 --- a/roles/openshift_node/templates/tuned/recommend.conf +++ b/roles/tuned/templates/recommend.conf @@ -1,8 +1,11 @@ -[openshift-node] -/etc/origin/node/node-config.yaml=.*region=primary - [openshift-control-plane,master] /etc/origin/master/master-config.yaml=.* [openshift-control-plane,node] /etc/origin/node/node-config.yaml=.*region=infra + +[openshift-control-plane,lb] +/etc/haproxy/haproxy.cfg=.* + +[openshift-node] +/etc/origin/node/node-config.yaml=.* @@ -83,10 +83,14 @@ def find_entrypoint_playbooks(): if not isinstance(task, dict): # Skip yaml files which are not a dictionary of tasks continue - if 'include' in task: + if 'include' in task or 'import_playbook' in task: # Add the playbook and capture included playbooks playbooks.add(yaml_file) - included_file_name = task['include'].split()[0] + if 'include' in task: + directive = task['include'] + else: + directive = task['import_playbook'] + included_file_name = directive.split()[0] included_file = os.path.normpath( os.path.join(os.path.dirname(yaml_file), included_file_name)) @@ -318,7 +322,7 @@ class OpenShiftAnsibleSyntaxCheck(Command): has_errors = False print('Ansible Deprecation Checks') - exclude_dirs = ['adhoc', 'files', 'meta', 'test', 'tests', 'vars', 'defaults', '.tox'] + exclude_dirs = ['adhoc', 'files', 'meta', 'vars', 'defaults', '.tox'] for yaml_file in find_files( os.getcwd(), exclude_dirs, None, r'\.ya?ml$'): with open(yaml_file, 'r') as contents: @@ -336,7 +340,6 @@ class OpenShiftAnsibleSyntaxCheck(Command): if not has_errors: print('...PASSED') - print('Ansible Playbook Entry Point Syntax Checks') for playbook in find_entrypoint_playbooks(): print('-' * 60) @@ -350,8 +353,21 @@ class OpenShiftAnsibleSyntaxCheck(Command): # --syntax-check each entry point playbook else: try: + # Create a host group list to avoid WARNING on unmatched host patterns + host_group_list = [ + 'etcd,masters,nodes,OSEv3', + 'oo_all_hosts', + 'oo_etcd_to_config,oo_new_etcd_to_config,oo_first_etcd,oo_etcd_hosts_to_backup,' + 'oo_etcd_hosts_to_upgrade,oo_etcd_to_migrate', + 'oo_masters,oo_masters_to_config,oo_first_master,oo_containerized_master_nodes', + 'oo_nodes_to_config,oo_nodes_to_upgrade', + 'oo_nodes_use_kuryr,oo_nodes_use_flannel', + 'oo_nodes_use_calico,oo_nodes_use_nuage,oo_nodes_use_contiv', + 'oo_lb_to_config', + 'oo_nfs_to_config', + 'glusterfs,glusterfs_registry,'] subprocess.check_output( - ['ansible-playbook', '-i localhost,', + ['ansible-playbook', '-i ' + ','.join(host_group_list), '--syntax-check', playbook] ) except subprocess.CalledProcessError as cpe: diff --git a/test/integration/openshift_health_checker/setup_container.yml b/test/integration/openshift_health_checker/setup_container.yml index 413754fcd..e3459b376 100644 --- a/test/integration/openshift_health_checker/setup_container.yml +++ b/test/integration/openshift_health_checker/setup_container.yml @@ -51,8 +51,7 @@ - include: preflight/playbooks/tasks/enable_repo.yml vars: { repo_name: "ose-3.2" } -- include: ../../../playbooks/byo/openshift-cluster/initialize_groups.yml -- include: ../../../playbooks/common/openshift-cluster/std_include.yml +- include: ../../../playbooks/init/main.yml - hosts: all tasks: diff --git a/test/openshift_version_tests.py b/test/openshift_version_tests.py index 6095beb95..36b8263bb 100644 --- a/test/openshift_version_tests.py +++ b/test/openshift_version_tests.py @@ -15,50 +15,6 @@ class OpenShiftVersionTests(unittest.TestCase): openshift_version_filters = openshift_version.FilterModule() - # Static tests for legacy filters. - legacy_gte_tests = [{'name': 'oo_version_gte_3_1_or_1_1', - 'positive_openshift-enterprise_version': '3.2.0', - 'negative_openshift-enterprise_version': '3.0.0', - 'positive_origin_version': '1.2.0', - 'negative_origin_version': '1.0.0'}, - {'name': 'oo_version_gte_3_1_1_or_1_1_1', - 'positive_openshift-enterprise_version': '3.2.0', - 'negative_openshift-enterprise_version': '3.1.0', - 'positive_origin_version': '1.2.0', - 'negative_origin_version': '1.1.0'}, - {'name': 'oo_version_gte_3_2_or_1_2', - 'positive_openshift-enterprise_version': '3.3.0', - 'negative_openshift-enterprise_version': '3.1.0', - 'positive_origin_version': '1.3.0', - 'negative_origin_version': '1.1.0'}, - {'name': 'oo_version_gte_3_3_or_1_3', - 'positive_openshift-enterprise_version': '3.4.0', - 'negative_openshift-enterprise_version': '3.2.0', - 'positive_origin_version': '1.4.0', - 'negative_origin_version': '1.2.0'}, - {'name': 'oo_version_gte_3_4_or_1_4', - 'positive_openshift-enterprise_version': '3.5.0', - 'negative_openshift-enterprise_version': '3.3.0', - 'positive_origin_version': '1.5.0', - 'negative_origin_version': '1.3.0'}, - {'name': 'oo_version_gte_3_5_or_1_5', - 'positive_openshift-enterprise_version': '3.6.0', - 'negative_openshift-enterprise_version': '3.4.0', - 'positive_origin_version': '3.6.0', - 'negative_origin_version': '1.4.0'}] - - def test_legacy_gte_filters(self): - for test in self.legacy_gte_tests: - for deployment_type in ['openshift-enterprise', 'origin']: - # Test negative case per deployment_type - self.assertFalse( - self.openshift_version_filters._filters[test['name']]( - test["negative_{}_version".format(deployment_type)], deployment_type)) - # Test positive case per deployment_type - self.assertTrue( - self.openshift_version_filters._filters[test['name']]( - test["positive_{}_version".format(deployment_type)], deployment_type)) - def test_gte_filters(self): for major, minor_start, minor_end in self.openshift_version_filters.versions: for minor in range(minor_start, minor_end): diff --git a/utils/etc/ansible.cfg b/utils/etc/ansible.cfg index f7e6fe2ff..562f6544d 100644 --- a/utils/etc/ansible.cfg +++ b/utils/etc/ansible.cfg @@ -29,6 +29,10 @@ deprecation_warnings = False # ssh_args - set if provided by user (cli) # control_path +[inventory] +# fail more helpfully when the inventory file does not parse (Ansible 2.4+) +unparsed_is_failed=true + # Additional ssh options for OpenShift Ansible [ssh_connection] # shorten the ControlPath which is often too long; when it is, diff --git a/utils/src/ooinstall/cli_installer.py b/utils/src/ooinstall/cli_installer.py index 65a481b10..1226242d0 100644 --- a/utils/src/ooinstall/cli_installer.py +++ b/utils/src/ooinstall/cli_installer.py @@ -25,21 +25,15 @@ QUIET_ANSIBLE_CONFIG = '/usr/share/atomic-openshift-utils/ansible-quiet.cfg' DEFAULT_PLAYBOOK_DIR = '/usr/share/ansible/openshift-ansible/' UPGRADE_MAPPINGS = { - '3.4': { - 'minor_version': '3.4', - 'minor_playbook': 'v3_4/upgrade.yml', - 'major_playbook': 'v3_5/upgrade.yml', - 'major_version': '3.5', - }, - '3.5': { - 'minor_version': '3.5', - 'minor_playbook': 'v3_5/upgrade.yml', - 'major_playbook': 'v3_6/upgrade.yml', - 'major_version': '3.6', - }, '3.6': { 'minor_version': '3.6', 'minor_playbook': 'v3_6/upgrade.yml', + 'major_playbook': 'v3_7/upgrade.yml', + 'major_version': '3.7', + }, + '3.7': { + 'minor_version': '3.7', + 'minor_playbook': 'v3_7/upgrade.yml', }, } diff --git a/utils/src/ooinstall/oo_config.py b/utils/src/ooinstall/oo_config.py index c3501c018..9ecd63a80 100644 --- a/utils/src/ooinstall/oo_config.py +++ b/utils/src/ooinstall/oo_config.py @@ -220,6 +220,7 @@ class OOConfig(object): persisted_value = loaded_config.get(setting) if persisted_value is not None: self.settings[setting] = str(persisted_value) + installer_log.debug("config: set (%s) to value (%s)", setting, persisted_value) # We've loaded any persisted configs, let's verify any # paths which are required for a correct and complete @@ -344,8 +345,9 @@ class OOConfig(object): if 'ansible_ssh_user' not in self.settings: self.settings['ansible_ssh_user'] = '' - self.settings['ansible_inventory_path'] = \ - '{}/hosts'.format(os.path.dirname(self.config_path)) + if 'ansible_inventory_path' not in self.settings: + self.settings['ansible_inventory_path'] = \ + '{}/hosts'.format(os.path.dirname(self.config_path)) # clean up any empty sets empty_keys = [] |
