diff options
Diffstat (limited to 'roles')
168 files changed, 6233 insertions, 1734 deletions
diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml index 7156a9fff..cfd72dfbc 100644 --- a/roles/etcd/meta/main.yml +++ b/roles/etcd/meta/main.yml @@ -7,7 +7,7 @@ galaxy_info: description: etcd management company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.2 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -22,4 +22,4 @@ dependencies: port: "{{etcd_client_port}}/tcp" - service: etcd peering port: "{{ etcd_peer_port }}/tcp" -- role: etcd_common +- role: etcd_server_certificates diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2 index cd048ec60..7ccf78212 100644 --- a/roles/etcd/templates/etcd.conf.j2 +++ b/roles/etcd/templates/etcd.conf.j2 @@ -1,5 +1,5 @@ {% macro initial_cluster() -%} -{% for host in etcd_peers -%} +{% for host in etcd_peers | default([]) -%} {% if loop.last -%} {{ hostvars[host].etcd_hostname }}={{ etcd_peer_url_scheme }}://{{ hostvars[host].etcd_ip }}:{{ etcd_peer_port }} {%- else -%} diff --git a/roles/etcd_ca/meta/main.yml b/roles/etcd_ca/meta/main.yml index d02456ca3..e3e2f7781 100644 --- a/roles/etcd_ca/meta/main.yml +++ b/roles/etcd_ca/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: author: Jason DeTiberus - description: + description: Etcd CA company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.9 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- { role: etcd_common } +- role: etcd_common diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd_ca/tasks/main.yml index e1bb9baed..865074e41 100644 --- a/roles/etcd_ca/tasks/main.yml +++ b/roles/etcd_ca/tasks/main.yml @@ -2,6 +2,8 @@ - name: Install openssl action: "{{ ansible_pkg_mgr }} name=openssl state=present" when: not etcd_is_atomic | bool + delegate_to: "{{ etcd_ca_host }}" + run_once: true - file: path: "{{ item }}" @@ -13,29 +15,41 @@ - "{{ etcd_ca_new_certs_dir }}" - "{{ etcd_ca_crl_dir }}" - "{{ etcd_ca_dir }}/fragments" + delegate_to: "{{ etcd_ca_host }}" + run_once: true - command: cp /etc/pki/tls/openssl.cnf ./ args: chdir: "{{ etcd_ca_dir }}/fragments" creates: "{{ etcd_ca_dir }}/fragments/openssl.cnf" + delegate_to: "{{ etcd_ca_host }}" + run_once: true - template: dest: "{{ etcd_ca_dir }}/fragments/openssl_append.cnf" src: openssl_append.j2 backup: true + delegate_to: "{{ etcd_ca_host }}" + run_once: true - assemble: src: "{{ etcd_ca_dir }}/fragments" dest: "{{ etcd_openssl_conf }}" + delegate_to: "{{ etcd_ca_host }}" + run_once: true - command: touch {{ etcd_ca_db }} args: creates: "{{ etcd_ca_db }}" + delegate_to: "{{ etcd_ca_host }}" + run_once: true - copy: dest: "{{ etcd_ca_serial }}" content: "01" force: no + delegate_to: "{{ etcd_ca_host }}" + run_once: true - command: > openssl req -config {{ etcd_openssl_conf }} -newkey rsa:4096 @@ -48,3 +62,5 @@ creates: "{{ etcd_ca_cert }}" environment: SAN: 'etcd-signer' + delegate_to: "{{ etcd_ca_host }}" + run_once: true diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml deleted file mode 100644 index b497a46c0..000000000 --- a/roles/etcd_certificates/tasks/client.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: Ensure generated_certs directory present - file: - path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - state: directory - mode: 0700 - with_items: "{{ etcd_needing_client_certs | default([]) }}" - -- name: Create the client csr - command: > - openssl req -new -keyout {{ item.etcd_cert_prefix }}client.key - -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}client.csr - -reqexts {{ etcd_req_ext }} -batch -nodes - -subj /CN={{ item.etcd_hostname }} - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'client.csr' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_client_certs | default([]) }}" - -- name: Sign and create the client crt - command: > - openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}client.crt - -in {{ item.etcd_cert_prefix }}client.csr - -batch - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'client.crt' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_client_certs | default([]) }}" - -- file: - src: "{{ etcd_ca_cert }}" - dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" - state: hard - with_items: "{{ etcd_needing_client_certs | default([]) }}" diff --git a/roles/etcd_certificates/tasks/main.yml b/roles/etcd_certificates/tasks/main.yml deleted file mode 100644 index 17092ca58..000000000 --- a/roles/etcd_certificates/tasks/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- include: client.yml - when: etcd_needing_client_certs | default([]) | length > 0 - -- include: server.yml - when: etcd_needing_server_certs | default([]) | length > 0 diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml deleted file mode 100644 index 934b8b805..000000000 --- a/roles/etcd_certificates/tasks/server.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: Ensure generated_certs directory present - file: - path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - state: directory - mode: 0700 - with_items: "{{ etcd_needing_server_certs | default([]) }}" - -- name: Create the server csr - command: > - openssl req -new -keyout {{ item.etcd_cert_prefix }}server.key - -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}server.csr - -reqexts {{ etcd_req_ext }} -batch -nodes - -subj /CN={{ item.etcd_hostname }} - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'server.csr' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" - -- name: Sign and create the server crt - command: > - openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}server.crt - -in {{ item.etcd_cert_prefix }}server.csr - -extensions {{ etcd_ca_exts_server }} -batch - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'server.crt' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" - -- name: Create the peer csr - command: > - openssl req -new -keyout {{ item.etcd_cert_prefix }}peer.key - -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}peer.csr - -reqexts {{ etcd_req_ext }} -batch -nodes - -subj /CN={{ item.etcd_hostname }} - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'peer.csr' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" - -- name: Sign and create the peer crt - command: > - openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} - -out {{ item.etcd_cert_prefix }}peer.crt - -in {{ item.etcd_cert_prefix }}peer.csr - -extensions {{ etcd_ca_exts_peer }} -batch - args: - chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" - creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' - ~ item.etcd_cert_prefix ~ 'peer.crt' }}" - environment: - SAN: "IP:{{ item.etcd_ip }}" - with_items: "{{ etcd_needing_server_certs | default([]) }}" - -- file: - src: "{{ etcd_ca_cert }}" - dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" - state: hard - with_items: "{{ etcd_needing_server_certs | default([]) }}" diff --git a/roles/etcd_certificates/README.md b/roles/etcd_client_certificates/README.md index 95f8f8aab..269d5296d 100644 --- a/roles/etcd_certificates/README.md +++ b/roles/etcd_client_certificates/README.md @@ -1,5 +1,5 @@ -OpenShift etcd certificates -======================== +OpenShift Etcd Certificates +=========================== TODO diff --git a/roles/etcd_client_certificates/library b/roles/etcd_client_certificates/library new file mode 120000 index 000000000..494d3c39e --- /dev/null +++ b/roles/etcd_client_certificates/library @@ -0,0 +1 @@ +../../library
\ No newline at end of file diff --git a/roles/etcd_certificates/meta/main.yml b/roles/etcd_client_certificates/meta/main.yml index 41370fab4..713c78c70 100644 --- a/roles/etcd_certificates/meta/main.yml +++ b/roles/etcd_client_certificates/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: author: Jason DeTiberus - description: + description: Etcd Client Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- { role: etcd_ca } +- role: etcd_ca diff --git a/roles/etcd_client_certificates/tasks/main.yml b/roles/etcd_client_certificates/tasks/main.yml new file mode 100644 index 000000000..b86afb81c --- /dev/null +++ b/roles/etcd_client_certificates/tasks/main.yml @@ -0,0 +1,119 @@ +--- +- name: Check status of external etcd certificatees + stat: + path: "{{ etcd_cert_config_dir }}/{{ item }}" + with_items: + - "{{ etcd_cert_prefix }}client.crt" + - "{{ etcd_cert_prefix }}client.key" + - "{{ etcd_cert_prefix }}ca.crt" + register: g_external_etcd_cert_stat_result + +- set_fact: + etcd_client_certs_missing: "{{ False in (g_external_etcd_cert_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + +- name: Ensure generated_certs directory present + file: + path: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + state: directory + mode: 0700 + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Create the client csr + command: > + openssl req -new -keyout {{ etcd_cert_prefix }}client.key + -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}client.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ etcd_hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'client.csr' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +# Certificates must be signed serially in order to avoid competing +# for the serial file. +- name: Sign and create the client crt + delegated_serial_command: + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}client.crt + -in {{ etcd_cert_prefix }}client.csr + -batch + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'client.crt' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- file: + src: "{{ etcd_ca_cert }}" + dest: "{{ etcd_generated_certs_dir}}/{{ etcd_cert_subdir }}/{{ etcd_cert_prefix }}ca.crt" + state: hard + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX + register: g_etcd_client_mktemp + changed_when: False + when: etcd_client_certs_missing | bool + delegate_to: localhost + become: no + +- name: Create a tarball of the etcd certs + command: > + tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz + -C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} . + args: + creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Retrieve the etcd cert tarballs + fetch: + src: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ g_etcd_client_mktemp.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + when: etcd_client_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Ensure certificate directory exists + file: + path: "{{ etcd_cert_config_dir }}" + state: directory + when: etcd_client_certs_missing | bool + +- name: Unarchive etcd cert tarballs + unarchive: + src: "{{ g_etcd_client_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ etcd_cert_config_dir }}" + when: etcd_client_certs_missing | bool + +- file: + path: "{{ etcd_cert_config_dir }}/{{ item }}" + owner: root + group: root + mode: 0600 + with_items: + - "{{ etcd_cert_prefix }}client.crt" + - "{{ etcd_cert_prefix }}client.key" + - "{{ etcd_cert_prefix }}ca.crt" + when: etcd_client_certs_missing | bool + +- name: Delete temporary directory + file: name={{ g_etcd_client_mktemp.stdout }} state=absent + changed_when: False + when: etcd_client_certs_missing | bool + delegate_to: localhost + become: no diff --git a/roles/openshift_master_ca/README.md b/roles/etcd_server_certificates/README.md index 5b2d3601b..269d5296d 100644 --- a/roles/openshift_master_ca/README.md +++ b/roles/etcd_server_certificates/README.md @@ -1,5 +1,5 @@ -OpenShift Master CA -======================== +OpenShift Etcd Certificates +=========================== TODO @@ -31,4 +31,4 @@ Apache License Version 2.0 Author Information ------------------ -Jason DeTiberus (jdetiber@redhat.com) +Scott Dodson (sdodson@redhat.com) diff --git a/roles/etcd_server_certificates/library b/roles/etcd_server_certificates/library new file mode 120000 index 000000000..494d3c39e --- /dev/null +++ b/roles/etcd_server_certificates/library @@ -0,0 +1 @@ +../../library
\ No newline at end of file diff --git a/roles/openshift_master_ca/meta/main.yml b/roles/etcd_server_certificates/meta/main.yml index b5dd466c9..b453f2bd8 100644 --- a/roles/openshift_master_ca/meta/main.yml +++ b/roles/etcd_server_certificates/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: author: Jason DeTiberus - description: + description: Etcd Server Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,5 +13,4 @@ galaxy_info: - cloud - system dependencies: -- { role: openshift_repos } -- { role: openshift_cli } +- role: etcd_ca diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml new file mode 100644 index 000000000..edcf51092 --- /dev/null +++ b/roles/etcd_server_certificates/tasks/main.yml @@ -0,0 +1,136 @@ +--- +- name: Check status of etcd certificates + stat: + path: "{{ etcd_cert_config_dir }}/{{ item }}" + with_items: + - "{{ etcd_cert_prefix }}server.crt" + - "{{ etcd_cert_prefix }}peer.crt" + - "{{ etcd_cert_prefix }}ca.crt" + register: g_etcd_server_cert_stat_result + +- set_fact: + etcd_server_certs_missing: "{{ False in (g_etcd_server_cert_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + +- name: Ensure generated_certs directory present + file: + path: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + state: directory + mode: 0700 + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Create the server csr + command: > + openssl req -new -keyout {{ etcd_cert_prefix }}server.key + -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}server.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ etcd_hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'server.csr' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +# Certificates must be signed serially in order to avoid competing +# for the serial file. +- name: Sign and create the server crt + delegated_serial_command: + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}server.crt + -in {{ etcd_cert_prefix }}server.csr + -extensions {{ etcd_ca_exts_server }} -batch + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'server.crt' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + delegate_to: "{{ etcd_ca_host }}" + +- name: Create the peer csr + command: > + openssl req -new -keyout {{ etcd_cert_prefix }}peer.key + -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}peer.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ etcd_hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'peer.csr' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Sign and create the peer crt + delegated_serial_command: + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ etcd_cert_prefix }}peer.crt + -in {{ etcd_cert_prefix }}peer.csr + -extensions {{ etcd_ca_exts_peer }} -batch + chdir: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' + ~ etcd_cert_prefix ~ 'peer.crt' }}" + environment: + SAN: "IP:{{ etcd_ip }}" + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- file: + src: "{{ etcd_ca_cert }}" + dest: "{{ etcd_generated_certs_dir}}/{{ etcd_cert_subdir }}/{{ etcd_cert_prefix }}ca.crt" + state: hard + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/etcd_certificates-XXXXXXX + register: g_etcd_server_mktemp + changed_when: False + when: etcd_server_certs_missing | bool + delegate_to: localhost + +- name: Create a tarball of the etcd certs + command: > + tar -czvf {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz + -C {{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }} . + args: + creates: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Retrieve etcd cert tarball + fetch: + src: "{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ g_etcd_server_mktemp.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + when: etcd_server_certs_missing | bool + delegate_to: "{{ etcd_ca_host }}" + +- name: Ensure certificate directory exists + file: + path: "{{ etcd_cert_config_dir }}" + state: directory + when: etcd_server_certs_missing | bool + +- name: Unarchive cert tarball + unarchive: + src: "{{ g_etcd_server_mktemp.stdout }}/{{ etcd_cert_subdir }}.tgz" + dest: "{{ etcd_cert_config_dir }}" + when: etcd_server_certs_missing | bool + +- name: Delete temporary directory + file: name={{ g_etcd_server_mktemp.stdout }} state=absent + changed_when: False + when: etcd_server_certs_missing | bool + delegate_to: localhost diff --git a/roles/flannel/meta/main.yml b/roles/flannel/meta/main.yml index 909bdbfa4..616ae61d2 100644 --- a/roles/flannel/meta/main.yml +++ b/roles/flannel/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: flannel management company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.2 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,4 +13,6 @@ galaxy_info: - cloud - system dependencies: -- { role: openshift_facts } +- role: openshift_facts +- role: openshift_etcd_client_certificates + etcd_cert_prefix: flannel.etcd- diff --git a/roles/openshift_ca/README.md b/roles/openshift_ca/README.md new file mode 100644 index 000000000..96c9cd5f2 --- /dev/null +++ b/roles/openshift_ca/README.md @@ -0,0 +1,48 @@ +OpenShift CA +============ + +This role delegates all tasks to the `openshift_ca_host` such that this role can be depended on by other OpenShift certificate roles. + +Requirements +------------ + +Role Variables +-------------- + +From this role: + +| Name | Default value | Description | +|-------------------------|-----------------------------------------------|-----------------------------------------------------------------------------| +| openshift_ca_host | None (Required) | The hostname of the system where the OpenShift CA will be created. | +| openshift_ca_config_dir | `{{ openshift.common.config_base }}/master` | CA certificate directory. | +| openshift_ca_cert | `{{ openshift_ca_config_dir }}/ca.crt` | CA certificate path including CA certificate filename. | +| openshift_ca_key | `{{ openshift_ca_config_dir }}/ca.key` | CA key path including CA key filename. | +| openshift_ca_serial | `{{ openshift_ca_config_dir }}/ca.serial.txt` | CA serial path including CA serial filename. | +| openshift_version | `{{ openshift_pkg_version }}` | OpenShift package version. | + +Dependencies +------------ + +* openshift_repos +* openshift_cli + +Example Playbook +---------------- + +``` +- name: Create OpenShift CA + hosts: localhost + roles: + - role: openshift_ca + openshift_ca_host: master1.example.com +``` + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_ca/meta/main.yml b/roles/openshift_ca/meta/main.yml new file mode 100644 index 000000000..444c5b77e --- /dev/null +++ b/roles/openshift_ca/meta/main.yml @@ -0,0 +1,18 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift CA + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.1 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- role: openshift_repos +- role: openshift_cli +- role: openshift_named_certificates diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 4d9768ce7..e1bf7dcad 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -28,6 +28,7 @@ path: "{{ openshift_ca_config_dir }}/{{ item }}" register: g_master_ca_stat_result with_items: + - ca-bundle.crt - ca.crt - ca.key delegate_to: "{{ openshift_ca_host }}" @@ -37,17 +38,19 @@ master_ca_missing: "{{ False in (g_master_ca_stat_result.results | oo_collect(attribute='stat.exists') | list) }}" - delegate_to: "{{ openshift_ca_host }}" run_once: true - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ openshift_master_hostnames | join(',') }} - --master={{ openshift.master.api_url }} - --public-master={{ openshift.master.public_api_url }} - --cert-dir={{ openshift_ca_config_dir }} - --overwrite=false - when: hostvars[openshift_ca_host].master_ca_missing | bool + {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + --certificate-authority {{ named_ca_certificate }} + {% endfor %} + --hostnames={{ openshift_master_hostnames | join(',') }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_ca_config_dir }} + --overwrite=false + when: master_ca_missing | bool delegate_to: "{{ openshift_ca_host }}" run_once: true diff --git a/roles/openshift_ca/vars/main.yml b/roles/openshift_ca/vars/main.yml new file mode 100644 index 000000000..a32e385ec --- /dev/null +++ b/roles/openshift_ca/vars/main.yml @@ -0,0 +1,6 @@ +--- +openshift_ca_config_dir: "{{ openshift.common.config_base }}/master" +openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt" +openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key" +openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt" +openshift_version: "{{ openshift_pkg_version | default('') }}" diff --git a/roles/openshift_cluster_metrics/README.md b/roles/openshift_cluster_metrics/README.md deleted file mode 100644 index 9fdfab8e3..000000000 --- a/roles/openshift_cluster_metrics/README.md +++ /dev/null @@ -1,36 +0,0 @@ -#openshift_cluster_metrics - -This role configures Cluster wide metrics. It does setting up three services: -* Metrics are stored in InfluxDB for querying. -* Heapster reads all nodes and pods from the master, then connects to eachs node's kubelet to retrieve pod metrics. -* Grafan allows users to create dashboards of metrics from InfluxDB - -## Requirements - -Running OpenShift cluster - -## Role Variables - -``` -# Enable cluster metrics -use_cluster_metrics=true -``` - -## Dependencies - -None - -## Example Playbook - -TODO - -## Security Note -Opening up the read-only port exposes information about the running pods (such as namespace, pod name, labels, etc.) to unauthenticated clients. The requirement to open up this read-only port will be fixed in future versions. - -##License - -Apache License, Version 2.0 - -## Author Information - -Diego Castro (diego.castro@getupcloud.com) diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml deleted file mode 100644 index bff422efc..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/grafana.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: - - - apiVersion: "v1" - kind: "Service" - metadata: - labels: - provider: "fabric8" - component: "grafana" - name: "grafana" - spec: - ports: - - - port: 80 - targetPort: "http" - selector: - provider: "fabric8" - component: "grafana" - - - apiVersion: "v1" - kind: "ReplicationController" - metadata: - labels: - provider: "fabric8" - component: "grafana" - name: "grafana" - spec: - replicas: 1 - selector: - provider: "fabric8" - component: "grafana" - template: - metadata: - labels: - provider: "fabric8" - component: "grafana" - spec: - containers: - - - env: - - - name: "INFLUXDB_SERVICE_NAME" - value: "INFLUXDB_MONITORING" - - - name: "GRAFANA_DEFAULT_DASHBOARD" - value: "/dashboard/file/kubernetes.json" - image: "fabric8/grafana:1.9.1_2" - name: "grafana" - ports: - - - containerPort: 3000 - name: "http"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml deleted file mode 100644 index 1de2ad699..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster-serviceaccount.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: heapster
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml deleted file mode 100644 index 83e314074..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/heapster.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: - - - apiVersion: "v1" - kind: "ReplicationController" - metadata: - labels: - provider: "fabric8" - component: "heapster" - name: "heapster" - spec: - replicas: 1 - selector: - provider: "fabric8" - component: "heapster" - template: - metadata: - labels: - provider: "fabric8" - component: "heapster" - spec: - containers: - - - args: - - "-source=kubernetes:https://kubernetes.default.svc.cluster.local?auth=&insecure=true&useServiceAccount=true" - - "-sink=influxdb:http://influxdb-monitoring.default.svc.cluster.local:8086" - image: "kubernetes/heapster:V0.14.2" - name: "heapster" - serviceAccount: "heapster"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml b/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml deleted file mode 100644 index 6f67c3d7c..000000000 --- a/roles/openshift_cluster_metrics/files/cluster-metrics/influxdb.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: "v1" -kind: "List" -items: - - - apiVersion: "v1" - kind: "Service" - metadata: - labels: - provider: "fabric8" - component: "influxdb-monitoring" - name: "influxdb-monitoring" - spec: - ports: - - - port: 8086 - targetPort: "http" - selector: - provider: "fabric8" - component: "influxdb-monitoring" - - - apiVersion: "v1" - kind: "ReplicationController" - metadata: - labels: - provider: "fabric8" - component: "influxdb-monitoring" - name: "influxdb-monitoring" - spec: - replicas: 1 - selector: - provider: "fabric8" - component: "influxdb-monitoring" - template: - metadata: - labels: - provider: "fabric8" - component: "influxdb-monitoring" - spec: - containers: - - - env: - - - name: "PRE_CREATE_DB" - value: "k8s;grafana" - image: "fabric8/influxdb:0.8.8" - name: "influxdb" - ports: - - - containerPort: 8090 - name: "raft" - - - containerPort: 8099 - name: "protobuf" - - - containerPort: 8083 - name: "admin" - - - containerPort: 8086 - name: "http" - volumeMounts: - - - mountPath: "/data" - name: "influxdb-data" - volumes: - - - emptyDir: - name: "influxdb-data"
\ No newline at end of file diff --git a/roles/openshift_cluster_metrics/tasks/main.yml b/roles/openshift_cluster_metrics/tasks/main.yml deleted file mode 100644 index 1fc8a074a..000000000 --- a/roles/openshift_cluster_metrics/tasks/main.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- - -- name: Install cluster metrics templates - copy: - src: cluster-metrics - dest: /etc/origin/ - -- name: Create InfluxDB Services - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/influxdb.yaml - register: oex_influxdb_services - failed_when: "'already exists' not in oex_influxdb_services.stderr and oex_influxdb_services.rc != 0" - changed_when: false - -- name: Create Heapster Service Account - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/heapster-serviceaccount.yaml - register: oex_heapster_serviceaccount - failed_when: "'already exists' not in oex_heapster_serviceaccount.stderr and oex_heapster_serviceaccount.rc != 0" - changed_when: false - -- name: Add cluster-reader role to Heapster - command: > - {{ openshift.common.admin_binary }} policy - add-cluster-role-to-user - cluster-reader - system:serviceaccount:default:heapster - register: oex_cluster_header_role - failed_when: "'already exists' not in oex_cluster_header_role.stderr and oex_cluster_header_role.rc != 0" - changed_when: false - -- name: Create Heapster Services - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/heapster.yaml - register: oex_heapster_services - failed_when: "'already exists' not in oex_heapster_services.stderr and oex_heapster_services.rc != 0" - changed_when: false - -- name: Create Grafana Services - command: > - {{ openshift.common.client_binary }} create -f - /etc/origin/cluster-metrics/grafana.yaml - register: oex_grafana_services - failed_when: "'already exists' not in oex_grafana_services.stderr and oex_grafana_services.rc != 0" - changed_when: false - diff --git a/roles/openshift_etcd_client_certificates/meta/main.yml b/roles/openshift_etcd_client_certificates/meta/main.yml new file mode 100644 index 000000000..3268c390f --- /dev/null +++ b/roles/openshift_etcd_client_certificates/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: OpenShift Etcd Client Certificates + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.1 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud +dependencies: +- role: openshift_etcd_facts +- role: etcd_client_certificates diff --git a/roles/openshift_etcd_facts/tasks/main.yml b/roles/openshift_etcd_facts/tasks/main.yml new file mode 100644 index 000000000..22fb39006 --- /dev/null +++ b/roles/openshift_etcd_facts/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- openshift_facts: + role: etcd + local_facts: + etcd_image: "{{ osm_etcd_image | default(None) }}" diff --git a/roles/openshift_etcd_facts/vars/main.yml b/roles/openshift_etcd_facts/vars/main.yml index 6f3894565..cae15d61a 100644 --- a/roles/openshift_etcd_facts/vars/main.yml +++ b/roles/openshift_etcd_facts/vars/main.yml @@ -3,3 +3,8 @@ etcd_is_containerized: "{{ openshift.common.is_containerized }}" etcd_is_atomic: "{{ openshift.common.is_atomic }}" etcd_hostname: "{{ openshift.common.hostname }}" etcd_ip: "{{ openshift.common.ip }}" +etcd_cert_subdir: "etcd-{{ openshift.common.hostname }}" +etcd_cert_prefix: +etcd_cert_config_dir: /etc/etcd +etcd_peer_url_scheme: https +etcd_url_scheme: https diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index 0f5189974..a15285417 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -11,7 +11,9 @@ content_version: "{{ openshift.common.examples_content_version }}" examples_base: "{{ openshift.common.config_base if openshift.common.is_containerized | bool else '/usr/share/openshift' }}/examples" image_streams_base: "{{ examples_base }}/image-streams" centos_image_streams: "{{ image_streams_base}}/image-streams-centos7.json" -rhel_image_streams: "{{ image_streams_base}}/image-streams-rhel7.json" +rhel_image_streams: + - "{{ image_streams_base}}/image-streams-rhel7.json" + - "{{ image_streams_base}}/dotnet_imagestreams.json" db_templates_base: "{{ examples_base }}/db-templates" xpaas_image_streams: "{{ examples_base }}/xpaas-streams/" xpaas_templates_base: "{{ examples_base }}/xpaas-templates" diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index ef2da946a..236717203 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -5,7 +5,7 @@ # # This script should be run from openshift-ansible/roles/openshift_examples -XPAAS_VERSION=ose-v1.3.1 +XPAAS_VERSION=ose-v1.3.2 ORIGIN_VERSION=${1:-v1.3} EXAMPLES_BASE=$(pwd)/files/examples/${ORIGIN_VERSION} find ${EXAMPLES_BASE} -name '*.json' -delete @@ -39,7 +39,7 @@ cp cakephp-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates mv application-templates-${XPAAS_VERSION}/jboss-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/ find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' ! -wholename '*demo*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; wget https://raw.githubusercontent.com/jboss-fuse/application-templates/master/fis-image-streams.json -O ${EXAMPLES_BASE}/xpaas-streams/fis-image-streams.json - +wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/metrics-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/enterprise/metrics-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml -O ${EXAMPLES_BASE}/infrastructure-templates/origin/logging-deployer.yaml diff --git a/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json new file mode 100644 index 000000000..3d7afe4aa --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/image-streams/dotnet_imagestreams.json @@ -0,0 +1,36 @@ +{ + "kind": "List", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .Net Core on RHEL" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnetcore-10-rhel7" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": ".Net Core 1.0 S2I image.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "supports":"dotnet:1.0", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.0/test/asp-net-hello-world", + "version": "1.0" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json index 46f93823c..8c21683dc 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-streams/jboss-image-streams.json @@ -127,6 +127,19 @@ "sampleRef": "6.4.x", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.4" + } } ] } @@ -152,6 +165,19 @@ "sampleRef": "7.0.0.GA", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.0,javaee:7,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.4" + } } ] } @@ -255,19 +281,16 @@ } }, "spec": { + "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift", "tags": [ { - "name": "1.3-TP", + "name": "1.3", "annotations": { - "description": "Red Hat SSO 7.0 Tech Preview", + "description": "Red Hat SSO 7.0", "iconClass": "icon-jboss", "tags": "sso,keycloak,redhat", "supports":"sso:7.0,xpaas:1.3", "version": "1.3" - }, - "from": { - "kind": "DockerImage", - "name": "registry.access.redhat.com/redhat-sso-7-tech-preview/sso70-openshift:1.3" } } ] diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json index ce953c05f..ab35afead 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-basic.json @@ -40,6 +40,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -281,6 +287,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json index 7d41a29ad..c12f06dec 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent-ssl.json @@ -46,6 +46,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -451,6 +457,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json index 5d5dd9840..897ce0395 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-persistent.json @@ -46,6 +46,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -299,6 +305,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json index 4122a02a1..97d110286 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/amq62-ssl.json @@ -40,6 +40,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -435,6 +441,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json index d0e272a8d..12720eb19 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql-persistent.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql-persistent" }, "labels": { "template": "datagrid65-postgresql-persistent", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -710,6 +710,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json index 55a68db40..da8015fb0 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/datagrid65-postgresql.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql" }, "labels": { "template": "datagrid65-postgresql", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -698,6 +698,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json index 219b8ece7..f09900491 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-amq-s2i.json @@ -391,8 +391,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json index 097720375..7f694e0e1 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-basic-s2i.json @@ -245,8 +245,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json index e5e2dee63..ea1fcd5dc 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/decisionserver62-https-s2i.json @@ -334,8 +334,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json index c9ecee9cb..72dbb4302 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-persistent-s2i" }, "labels": { "template": "eap64-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -88,6 +88,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -100,6 +112,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -508,6 +530,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -528,6 +554,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -713,6 +747,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json index 99724db94..9dd847451 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-s2i" }, "labels": { "template": "eap64-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -496,6 +518,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -516,6 +542,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json index 2e3849e2a..7b1800b7b 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-basic-s2i" }, "labels": { "template": "eap64-basic-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -318,6 +324,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json index 2517be3ca..31716d84c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-https-s2i" }, "labels": { "template": "eap64-https-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -76,6 +82,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,7 +368,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -431,6 +449,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -473,6 +495,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json index 97cc465d2..212431056 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-persistent-s2i" }, "labels": { "template": "eap64-mongodb-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,7 +461,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -560,6 +578,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -602,6 +624,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json index 8bdd85546..13fbbdd93 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-s2i" }, "labels": { "template": "eap64-mongodb-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,7 +455,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -554,6 +572,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -596,6 +618,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json index dcc591836..69fdec206 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-persistent-s2i" }, "labels": { "template": "eap64-mysql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,7 +464,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -563,6 +581,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -605,6 +627,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json index 372802eea..2bd3c249f 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-s2i" }, "labels": { "template": "eap64-mysql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,7 +458,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -557,6 +575,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -599,6 +621,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json index 1ba00e3b5..31f245950 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-persistent-s2i" }, "labels": { "template": "eap64-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,7 +449,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -548,6 +566,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -590,6 +612,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -693,6 +723,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json index 860374d3c..eac964697 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-s2i" }, "labels": { "template": "eap64-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,7 +443,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -542,6 +560,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -584,6 +606,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -681,6 +711,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json index 6c644553e..09023be71 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap64-sso-s2i.json @@ -6,13 +6,13 @@ "iconClass" : "icon-jboss", "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", - "version": "1.3.0" + "version": "1.3.2" }, "name": "eap64-sso-s2i" }, "labels": { "template": "eap64-sso-s2i", - "xpaas": "1.3.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -22,27 +22,27 @@ "required": true }, { - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTP", "value": "", - "required": false + "required": true }, { - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTPS", "value": "", - "required": false + "required": true }, { "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/keycloak/keycloak-examples", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", "required": true }, { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "0.4-openshift", + "value": "7.0.x-ose", "required": false }, { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -76,15 +82,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -127,15 +139,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -146,31 +158,43 @@ "required": true }, { - "description": "SSO Location", - "name": "SSO_URI", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", "value": "https://secure-sso:8443/auth", "required": false }, { - "description": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", "name": "SSO_REALM", - "value": "demo", - "required": false + "value": "", + "required": true }, { - "description": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", "name": "SSO_USERNAME", "value": "", "required": false }, { - "description": "SSO Password", + "description": "The password for the SSO service user.", "name": "SSO_PASSWORD", "value": "", "required": false }, { - "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.", "name": "SSO_PUBLIC_KEY", "value": "", "required": false @@ -182,21 +206,9 @@ "required": false }, { - "description": "Routes", - "name": "APPLICATION_ROUTES", - "value": "", - "required": false - }, - { - "description": "Artifacts", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", "name": "ARTIFACT_DIR", - "value": "app-jee/target,service-jaxrs/target,app-profile-jee/target,app-profile-jee-saml/target", - "required": false - }, - { - "description": "maven", - "name": "MAVEN_ARGS_APPEND", - "value": "", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", "required": false }, { @@ -208,7 +220,7 @@ { "description": "The name of the keystore file within the secret", "name": "SSO_SAML_KEYSTORE", - "value": "/etc/sso-saml-secret-volume/keystore.jks", + "value": "keystore.jks", "required": false }, { @@ -235,6 +247,36 @@ "name": "SSO_ENABLE_CORS", "value": "false", "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap-app-secret", + "required": false } ], "objects": [ @@ -364,7 +406,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.3" + "name": "jboss-eap64-openshift:1.4" }, "env": [ { @@ -373,7 +415,7 @@ }, { "name": "MAVEN_ARGS_APPEND", - "value": "${MAVEN_ARGS_APPEND}" + "value": "" } ] } @@ -429,8 +471,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -451,7 +493,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -473,6 +515,11 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], "livenessProbe": { @@ -529,6 +576,14 @@ } }, { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, @@ -537,6 +592,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -581,8 +640,16 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "SSO_URI", - "value": "${SSO_URI}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" }, { "name": "SSO_REALM", @@ -605,10 +672,6 @@ "value": "${SSO_BEARER_ONLY}" }, { - "name": "APPLICATION_ROUTES", - "value": "${APPLICATION_ROUTES}" - }, - { "name": "SSO_SAML_KEYSTORE_SECRET", "value": "${SSO_SAML_KEYSTORE_SECRET}" }, @@ -617,6 +680,10 @@ "value": "${SSO_SAML_KEYSTORE}" }, { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { "name": "SSO_SAML_CERTIFICATE_NAME", "value": "${SSO_SAML_CERTIFICATE_NAME}" }, @@ -631,6 +698,26 @@ { "name": "SSO_ENABLE_CORS", "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -653,6 +740,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json index d9607ddd7..f08cdf2f9 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-persistent-s2i" }, "labels": { "template": "eap70-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -88,9 +88,21 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -100,6 +112,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -162,7 +178,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -508,6 +530,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -528,6 +554,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -713,6 +747,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json index 552b637b8..3ca9e9fab 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-s2i" }, "labels": { "template": "eap70-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -496,6 +518,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -516,6 +542,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json index f03fc69fa..83b4d5b24 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-basic-s2i" }, "labels": { "template": "eap70-basic-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -249,12 +255,23 @@ } }, "spec": { - "terminationGracePeriodSeconds": 60, + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -318,6 +335,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json index 27d9b656d..1292442a4 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-https-s2i" }, "labels": { "template": "eap70-https-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -76,6 +82,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,8 +368,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -369,6 +387,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -431,6 +460,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -473,6 +506,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json index 9cc786416..99db77d58 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-persistent-s2i" }, "labels": { "template": "eap70-mongodb-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,8 +461,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -462,6 +480,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -560,6 +589,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -602,6 +635,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json index 4db6adcf8..c8150c231 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-s2i" }, "labels": { "template": "eap70-mongodb-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,8 +455,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -456,6 +474,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -554,6 +583,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -596,6 +629,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json index 91a79d797..f8e5c2b04 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-persistent-s2i" }, "labels": { "template": "eap70-mysql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,8 +464,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -465,6 +483,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -563,6 +592,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -607,6 +640,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json index 63e4ecd2b..1edeb62e7 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-s2i" }, "labels": { "template": "eap70-mysql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,8 +458,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -459,6 +477,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -557,6 +586,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -601,6 +634,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json index ea681d847..d11df06ee 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-persistent-s2i" }, "labels": { "template": "eap70-postgresql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,8 +449,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -450,6 +468,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -548,6 +577,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -592,6 +625,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" }, @@ -701,6 +738,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json index df95d823e..6b7f6d707 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-s2i" }, "labels": { "template": "eap70-postgresql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,8 +443,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -444,6 +462,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -542,6 +571,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -586,6 +619,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" }, @@ -689,6 +726,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json new file mode 100644 index 000000000..811602220 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/eap70-sso-s2i.json @@ -0,0 +1,767 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-jboss", + "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", + "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", + "version": "1.3.2" + }, + "name": "eap70-sso-s2i" + }, + "labels": { + "template": "eap70-sso-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json index 376f2f61b..413a6de87 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json index 0090d4090..610ea9441 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json index f0abc9b24..6ef9d6e4c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json index dc43fbea3..9b48f8ae7 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json index 6d02c7487..30af703ce 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json index cb23d32a7..c2843af63 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json index 82096ab12..b8372f374 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -587,6 +587,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json index 6c2e42564..cd5bb9fa4 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat7-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -575,6 +575,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json index b425891c6..cb1e49d29 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json index 7a5414fd7..21d5662c7 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json index 020c32d31..34657d826 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json index 48371db95..974cfaddb 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json index b1e847c60..7a8231cc5 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json index ca501102f..cda21f237 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json index 9050874ab..4dfc98015 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -587,6 +587,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json index dba4d8b26..f6c85668c 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/jws30-tomcat8-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -573,6 +573,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json index 7f320bace..fb0578a67 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-basic.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-https.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,java,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, - "name": "sso70-basic" + "name": "sso70-https" }, "labels": { - "template": "sso70-basic", - "xpaas" : "1.3.0" + "template": "sso70-https", + "xpaas" : "1.3.2" }, "parameters": [ { @@ -34,6 +34,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -46,15 +52,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -73,28 +85,9 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -104,15 +97,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -127,6 +120,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -179,30 +220,6 @@ } }, { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-basic" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-basic", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-http", @@ -269,7 +286,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -290,8 +307,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -307,8 +324,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -342,6 +375,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -370,32 +408,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -420,6 +450,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -436,6 +498,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json index dc8bd740e..dcbb24bf1 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql-persistent" }, "labels": { "template": "sso70-mysql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -110,13 +122,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -131,18 +136,6 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -151,7 +144,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -161,13 +154,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -184,6 +177,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -347,8 +388,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -364,8 +405,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -399,6 +456,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -451,32 +513,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -501,6 +555,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -517,6 +603,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json index 029dcee54..1768f7a1b 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-mysql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql" }, "labels": { "template": "sso70-mysql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -110,13 +122,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -131,21 +136,9 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -155,13 +148,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -178,6 +171,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -348,8 +389,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -365,8 +406,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -400,6 +457,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -452,32 +514,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -502,6 +556,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -518,6 +604,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json index bad7e49b2..4c2f81f2e 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql-persistent" }, "labels": { "template": "sso70-postgresql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -95,13 +107,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -116,18 +121,6 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -136,7 +129,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -146,13 +139,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -169,6 +162,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -332,8 +373,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -349,8 +390,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -384,6 +441,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -436,32 +498,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -486,6 +540,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -502,6 +588,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -589,6 +681,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json index 08257d192..d8402ef72 100644 --- a/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.2/xpaas-templates/sso70-postgresql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql" }, "labels": { "template": "sso70-postgresql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -95,13 +107,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -116,21 +121,9 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -140,15 +133,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -163,6 +156,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -333,8 +374,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -350,8 +391,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -385,6 +442,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -437,32 +499,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -487,6 +541,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -503,6 +589,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -586,6 +678,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json new file mode 100644 index 000000000..3d7afe4aa --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/image-streams/dotnet_imagestreams.json @@ -0,0 +1,36 @@ +{ + "kind": "List", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-image-streams", + "annotations": { + "description": "ImageStream definitions for .Net Core on RHEL" + } + }, + "items": [ + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "dotnetcore-10-rhel7" + }, + "spec": { + "dockerImageRepository": "registry.access.redhat.com/dotnet/dotnetcore-10-rhel7", + "tags": [ + { + "name": "1.0", + "annotations": { + "description": ".Net Core 1.0 S2I image.", + "iconClass": "icon-dotnet", + "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", + "supports":"dotnet:1.0", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", + "sampleContextDir": "1.0/test/asp-net-hello-world", + "version": "1.0" + } + } + ] + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json index 46f93823c..8c21683dc 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-streams/jboss-image-streams.json @@ -127,6 +127,19 @@ "sampleRef": "6.4.x", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 6.4 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:6.4,javaee:6,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "6.4.x", + "version": "1.4" + } } ] } @@ -152,6 +165,19 @@ "sampleRef": "7.0.0.GA", "version": "1.3" } + }, + { + "name": "1.4", + "annotations": { + "description": "JBoss EAP 7.0 S2I images.", + "iconClass": "icon-jboss", + "tags": "builder,eap,javaee,java,jboss,xpaas", + "supports":"eap:7.0,javaee:7,java:8,xpaas:1.4", + "sampleRepo": "https://github.com/jboss-developer/jboss-eap-quickstarts.git", + "sampleContextDir": "kitchensink", + "sampleRef": "7.0.0.GA", + "version": "1.4" + } } ] } @@ -255,19 +281,16 @@ } }, "spec": { + "dockerImageRepository": "registry.access.redhat.com/redhat-sso-7/sso70-openshift", "tags": [ { - "name": "1.3-TP", + "name": "1.3", "annotations": { - "description": "Red Hat SSO 7.0 Tech Preview", + "description": "Red Hat SSO 7.0", "iconClass": "icon-jboss", "tags": "sso,keycloak,redhat", "supports":"sso:7.0,xpaas:1.3", "version": "1.3" - }, - "from": { - "kind": "DockerImage", - "name": "registry.access.redhat.com/redhat-sso-7-tech-preview/sso70-openshift:1.3" } } ] diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json index ce953c05f..ab35afead 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-basic.json @@ -40,6 +40,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -281,6 +287,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json index 7d41a29ad..c12f06dec 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent-ssl.json @@ -46,6 +46,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -451,6 +457,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json index 5d5dd9840..897ce0395 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-persistent.json @@ -46,6 +46,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -299,6 +305,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json index 4122a02a1..97d110286 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/amq62-ssl.json @@ -40,6 +40,12 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { "description": "User name for standard broker user. It is required for connecting to the broker. If left empty, it will be generated.", "name": "MQ_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -435,6 +441,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_MESH_DISCOVERY_TYPE", "value": "${AMQ_MESH_DISCOVERY_TYPE}" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json index d0e272a8d..12720eb19 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql-persistent.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications with persistent storage.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql-persistent" }, "labels": { "template": "datagrid65-postgresql-persistent", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -710,6 +710,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json index 55a68db40..da8015fb0 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/datagrid65-postgresql.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for JDG 6.5 and PostgreSQL applications built using.", "tags": "datagrid,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "datagrid65-postgresql" }, "labels": { "template": "datagrid65-postgresql", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -698,6 +698,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json index 219b8ece7..f09900491 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-amq-s2i.json @@ -391,8 +391,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json index 097720375..7f694e0e1 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-basic-s2i.json @@ -245,8 +245,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json index e5e2dee63..ea1fcd5dc 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/decisionserver62-https-s2i.json @@ -334,8 +334,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json index c9ecee9cb..72dbb4302 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-persistent-s2i" }, "labels": { "template": "eap64-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -88,6 +88,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -100,6 +112,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -508,6 +530,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -528,6 +554,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -713,6 +747,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json index 99724db94..9dd847451 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap64-amq-s2i" }, "labels": { "template": "eap64-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -496,6 +518,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -516,6 +542,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json index 2e3849e2a..7b1800b7b 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-basic-s2i" }, "labels": { "template": "eap64-basic-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -318,6 +324,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json index 2517be3ca..31716d84c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 6 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-https-s2i" }, "labels": { "template": "eap64-https-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -76,6 +82,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,7 +368,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -431,6 +449,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -473,6 +495,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json index 97cc465d2..212431056 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-persistent-s2i" }, "labels": { "template": "eap64-mongodb-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,7 +461,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -560,6 +578,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -602,6 +624,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json index 8bdd85546..13fbbdd93 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mongodb-s2i" }, "labels": { "template": "eap64-mongodb-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,7 +455,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -554,6 +572,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -596,6 +618,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json index dcc591836..69fdec206 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-persistent-s2i" }, "labels": { "template": "eap64-mysql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,7 +464,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -563,6 +581,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -605,6 +627,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json index 372802eea..2bd3c249f 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-mysql-s2i" }, "labels": { "template": "eap64-mysql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,7 +458,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -557,6 +575,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -599,6 +621,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-mysql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json index 1ba00e3b5..31f245950 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-persistent-s2i" }, "labels": { "template": "eap64-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,7 +449,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -548,6 +566,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -590,6 +612,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -693,6 +723,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json index 860374d3c..eac964697 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 6 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "eap64-postgresql-s2i" }, "labels": { "template": "eap64-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.2" + "name": "jboss-eap64-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,7 +443,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -542,6 +560,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -584,6 +606,14 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "TIMER_SERVICE_DATA_STORE", + "value": "${APPLICATION_NAME}-postgresql" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -681,6 +711,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json index 6c644553e..09023be71 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap64-sso-s2i.json @@ -6,13 +6,13 @@ "iconClass" : "icon-jboss", "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", - "version": "1.3.0" + "version": "1.3.2" }, "name": "eap64-sso-s2i" }, "labels": { "template": "eap64-sso-s2i", - "xpaas": "1.3.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -22,27 +22,27 @@ "required": true }, { - "description": "Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>", + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTP", "value": "", - "required": false + "required": true }, { - "description": "Custom hostname for https service route. Leave blank for default hostname, e.g.: secure-<application-name>-<project>.<default-domain-suffix>", + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", "name": "HOSTNAME_HTTPS", "value": "", - "required": false + "required": true }, { "description": "Git source URI for application", "name": "SOURCE_REPOSITORY_URL", - "value": "https://github.com/keycloak/keycloak-examples", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", "required": true }, { "description": "Git branch/tag reference", "name": "SOURCE_REPOSITORY_REF", - "value": "0.4-openshift", + "value": "7.0.x-ose", "required": false }, { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap-app-secret", @@ -76,15 +82,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -127,15 +139,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -146,31 +158,43 @@ "required": true }, { - "description": "SSO Location", - "name": "SSO_URI", + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", "value": "https://secure-sso:8443/auth", "required": false }, { - "description": "SSO Realm", + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", "name": "SSO_REALM", - "value": "demo", - "required": false + "value": "", + "required": true }, { - "description": "SSO Username", + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", "name": "SSO_USERNAME", "value": "", "required": false }, { - "description": "SSO Password", + "description": "The password for the SSO service user.", "name": "SSO_PASSWORD", "value": "", "required": false }, { - "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability. This can be retrieved from the SSO server, for the specified realm.", "name": "SSO_PUBLIC_KEY", "value": "", "required": false @@ -182,21 +206,9 @@ "required": false }, { - "description": "Routes", - "name": "APPLICATION_ROUTES", - "value": "", - "required": false - }, - { - "description": "Artifacts", + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", "name": "ARTIFACT_DIR", - "value": "app-jee/target,service-jaxrs/target,app-profile-jee/target,app-profile-jee-saml/target", - "required": false - }, - { - "description": "maven", - "name": "MAVEN_ARGS_APPEND", - "value": "", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", "required": false }, { @@ -208,7 +220,7 @@ { "description": "The name of the keystore file within the secret", "name": "SSO_SAML_KEYSTORE", - "value": "/etc/sso-saml-secret-volume/keystore.jks", + "value": "keystore.jks", "required": false }, { @@ -235,6 +247,36 @@ "name": "SSO_ENABLE_CORS", "value": "false", "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap-app-secret", + "required": false } ], "objects": [ @@ -364,7 +406,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap64-openshift:1.3" + "name": "jboss-eap64-openshift:1.4" }, "env": [ { @@ -373,7 +415,7 @@ }, { "name": "MAVEN_ARGS_APPEND", - "value": "${MAVEN_ARGS_APPEND}" + "value": "" } ] } @@ -429,8 +471,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -451,7 +493,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -473,6 +515,11 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], "livenessProbe": { @@ -529,6 +576,14 @@ } }, { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, @@ -537,6 +592,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -581,8 +640,16 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { - "name": "SSO_URI", - "value": "${SSO_URI}" + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" }, { "name": "SSO_REALM", @@ -605,10 +672,6 @@ "value": "${SSO_BEARER_ONLY}" }, { - "name": "APPLICATION_ROUTES", - "value": "${APPLICATION_ROUTES}" - }, - { "name": "SSO_SAML_KEYSTORE_SECRET", "value": "${SSO_SAML_KEYSTORE_SECRET}" }, @@ -617,6 +680,10 @@ "value": "${SSO_SAML_KEYSTORE}" }, { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { "name": "SSO_SAML_CERTIFICATE_NAME", "value": "${SSO_SAML_CERTIFICATE_NAME}" }, @@ -631,6 +698,26 @@ { "name": "SSO_ENABLE_CORS", "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -653,6 +740,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json index d9607ddd7..f08cdf2f9 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-persistent-s2i" }, "labels": { "template": "eap70-amq-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -88,9 +88,21 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -100,6 +112,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -126,18 +144,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -162,7 +178,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "eap7-app-secret", "required": false }, { @@ -189,6 +205,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -342,7 +364,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -397,8 +419,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -419,7 +441,7 @@ } }, "spec": { - "serviceAccountName": "eap-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -508,6 +530,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -528,6 +554,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -558,6 +588,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -713,6 +747,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "AMQ_SPLIT", "value": "${AMQ_SPLIT}" }, @@ -735,14 +773,6 @@ { "name": "AMQ_STORAGE_USAGE_LIMIT", "value": "${AMQ_STORAGE_USAGE_LIMIT}" - }, - { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" - }, - { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json index 552b637b8..3ca9e9fab 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-amq-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 A-MQ applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,amq,javaee,java,messaging,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-amq-s2i" }, "labels": { "template": "eap70-amq-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,18 @@ "required": false }, { + "description": "List of packages that are allowed to be serialized for use in ObjectMessage, separated by commas. If your app doesn't use ObjectMessages, leave this blank. This is a security enforcement. For the rationale, see http://activemq.apache.org/objectmessage.html", + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -114,18 +132,16 @@ "required": false }, { - "description": "User name for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_USERNAME", - "from": "user[a-zA-Z0-9]{3}", - "generate": "expression", - "required": true + "description": "The discovery agent type to use for discovering mesh endpoints. 'dns' will use OpenShift's DNS service to resolve endpoints. 'kube' will use Kubernetes REST API to resolve service endpoints. If using 'kube' the service account for the pod must have the 'view' role, which can be added via 'oc policy add-role-to-user view system:serviceaccount:<namespace>:default' where <namespace> is the project namespace.", + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "kube", + "required": false }, { - "description": "Password for broker admin. If left empty, it will be generated.", - "name": "AMQ_ADMIN_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true + "description": "The A-MQ storage usage limit", + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "100 gb", + "required": false }, { "description": "GitHub trigger secret", @@ -177,6 +193,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -330,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -385,8 +407,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -407,7 +429,7 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", "terminationGracePeriodSeconds": 60, "containers": [ { @@ -496,6 +518,10 @@ "value": "${MQ_TOPICS}" }, { + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { "name": "OPENSHIFT_KUBE_PING_LABELS", "value": "application=${APPLICATION_NAME}" }, @@ -516,6 +542,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -546,6 +576,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } @@ -692,12 +726,28 @@ "value": "${MQ_TOPICS}" }, { - "name": "AMQ_ADMIN_USERNAME", - "value": "${AMQ_ADMIN_USERNAME}" + "name": "MQ_SERIALIZABLE_PACKAGES", + "value": "${MQ_SERIALIZABLE_PACKAGES}" + }, + { + "name": "AMQ_MESH_DISCOVERY_TYPE", + "value": "${AMQ_MESH_DISCOVERY_TYPE}" + }, + { + "name": "AMQ_MESH_SERVICE_NAME", + "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_MESH_SERVICE_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } }, { - "name": "AMQ_ADMIN_PASSWORD", - "value": "${AMQ_ADMIN_PASSWORD}" + "name": "AMQ_STORAGE_USAGE_LIMIT", + "value": "${AMQ_STORAGE_USAGE_LIMIT}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json index f03fc69fa..83b4d5b24 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-basic-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-basic-s2i" }, "labels": { "template": "eap70-basic-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -90,6 +90,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -172,7 +178,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -227,8 +233,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -249,12 +255,23 @@ } }, "spec": { - "terminationGracePeriodSeconds": 60, + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -318,6 +335,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json index 27d9b656d..1292442a4 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-https-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-jboss", "description": "Application template for EAP 7 applications built using S2I.", "tags": "eap,javaee,java,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-https-s2i" }, "labels": { "template": "eap70-https-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -64,6 +64,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -76,6 +82,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -144,6 +156,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -273,7 +291,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -328,8 +346,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -350,8 +368,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -369,6 +387,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -431,6 +460,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -473,6 +506,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json index 9cc786416..99db77d58 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-persistent-s2i" }, "labels": { "template": "eap70-mongodb-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -213,6 +225,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -366,7 +384,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -421,8 +439,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -443,8 +461,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -462,6 +480,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -560,6 +589,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -602,6 +635,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json index 4db6adcf8..c8150c231 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mongodb-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MongoDB applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mongodb,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mongodb-s2i" }, "labels": { "template": "eap70-mongodb-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -207,6 +219,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -360,7 +378,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -415,8 +433,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -437,8 +455,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -456,6 +474,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -554,6 +583,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -596,6 +629,10 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json index 91a79d797..f8e5c2b04 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-persistent-s2i" }, "labels": { "template": "eap70-mysql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -216,6 +228,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -369,7 +387,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -424,8 +442,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -446,8 +464,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -465,6 +483,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -563,6 +592,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -607,6 +640,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json index 63e4ecd2b..1edeb62e7 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-mysql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 MySQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,mysql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-mysql-s2i" }, "labels": { "template": "eap70-mysql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -210,6 +222,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -363,7 +381,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -418,8 +436,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -440,8 +458,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -459,6 +477,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -557,6 +586,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -601,6 +634,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-mysql" }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json index ea681d847..d11df06ee 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications with persistent storage built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-persistent-s2i" }, "labels": { "template": "eap70-postgresql-persistent-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -82,6 +82,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -94,6 +100,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -201,6 +213,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -354,7 +372,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -409,8 +427,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -431,8 +449,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -450,6 +468,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -548,6 +577,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -592,6 +625,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" }, @@ -701,6 +738,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json index df95d823e..6b7f6d707 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-postgresql-s2i.json @@ -6,13 +6,13 @@ "description": "Application template for EAP 7 PostgreSQL applications built using S2I.", "iconClass": "icon-jboss", "tags": "eap,postgresql,javaee,java,database,jboss,xpaas", - "version": "1.3.1" + "version": "1.3.2" }, "name": "eap70-postgresql-s2i" }, "labels": { "template": "eap70-postgresql-s2i", - "xpaas": "1.3.1" + "xpaas": "1.3.2" }, "parameters": [ { @@ -76,6 +76,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "eap7-app-secret", @@ -88,6 +94,12 @@ "required": false }, { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { "description": "The name associated with the server certificate", "name": "HTTPS_NAME", "value": "", @@ -195,6 +207,12 @@ "from": "[a-zA-Z0-9]{8}", "generate": "expression", "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false } ], "objects": [ @@ -348,7 +366,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "jboss-eap70-openshift:1.3" + "name": "jboss-eap70-openshift:1.4" } } }, @@ -403,8 +421,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -425,8 +443,8 @@ } }, "spec": { - "serviceAccountName": "eap7-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -444,6 +462,17 @@ "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -542,6 +571,10 @@ "value": "${HTTPS_KEYSTORE}" }, { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { "name": "HTTPS_NAME", "value": "${HTTPS_NAME}" }, @@ -586,6 +619,10 @@ "value": "${JGROUPS_CLUSTER_PASSWORD}" }, { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { "name": "DEFAULT_JOB_REPOSITORY", "value": "${APPLICATION_NAME}-postgresql" }, @@ -689,6 +726,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json new file mode 100644 index 000000000..811602220 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/eap70-sso-s2i.json @@ -0,0 +1,767 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-jboss", + "description": "Application template for EAP 6 applications built using S2I, enabled for SSO.", + "tags": "eap,javaee,java,jboss,xpaas,sso,keycloak", + "version": "1.3.2" + }, + "name": "eap70-sso-s2i" + }, + "labels": { + "template": "eap70-sso-s2i", + "xpaas": "1.3.2" + }, + "parameters": [ + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app", + "required": true + }, + { + "description": "Hostname for http service route (e.g. eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTP", + "value": "", + "required": true + }, + { + "description": "Hostname for https service route (e.g. secure-eap-app-myproject.example.com). Required for SSO-enabled applications. This is added to the white list of redirects in the SSO server.", + "name": "HOSTNAME_HTTPS", + "value": "", + "required": true + }, + { + "description": "Git source URI for application", + "name": "SOURCE_REPOSITORY_URL", + "value": "https://github.com/redhat-developer/redhat-sso-quickstarts", + "required": true + }, + { + "description": "Git branch/tag reference", + "name": "SOURCE_REPOSITORY_REF", + "value": "7.0.x-ose", + "required": false + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "CONTEXT_DIR", + "value": "", + "required": false + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "", + "required": false + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "", + "required": false + }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "eap7-service-account", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "HTTPS_SECRET", + "value": "eap7-app-secret", + "required": true + }, + { + "description": "The name of the keystore file within the secret", + "name": "HTTPS_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", + "name": "HTTPS_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", + "name": "HTTPS_PASSWORD", + "value": "", + "required": false + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "GitHub trigger secret", + "name": "GITHUB_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_WEBHOOK_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project.", + "name": "IMAGE_STREAM_NAMESPACE", + "value": "openshift", + "required": true + }, + { + "description": "The name of the secret containing the keystore file", + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "jgroups.jceks", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. secret-key)", + "name": "JGROUPS_ENCRYPT_NAME", + "value": "", + "required": false + }, + { + "description": "The password for the keystore and certificate (e.g. password)", + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "", + "required": false + }, + { + "description": "JGroups cluster password", + "name": "JGROUPS_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Controls whether exploded deployment content should be automatically deployed", + "name": "AUTO_DEPLOY_EXPLODED", + "value": "false", + "required": false + }, + { + "description": "The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application.", + "name": "SSO_URL", + "value": "", + "required": true + }, + { + "description": "The URL for the interal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL.", + "name": "SSO_SERVICE_URL", + "value": "https://secure-sso:8443/auth", + "required": false + }, + { + "description": "The SSO realm to which the application client(s) should be associated (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": true + }, + { + "description": "The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates.", + "name": "SSO_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_PASSWORD", + "value": "", + "required": false + }, + { + "description": "SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability", + "name": "SSO_PUBLIC_KEY", + "value": "", + "required": false + }, + { + "description": "SSO Client Access Type", + "name": "SSO_BEARER_ONLY", + "value": "", + "required": false + }, + { + "description": "List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.", + "name": "ARTIFACT_DIR", + "value": "app-jee-jsp/target,service-jee-jaxrs/target,app-profile-jee-jsp/target,app-profile-saml-jee-jsp/target", + "required": false + }, + { + "description": "The name of the secret containing the keystore file", + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + }, + { + "description": "The name of the keystore file within the secret", + "name": "SSO_SAML_KEYSTORE", + "value": "keystore.jks", + "required": false + }, + { + "description": "The name associated with the server certificate", + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "jboss", + "required": false + }, + { + "description": "The password for the keystore and certificate", + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "mykeystorepass", + "required": false + }, + { + "description": "The SSO Client Secret for Confidential Access", + "name": "SSO_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression", + "required": true + }, + { + "description": "Enable CORS for SSO applications", + "name": "SSO_ENABLE_CORS", + "value": "false", + "required": false + }, + { + "description": "SSO logout page for SAML applications", + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "/", + "required": false + }, + { + "description": "If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl)", + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "true", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "eap7-app-secret", + "required": false + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTP}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https", + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${HOSTNAME_HTTPS}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination": "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "forcePull": true, + "from": { + "kind": "ImageStreamTag", + "namespace": "${IMAGE_STREAM_NAMESPACE}", + "name": "jboss-eap70-openshift:1.4" + }, + "env": [ + { + "name": "ARTIFACT_DIR", + "value": "${ARTIFACT_DIR}" + }, + { + "name": "MAVEN_ARGS_APPEND", + "value": "" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + }, + "triggers": [ + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + }, + { + "type": "ImageChange", + "imageChange": {} + }, + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "sso-saml-keystore-volume", + "mountPath": "/etc/sso-saml-secret-volume", + "readOnly": true + }, + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + }, + { + "name": "eap-jgroups-keystore-volume", + "mountPath": "/etc/jgroups-encrypt-secret-volume", + "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true + } + ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, + "livenessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/livenessProbe.sh" + ] + } + }, + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "jolokia", + "containerPort": 8778, + "protocol": "TCP" + }, + { + "name": "http", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "https", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_KUBE_PING_LABELS", + "value": "application=${APPLICATION_NAME}" + }, + { + "name": "OPENSHIFT_KUBE_PING_NAMESPACE", + "valueFrom": { + "fieldRef": { + "fieldPath": "metadata.namespace" + } + } + }, + { + "name": "HOSTNAME_HTTP", + "value": "${HOSTNAME_HTTP}" + }, + { + "name": "HOSTNAME_HTTPS", + "value": "${HOSTNAME_HTTPS}" + }, + { + "name": "HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "HTTPS_KEYSTORE", + "value": "${HTTPS_KEYSTORE}" + }, + { + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" + }, + { + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" + }, + { + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + }, + { + "name": "JGROUPS_ENCRYPT_SECRET", + "value": "${JGROUPS_ENCRYPT_SECRET}" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE_DIR", + "value": "/etc/jgroups-encrypt-secret-volume" + }, + { + "name": "JGROUPS_ENCRYPT_KEYSTORE", + "value": "${JGROUPS_ENCRYPT_KEYSTORE}" + }, + { + "name": "JGROUPS_ENCRYPT_NAME", + "value": "${JGROUPS_ENCRYPT_NAME}" + }, + { + "name": "JGROUPS_ENCRYPT_PASSWORD", + "value": "${JGROUPS_ENCRYPT_PASSWORD}" + }, + { + "name": "JGROUPS_CLUSTER_PASSWORD", + "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "AUTO_DEPLOY_EXPLODED", + "value": "${AUTO_DEPLOY_EXPLODED}" + }, + { + "name": "SSO_URL", + "value": "${SSO_URL}" + }, + { + "name": "SSO_SERVICE_URL", + "value": "${SSO_SERVICE_URL}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_USERNAME", + "value": "${SSO_USERNAME}" + }, + { + "name": "SSO_PASSWORD", + "value": "${SSO_PASSWORD}" + }, + { + "name": "SSO_PUBLIC_KEY", + "value": "${SSO_PUBLIC_KEY}" + }, + { + "name": "SSO_BEARER_ONLY", + "value": "${SSO_BEARER_ONLY}" + }, + { + "name": "SSO_SAML_KEYSTORE_SECRET", + "value": "${SSO_SAML_KEYSTORE_SECRET}" + }, + { + "name": "SSO_SAML_KEYSTORE", + "value": "${SSO_SAML_KEYSTORE}" + }, + { + "name": "SSO_SAML_KEYSTORE_DIR", + "value": "/etc/sso-saml-secret-volume" + }, + { + "name": "SSO_SAML_CERTIFICATE_NAME", + "value": "${SSO_SAML_CERTIFICATE_NAME}" + }, + { + "name": "SSO_SAML_KEYSTORE_PASSWORD", + "value": "${SSO_SAML_KEYSTORE_PASSWORD}" + }, + { + "name": "SSO_SECRET", + "value": "${SSO_SECRET}" + }, + { + "name": "SSO_ENABLE_CORS", + "value": "${SSO_ENABLE_CORS}" + }, + { + "name": "SSO_SAML_LOGOUT_PAGE", + "value": "${SSO_SAML_LOGOUT_PAGE}" + }, + { + "name": "SSO_DISABLE_SSL_CERTIFICATE_VALIDATION", + "value": "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "sso-saml-keystore-volume", + "secret": { + "secretName": "${SSO_SAML_KEYSTORE_SECRET}" + } + }, + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${HTTPS_SECRET}" + } + }, + { + "name": "eap-jgroups-keystore-volume", + "secret": { + "secretName": "${JGROUPS_ENCRYPT_SECRET}" + } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json index 376f2f61b..413a6de87 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json index 0090d4090..610ea9441 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json index f0abc9b24..6ef9d6e4c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json index dc43fbea3..9b48f8ae7 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json index 6d02c7487..30af703ce 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json index cb23d32a7..c2843af63 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json index 82096ab12..b8372f374 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -587,6 +587,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json index 6c2e42564..cd5bb9fa4 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat7-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat7,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat7-postgresql-s2i" }, "labels": { "template": "jws30-tomcat7-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -575,6 +575,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json index b425891c6..cb1e49d29 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-basic-s2i.json @@ -215,8 +215,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json index 7a5414fd7..21d5662c7 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-https-s2i.json @@ -292,8 +292,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json index 020c32d31..34657d826 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-persistent-s2i.json @@ -385,8 +385,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json index 48371db95..974cfaddb 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mongodb-s2i.json @@ -379,8 +379,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json index b1e847c60..7a8231cc5 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-persistent-s2i.json @@ -388,8 +388,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json index ca501102f..cda21f237 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-mysql-s2i.json @@ -382,8 +382,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json index 9050874ab..4dfc98015 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-persistent-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications with persistent storage built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-persistent-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-persistent-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -373,8 +373,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -587,6 +587,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json index dba4d8b26..f6c85668c 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/jws30-tomcat8-postgresql-s2i.json @@ -6,13 +6,13 @@ "iconClass": "icon-tomcat", "description": "Application template for JWS PostgreSQL applications built using S2I.", "tags": "tomcat,tomcat8,postgresql,java,database,jboss,xpaas", - "version": "1.2.0" + "version": "1.3.2" }, "name": "jws30-tomcat8-postgresql-s2i" }, "labels": { "template": "jws30-tomcat8-postgresql-s2i", - "xpaas": "1.2.0" + "xpaas": "1.3.2" }, "parameters": [ { @@ -367,8 +367,8 @@ "${APPLICATION_NAME}" ], "from": { - "kind": "ImageStream", - "name": "${APPLICATION_NAME}" + "kind": "ImageStreamTag", + "name": "${APPLICATION_NAME}:latest" } } }, @@ -573,6 +573,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json index 7f320bace..fb0578a67 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-basic.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-https.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,java,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, - "name": "sso70-basic" + "name": "sso70-https" }, "labels": { - "template": "sso70-basic", - "xpaas" : "1.3.0" + "template": "sso70-https", + "xpaas" : "1.3.2" }, "parameters": [ { @@ -34,6 +34,12 @@ "required": false }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -46,15 +52,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -73,28 +85,9 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -104,15 +97,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -127,6 +120,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -179,30 +220,6 @@ } }, { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 5432, - "targetPort": 5432 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}-basic" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-basic", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The database server's port." - } - } - }, - { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-http", @@ -269,7 +286,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -290,8 +307,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -307,8 +324,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -342,6 +375,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -370,32 +408,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" - }, - { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -420,6 +450,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -436,6 +498,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json index dc8bd740e..dcbb24bf1 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql-persistent" }, "labels": { "template": "sso70-mysql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -110,13 +122,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -131,18 +136,6 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -151,7 +144,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -161,13 +154,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -184,6 +177,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -347,8 +388,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -364,8 +405,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -399,6 +456,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -451,32 +513,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -501,6 +555,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -517,6 +603,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json index 029dcee54..1768f7a1b 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-mysql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 MySQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,mysql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-mysql" }, "labels": { "template": "sso70-mysql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -110,13 +122,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -131,21 +136,9 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -155,13 +148,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -178,6 +171,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -326,7 +367,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -348,8 +389,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -365,8 +406,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -400,6 +457,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -452,32 +514,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -502,6 +556,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -518,6 +604,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json index bad7e49b2..4c2f81f2e 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql-persistent.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications with persistent storage", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql-persistent" }, "labels": { "template": "sso70-postgresql-persistent", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -95,13 +107,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -116,18 +121,6 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "Size of persistent storage for database volume.", "name": "VOLUME_CAPACITY", "value": "512Mi", @@ -136,7 +129,7 @@ { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -146,13 +139,13 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", "value": "", "required": false @@ -169,6 +162,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -332,8 +373,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -349,8 +390,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -384,6 +441,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -436,32 +498,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -486,6 +540,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -502,6 +588,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -589,6 +681,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json index 08257d192..d8402ef72 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql" }, "labels": { "template": "sso70-postgresql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -46,6 +46,12 @@ "required": true }, { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, + { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", "value": "sso-app-secret", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -95,13 +107,6 @@ "required": false }, { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, - { "description": "Database user name", "name": "DB_USERNAME", "from": "user[a-zA-Z0-9]{3}", @@ -116,21 +121,9 @@ "required": true }, { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, - { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -140,15 +133,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -163,6 +156,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -333,8 +374,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -350,8 +391,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -385,6 +442,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -437,32 +499,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -487,6 +541,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -503,6 +589,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -586,6 +678,10 @@ "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" } diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index 8d2248578..4150fabec 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -49,8 +49,10 @@ # RHEL and Centos image streams are mutually exclusive - name: Import RHEL streams command: > - {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ rhel_image_streams }} + {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ item }} when: openshift_examples_load_rhel | bool + with_items: + - "{{ rhel_image_streams }}" register: oex_import_rhel_streams failed_when: "'already exists' not in oex_import_rhel_streams.stderr and oex_import_rhel_streams.rc != 0" changed_when: false @@ -95,6 +97,21 @@ failed_when: "'already exists' not in oex_import_infrastructure.stderr and oex_import_infrastructure.rc != 0" changed_when: false +- name: Remove old xPaas template files + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ xpaas_templates_base }}/sso70-basic.json" + +- name: Remove old xPaas templates from openshift namespace + command: "{{ openshift.common.client_binary }} -n openshift delete templates/{{ item }}" + with_items: + - sso70-basic + register: oex_delete_old_xpaas_templates + failed_when: "'not found' not in oex_delete_old_xpaas_templates.stderr and oex_delete_old_xpaas_templates.rc != 0" + changed_when: false + - name: Import xPaas image streams command: > {{ openshift.common.client_binary }} {{ openshift_examples_import_command }} -n openshift -f {{ xpaas_image_streams }} diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 54bdbc775..659f4eba6 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -480,23 +480,6 @@ def set_selectors(facts): return facts -def set_metrics_facts_if_unset(facts): - """ Set cluster metrics facts if not already present in facts dict - dict: the facts dict updated with the generated cluster metrics facts if - missing - Args: - facts (dict): existing facts - Returns: - dict: the facts dict updated with the generated cluster metrics - facts if they were not already present - - """ - if 'common' in facts: - if 'use_cluster_metrics' not in facts['common']: - use_cluster_metrics = False - facts['common']['use_cluster_metrics'] = use_cluster_metrics - return facts - def set_dnsmasq_facts_if_unset(facts): """ Set dnsmasq facts if not already present in facts Args: @@ -1674,7 +1657,6 @@ class OpenShiftFacts(object): facts = set_nuage_facts_if_unset(facts) facts = set_node_schedulability(facts) facts = set_selectors(facts) - facts = set_metrics_facts_if_unset(facts) facts = set_identity_providers_if_unset(facts) facts = set_sdn_facts_if_unset(facts, self.system_facts) facts = set_deployment_facts_if_unset(facts) diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml index c7d20f88b..74c50ae1d 100644 --- a/roles/openshift_hosted/meta/main.yml +++ b/roles/openshift_hosted/meta/main.yml @@ -11,27 +11,4 @@ galaxy_info: - 7 categories: - cloud -dependencies: -- role: openshift_cli -- role: openshift_hosted_facts -- role: openshift_projects - # TODO: Move standard project definitions to openshift_hosted/vars/main.yml - # Vars are not accessible in meta/main.yml in ansible-1.9.x - openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}" -- role: openshift_serviceaccounts - openshift_serviceaccounts_names: - - router - openshift_serviceaccounts_namespace: default - openshift_serviceaccounts_sccs: - - hostnetwork - when: openshift.common.version_gte_3_2_or_1_2 -- role: openshift_serviceaccounts - openshift_serviceaccounts_names: - - router - - registry - openshift_serviceaccounts_namespace: default - openshift_serviceaccounts_sccs: - - privileged - when: not openshift.common.version_gte_3_2_or_1_2 -- role: openshift_metrics - when: openshift.hosted.metrics.deploy | bool +dependencies: [] diff --git a/roles/openshift_hosted/tasks/main.yml b/roles/openshift_hosted/tasks/main.yml index c801a0e67..67c6bbfd7 100644 --- a/roles/openshift_hosted/tasks/main.yml +++ b/roles/openshift_hosted/tasks/main.yml @@ -13,7 +13,10 @@ changed_when: False - include: router/router.yml + when: openshift_hosted_manage_router | default(true) | bool + - include: registry/registry.yml + when: openshift_hosted_manage_registry | default(true) | bool - name: Delete temp directory file: diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index a242ce30f..fc037ceda 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -4,12 +4,27 @@ {{ openshift.common.client_binary }} --api-version='v1' -o json get nodes -n default --config={{ openshift_hosted_kubeconfig }} --selector={{ openshift.hosted.registry.selector | default('') }} - register: openshift_hosted_registry_nodes_json + register: registry_nodes_json changed_when: false when: openshift.hosted.registry.replicas | default(none) is none - set_fact: - replicas: "{{ openshift.hosted.registry.replicas | default(((openshift_hosted_registry_nodes_json.stdout | from_json)['items'] | length) if openshift.hosted.registry.storage.kind | default(none) is not none else 1) }}" + l_node_count: "{{ (registry_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length }}" + +# Determine the default number of registry/router replicas to use if no count +# has been specified. +# If no registry nodes defined, the default should be 0. +- set_fact: + l_default_replicas: 0 + when: l_node_count | int == 0 + +# If registry nodes are defined and the registry storage kind is defined, default should be the number of registry nodes, otherwise just 1: +- set_fact: + l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}" + when: l_node_count | int > 0 + +- set_fact: + replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}" - name: Create OpenShift registry command: > @@ -32,9 +47,10 @@ register: openshift_hosted_registry_results changed_when: "'service exists' not in openshift_hosted_registry_results.stdout" failed_when: "openshift_hosted_registry_results.rc != 0 and 'service exists' not in openshift_hosted_registry_results.stdout and 'deployment_config' not in openshift_hosted_registry_results.stderr and 'service' not in openshift_hosted_registry_results.stderr" + when: replicas | int > 0 - include: storage/object_storage.yml - when: openshift.hosted.registry.storage.kind | default(none) == 'object' + when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) == 'object' - include: storage/persistent_volume.yml - when: openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack'] + when: replicas | int > 0 and openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack'] diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index dfea8ca4b..e18b9781c 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -1,7 +1,7 @@ --- - fail: msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable." - when: openshift_hosted_router_certificate is defined and ('certfile' not in openshift_hosted_router_certificate or 'keyfile' not in openshift_hosted_router_certificate or 'cafile' not in openshift_hosted_router_certificate) + when: openshift_hosted_router_certificate is defined and ('certfile' not in openshift_hosted_router_certificate or 'keyfile' not in openshift_hosted_router_certificate or 'cafile' not in openshift_hosted_router_certificate) - name: Read router certificate and key become: no @@ -39,12 +39,12 @@ {{ openshift.common.client_binary }} --api-version='v1' -o json get nodes -n default --config={{ openshift_hosted_kubeconfig }} --selector={{ openshift.hosted.router.selector | default('') }} - register: openshift_hosted_router_nodes_json + register: router_nodes_json changed_when: false when: openshift.hosted.router.replicas | default(none) is none - set_fact: - replicas: "{{ openshift.hosted.router.replicas | default((openshift_hosted_router_nodes_json.stdout | from_json)['items'] | length) }}" + replicas: "{{ openshift.hosted.router.replicas | default((router_nodes_json.stdout | default('{\"items\":[]}') | from_json)['items'] | length) }}" - name: Create OpenShift router command: > @@ -73,3 +73,4 @@ register: openshift_hosted_router_results changed_when: "'service exists' not in openshift_hosted_router_results.stdout" failed_when: "openshift_hosted_router_results.rc != 0 and 'service exists' not in openshift_hosted_router_results.stdout and 'deployment_config' not in openshift_hosted_router_results.stderr and 'service' not in openshift_hosted_router_results.stderr" + when: replicas | int > 0 diff --git a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 index 05e360d3b..b9a279f5f 100644 --- a/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 +++ b/roles/openshift_loadbalancer/templates/haproxy.cfg.j2 @@ -7,6 +7,7 @@ global user haproxy group haproxy daemon + log /dev/log local0 info # turn on stats unix socket stats socket /var/lib/haproxy/stats diff --git a/roles/openshift_master/handlers/main.yml b/roles/openshift_master/handlers/main.yml index f7dfb11f7..edb7369de 100644 --- a/roles/openshift_master/handlers/main.yml +++ b/roles/openshift_master/handlers/main.yml @@ -17,7 +17,12 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index 0a69b3eef..a2f665702 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -4,40 +4,11 @@ galaxy_info: description: Master company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.7 + min_ansible_version: 2.1 platforms: - name: EL versions: - 7 categories: - cloud -dependencies: -- role: openshift_clock -- role: openshift_docker -- role: openshift_cli -- role: openshift_cloud_provider -- role: openshift_builddefaults -- role: openshift_master_facts -- role: openshift_hosted_facts -- role: os_firewall - os_firewall_allow: - - service: etcd embedded - port: 4001/tcp - - service: api server https - port: "{{ openshift.master.api_port }}/tcp" - - service: api controllers https - port: "{{ openshift.master.controllers_port }}/tcp" - - service: skydns tcp - port: "{{ openshift.master.dns_port }}/tcp" - - service: skydns udp - port: "{{ openshift.master.dns_port }}/udp" - - service: Fluentd td-agent tcp - port: 24224/tcp - - service: Fluentd td-agent udp - port: 24224/udp - - service: pcsd - port: 2224/tcp - - service: Corosync UDP - port: 5404/udp - - service: Corosync UDP - port: 5405/udp +dependencies: [] diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 5c6c64018..e1efb4c2b 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -180,7 +180,10 @@ changed_when: false - name: Stop and disable non-HA master when running HA - service: name={{ openshift.common.service_type }}-master enabled=no state=stopped + service: + name: "{{ openshift.common.service_type }}-master" + enabled: no + state: stopped when: openshift_master_ha | bool and 'LoadState=not-found' not in master_svc_show.stdout - set_fact: @@ -191,9 +194,24 @@ command: systemctl mask {{ openshift.common.service_type }}-master when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and not openshift.common.is_containerized | bool -- name: Start and enable master api - service: name={{ openshift.common.service_type }}-master-api enabled=yes state=started +- name: Start and enable master api on first master + service: + name: "{{ openshift.common.service_type }}-master-api" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname == openshift_master_hosts[0] + register: start_result + +- pause: + seconds: 15 when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' + +- name: Start and enable master api all masters + service: + name: "{{ openshift.common.service_type }}-master-api" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname != openshift_master_hosts[0] register: start_result - set_fact: @@ -206,18 +224,39 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent --cacert {{ openshift.common.config_base }}/master/ca.crt + curl --silent + {% if openshift.common.version_gte_3_2_or_1_2 | bool %} + --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt + {% else %} + --cacert {{ openshift.common.config_base }}/master/ca.crt + {% endif %} {{ openshift.master.api_url }}/healthz/ready register: api_available_output until: api_available_output.stdout == 'ok' retries: 120 delay: 1 + run_once: true changed_when: false when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and master_api_service_status_changed | bool -- name: Start and enable master controller - service: name={{ openshift.common.service_type }}-master-controllers enabled=yes state=started +- name: Start and enable master controller on first master + service: + name: "{{ openshift.common.service_type }}-master-controllers" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname == openshift_master_hosts[0] + register: start_result + +- pause: + seconds: 15 when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' + +- name: Start and enable master controller on all masters + service: + name: "{{ openshift.common.service_type }}-master-controllers" + enabled: yes + state: started + when: openshift_master_ha | bool and openshift.master.cluster_method == 'native' and inventory_hostname != openshift_master_hosts[0] register: start_result - set_fact: diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 27d7fac8c..a5f346543 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -170,7 +170,11 @@ oauthConfig: {% for line in translated_identity_providers.splitlines() %} {{ line }} {% endfor %} - masterCA: ca.crt +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + masterCA: ca-bundle.crt +{% else %} + masterCA: ca.rt +{% endif %} masterPublicURL: {{ openshift.master.public_api_url }} masterURL: {{ openshift.master.api_url }} sessionConfig: @@ -203,7 +207,11 @@ serviceAccountConfig: - default - builder - deployer - masterCA: ca.crt +{% if openshift.common.version_gte_3_2_or_1_2 | bool %} + masterCA: ca-bundle.crt +{% else %} + masterCA: ca.rt +{% endif %} privateKeyFile: serviceaccounts.private.key publicKeyFiles: - serviceaccounts.public.key @@ -215,7 +223,7 @@ servingInfo: keyFile: master.server.key maxRequestsInFlight: {{ openshift.master.max_requests_inflight }} requestTimeoutSeconds: 3600 -{% if openshift.master.named_certificates %} +{% if openshift.master.named_certificates | default([]) | length > 0 %} namedCertificates: {% for named_certificate in openshift.master.named_certificates %} - certFile: {{ named_certificate['certfile'] }} diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml deleted file mode 100644 index ae99467f0..000000000 --- a/roles/openshift_master_ca/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- - -- name: Install the base package for admin tooling - action: "{{ ansible_pkg_mgr }} name={{ openshift.common.service_type }}{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) }} state=present" - when: not openshift.common.is_containerized | bool - register: install_result - -- name: Reload generated facts - openshift_facts: - when: install_result | changed - -- name: Create openshift_master_config_dir if it doesn't exist - file: - path: "{{ openshift_master_config_dir }}" - state: directory - -- name: Create the master certificates if they do not already exist - command: > - {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ master_hostnames | join(',') }} - --master={{ openshift.master.api_url }} - --public-master={{ openshift.master.public_api_url }} - --cert-dir={{ openshift_master_config_dir }} --overwrite=false - when: master_certs_missing | bool diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml deleted file mode 100644 index 1f6af808c..000000000 --- a/roles/openshift_master_ca/vars/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -openshift_master_config_dir: "{{ openshift.common.config_base }}/master" -openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" -openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" -openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" diff --git a/roles/openshift_master_certificates/README.md b/roles/openshift_master_certificates/README.md index ba3d5f28c..a80d47040 100644 --- a/roles/openshift_master_certificates/README.md +++ b/roles/openshift_master_certificates/README.md @@ -1,27 +1,44 @@ OpenShift Master Certificates ======================== -TODO +This role determines if OpenShift master certificates must be created, delegates certificate creation to the `openshift_ca_host` and then deploys those certificates to master hosts which this role is being applied to. If this role is applied to the `openshift_ca_host`, certificate deployment will be skipped. Requirements ------------ -TODO - Role Variables -------------- -TODO +From `openshift_ca`: + +| Name | Default value | Description | +|---------------------------------------|---------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------| +| openshift_ca_host | None (Required) | The hostname of the system where the OpenShift CA will be (or has been) created. | + +From this role: + +| Name | Default value | Description | +|---------------------------------------|---------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------| +| openshift_generated_configs_dir | `{{ openshift.common.config_base }}/generated-configs` | Directory in which per-master generated config directories will be created on the `openshift_ca_host`. | +| openshift_master_cert_subdir | `master-{{ openshift.common.hostname }}` | Directory within `openshift_generated_configs_dir` where per-master configurations will be placed on the `openshift_ca_host`. | +| openshift_master_config_dir | `{{ openshift.common.config_base }}/master` | Master configuration directory in which certificates will be deployed on masters. | +| openshift_master_generated_config_dir | `{{ openshift_generated_configs_dir }}/{{ openshift_master_cert_subdir }` | Full path to the per-master generated config directory. | Dependencies ------------ -TODO +* openshift_ca Example Playbook ---------------- -TODO +``` +- name: Create OpenShift Master Certificates + hosts: masters + roles: + - role: openshift_master_certificates + openshift_ca_host: master1.example.com +``` License ------- diff --git a/roles/openshift_master_certificates/meta/main.yml b/roles/openshift_master_certificates/meta/main.yml index fd7b73b0f..018186e86 100644 --- a/roles/openshift_master_certificates/meta/main.yml +++ b/roles/openshift_master_certificates/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: author: Jason DeTiberus - description: + description: OpenShift Master Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,4 +13,5 @@ galaxy_info: - cloud - system dependencies: -- { role: openshift_master_ca } +- role: openshift_master_facts +- role: openshift_ca diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 394f9d381..9ed082d9f 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -1,38 +1,126 @@ --- +- set_fact: + openshift_master_certs_no_etcd: + - admin.crt + - master.kubelet-client.crt + - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}" + - master.server.crt + - openshift-master.crt + - openshift-registry.crt + - openshift-router.crt + - etcd.server.crt + openshift_master_certs_etcd: + - master.etcd-client.crt + +- set_fact: + openshift_master_certs: "{{ (openshift_master_certs_no_etcd | union(openshift_master_certs_etcd )) if openshift_master_etcd_hosts | length > 0 else openshift_master_certs_no_etcd }}" + +- name: Check status of master certificates + stat: + path: "{{ openshift_master_config_dir }}/{{ item }}" + with_items: + - "{{ openshift_master_certs }}" + register: g_master_cert_stat_result + +- set_fact: + master_certs_missing: "{{ False in (g_master_cert_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + - name: Ensure the generated_configs directory present file: - path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}" + path: "{{ openshift_master_generated_config_dir }}" state: directory mode: 0700 - with_items: "{{ masters_needing_certs | default([]) }}" + when: master_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" - file: - src: "{{ openshift_master_config_dir }}/{{ item.1 }}" - dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" + src: "{{ openshift_master_config_dir }}/{{ item }}" + dest: "{{ openshift_master_generated_config_dir }}/{{ item }}" state: hard - with_nested: - - "{{ masters_needing_certs | default([]) }}" - - - - ca.crt - - ca.key - - ca.serial.txt + with_items: + - ca.crt + - ca.key + - ca.serial.txt + when: master_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" - name: Create the master certificates if they do not already exist command: > {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ item.openshift.common.all_hostnames | join(',') }} - --master={{ item.openshift.master.api_url }} - --public-master={{ item.openshift.master.public_api_url }} - --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }} - --overwrite=false - when: item.master_certs_missing | bool - with_items: "{{ masters_needing_certs | default([]) }}" + {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + --certificate-authority {{ named_ca_certificate }} + {% endfor %} + --hostnames={{ openshift.common.all_hostnames | join(',') }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_master_generated_config_dir }} + --overwrite=false + when: master_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" - file: - src: "{{ openshift_master_config_dir }}/{{ item.1 }}" - dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}" + src: "{{ openshift_master_config_dir }}/{{ item }}" + dest: "{{ openshift_master_generated_config_dir }}/{{ item }}" state: hard force: true - with_nested: - - "{{ masters_needing_certs | default([]) }}" + with_items: - "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}" + when: master_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" + +- name: Remove generated etcd client certs when using external etcd + file: + path: "{{ openshift_master_generated_config_dir }}/{{ item }}" + state: absent + when: openshift_master_etcd_hosts | length > 0 + with_items: + - master.etcd-client.crt + - master.etcd-client.key + delegate_to: "{{ openshift_ca_host }}" + +- name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + register: g_master_mktemp + changed_when: False + when: master_certs_missing | bool + delegate_to: localhost + become: no + +- name: Create a tarball of the master certs + command: > + tar -czvf {{ openshift_master_generated_config_dir }}.tgz + -C {{ openshift_master_generated_config_dir }} . + args: + creates: "{{ openshift_master_generated_config_dir }}.tgz" + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host + delegate_to: "{{ openshift_ca_host }}" + +- name: Retrieve the master cert tarball from the master + fetch: + src: "{{ openshift_master_generated_config_dir }}.tgz" + dest: "{{ g_master_mktemp.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host + delegate_to: "{{ openshift_ca_host }}" + +- name: Ensure certificate directory exists + file: + path: "{{ openshift_master_config_dir }}" + state: directory + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host + +- name: Unarchive the tarball on the master + unarchive: + src: "{{ g_master_mktemp.stdout }}/{{ openshift_master_cert_subdir }}.tgz" + dest: "{{ openshift_master_config_dir }}" + when: master_certs_missing | bool and inventory_hostname != openshift_ca_host + +- file: name={{ g_master_mktemp.stdout }} state=absent + changed_when: False + when: master_certs_missing | bool + delegate_to: localhost + become: no diff --git a/roles/openshift_master_certificates/vars/main.yml b/roles/openshift_master_certificates/vars/main.yml index 3f18ddc79..66f2e5162 100644 --- a/roles/openshift_master_certificates/vars/main.yml +++ b/roles/openshift_master_certificates/vars/main.yml @@ -1,3 +1,5 @@ --- openshift_generated_configs_dir: "{{ openshift.common.config_base }}/generated-configs" +openshift_master_cert_subdir: "master-{{ openshift.common.hostname }}" openshift_master_config_dir: "{{ openshift.common.config_base }}/master" +openshift_master_generated_config_dir: "{{ openshift_generated_configs_dir }}/{{ openshift_master_cert_subdir }}" diff --git a/roles/openshift_named_certificates/README.md b/roles/openshift_named_certificates/README.md new file mode 100644 index 000000000..41f895813 --- /dev/null +++ b/roles/openshift_named_certificates/README.md @@ -0,0 +1,32 @@ +OpenShift Named Certificates +============================ + +TODO + +Requirements +------------ + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Andrew Butcher <abutcher@redhat.com> diff --git a/roles/openshift_etcd_certificates/meta/main.yml b/roles/openshift_named_certificates/meta/main.yml index 2725fdb51..2c6e12494 100644 --- a/roles/openshift_etcd_certificates/meta/main.yml +++ b/roles/openshift_named_certificates/meta/main.yml @@ -1,16 +1,16 @@ --- galaxy_info: author: Andrew Butcher - description: OpenShift etcd Certificates + description: OpenShift Named Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.9 + min_ansible_version: 2.1 platforms: - name: EL versions: - 7 categories: - cloud + - system dependencies: -- role: openshift_etcd_facts -- role: etcd_certificates +- role: openshift_facts diff --git a/roles/openshift_named_certificates/tasks/main.yml b/roles/openshift_named_certificates/tasks/main.yml new file mode 100644 index 000000000..7f20cf401 --- /dev/null +++ b/roles/openshift_named_certificates/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- set_fact: + parsed_named_certificates: "{{ named_certificates | oo_parse_named_certificates(named_certs_dir, internal_hostnames) }}" + when: named_certificates | length > 0 + delegate_to: localhost + become: no + run_once: true + +- openshift_facts: + role: master + local_facts: + named_certificates: "{{ parsed_named_certificates | default([]) }}" + additive_facts_to_overwrite: + - "{{ 'master.named_certificates' if overwrite_named_certs | bool else omit }}" + +- name: Clear named certificates + file: + path: "{{ named_certs_dir }}" + state: absent + when: overwrite_named_certs | bool + +- name: Ensure named certificate directory exists + file: + path: "{{ named_certs_dir }}" + state: directory + mode: 0700 + +- name: Land named certificates + copy: + src: "{{ item.certfile }}" + dest: "{{ named_certs_dir }}" + with_items: "{{ named_certificates }}" + +- name: Land named certificate keys + copy: + src: "{{ item.keyfile }}" + dest: "{{ named_certs_dir }}" + mode: 0600 + with_items: "{{ named_certificates }}" + +- name: Land named CA certificates + copy: + src: "{{ item }}" + dest: "{{ named_certs_dir }}" + mode: 0600 + with_items: "{{ named_certificates | oo_collect('cafile') }}" diff --git a/roles/openshift_named_certificates/tasks/named_certificates.yml b/roles/openshift_named_certificates/tasks/named_certificates.yml new file mode 100644 index 000000000..7b097b443 --- /dev/null +++ b/roles/openshift_named_certificates/tasks/named_certificates.yml @@ -0,0 +1,32 @@ +--- +- name: Clear named certificates + file: + path: "{{ named_certs_dir }}" + state: absent + when: overwrite_named_certs | bool + +- name: Ensure named certificate directory exists + file: + path: "{{ named_certs_dir }}" + state: directory + mode: 0700 + +- name: Land named certificates + copy: + src: "{{ item.certfile }}" + dest: "{{ named_certs_dir }}" + with_items: "{{ openshift_master_named_certificates | default([]) }}" + +- name: Land named certificate keys + copy: + src: "{{ item.keyfile }}" + dest: "{{ named_certs_dir }}" + mode: 0600 + with_items: "{{ openshift_master_named_certificates | default([]) }}" + +- name: Land named CA certificates + copy: + src: "{{ item }}" + dest: "{{ named_certs_dir }}" + mode: 0600 + with_items: "{{ openshift_master_named_certificates | default([]) | oo_collect('cafile') }}" diff --git a/roles/openshift_named_certificates/vars/main.yml b/roles/openshift_named_certificates/vars/main.yml new file mode 100644 index 000000000..368e9bdac --- /dev/null +++ b/roles/openshift_named_certificates/vars/main.yml @@ -0,0 +1,11 @@ +--- +openshift_ca_config_dir: "{{ openshift.common.config_base }}/master" +openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt" +openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key" +openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt" +openshift_version: "{{ openshift_pkg_version | default('') }}" + +overwrite_named_certs: "{{ openshift_master_overwrite_named_certificates | default(false) }}" +named_certs_dir: "{{ openshift.common.config_base }}/master/named_certificates/" +internal_hostnames: "{{ openshift.common.internal_hostnames }}" +named_certificates: "{{ openshift_master_named_certificates | default([]) }}" diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 97ab8241b..c39269f33 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -4,32 +4,11 @@ galaxy_info: description: OpenShift Node company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.7 + min_ansible_version: 2.1 platforms: - name: EL versions: - 7 categories: - cloud -dependencies: -- role: openshift_clock -- role: openshift_docker -- role: openshift_cloud_provider -- role: openshift_common -- role: openshift_node_dnsmasq - when: openshift.common.use_dnsmasq -- role: os_firewall - os_firewall_allow: - - service: Kubernetes kubelet - port: 10250/tcp - - service: http - port: 80/tcp - - service: https - port: 443/tcp - - service: Openshift kubelet ReadOnlyPort - port: 10255/tcp - - service: Openshift kubelet ReadOnlyPort udp - port: 10255/udp - - service: OpenShift OVS sdn - port: 4789/udp - when: openshift.node.use_openshift_sdn | bool +dependencies: [] diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index cdf1f6dba..4e13d9052 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -20,14 +20,14 @@ masterClientConnectionOverrides: ops: 20 {% endif %} masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig -{% if openshift.common.use_openshift_sdn %} +{% if openshift.common.use_openshift_sdn | bool and not openshift.common.version_gte_3_3_or_1_3 | bool %} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} # networkConfig struct introduced in origin 1.0.6 and OSE 3.0.2 which # deprecates networkPluginName above. The two should match. networkConfig: mtu: {{ openshift.node.sdn_mtu }} -{% if openshift.common.use_openshift_sdn or openshift.common.use_nuage %} +{% if ( openshift.common.use_openshift_sdn | bool or openshift.common.use_nuage | bool ) and not openshift.common.version_gte_3_3_or_1_3 | bool%} networkPluginName: {{ openshift.common.sdn_network_plugin_name }} {% endif %} {% if openshift.node.set_node_ip | bool %} @@ -41,7 +41,6 @@ servingInfo: clientCA: ca.crt keyFile: server.key volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes -{% include 'partials/kubeletArguments.j2' %} proxyArguments: proxy-mode: - {{ openshift.node.proxy_mode }} diff --git a/roles/openshift_node/templates/partials/kubeletArguments.j2 b/roles/openshift_node/templates/partials/kubeletArguments.j2 deleted file mode 100644 index 6c3bd04c5..000000000 --- a/roles/openshift_node/templates/partials/kubeletArguments.j2 +++ /dev/null @@ -1,5 +0,0 @@ -{% if openshift.common.use_cluster_metrics | bool %} -kubeletArguments: - "read-only-port": - - "10255" -{% endif %}
\ No newline at end of file diff --git a/roles/openshift_node_certificates/README.md b/roles/openshift_node_certificates/README.md index 6264d253a..f56066b29 100644 --- a/roles/openshift_node_certificates/README.md +++ b/roles/openshift_node_certificates/README.md @@ -1,27 +1,44 @@ -OpenShift/Atomic Enterprise Node Certificates -============================================= +OpenShift Node Certificates +=========================== -TODO +This role determines if OpenShift node certificates must be created, delegates certificate creation to the `openshift_ca_host` and then deploys those certificates to node hosts which this role is being applied to. Requirements ------------ -TODO - Role Variables -------------- -TODO +From `openshift_ca`: + +| Name | Default value | Description | +|-------------------------------------|-------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------| +| openshift_ca_host | None (Required) | The hostname of the system where the OpenShift CA will be (or has been) created. | + +From this role: + +| Name | Default value | Description | +|-------------------------------------|-------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------| +| openshift_generated_configs_dir | `{{ openshift.common.config_base }}/generated-configs` | Directory in which per-node generated config directories will be created on the `openshift_ca_host`. | +| openshift_node_cert_subdir | `node-{{ openshift.common.hostname }}` | Directory within `openshift_generated_configs_dir` where per-node certificates will be placed on the `openshift_ca_host`. | +| openshift_node_config_dir | `{{ openshift.common.config_base }}/node` | Node configuration directory in which certificates will be deployed on nodes. | +| openshift_node_generated_config_dir | `{{ openshift_generated_configs_dir }}/{{ openshift_node_cert_subdir }` | Full path to the per-node generated config directory. | Dependencies ------------ -TODO +* openshift_ca Example Playbook ---------------- -TODO +``` +- name: Create OpenShift Node Certificates + hosts: nodes + roles: + - role: openshift_node_certificates + openshift_ca_host: master1.example.com +``` License ------- diff --git a/roles/openshift_node_certificates/meta/main.yml b/roles/openshift_node_certificates/meta/main.yml index f3236e850..50a862ee9 100644 --- a/roles/openshift_node_certificates/meta/main.yml +++ b/roles/openshift_node_certificates/meta/main.yml @@ -1,10 +1,10 @@ --- galaxy_info: author: Jason DeTiberus - description: + description: OpenShift Node Certificates company: Red Hat, Inc. license: Apache License, Version 2.0 - min_ansible_version: 1.8 + min_ansible_version: 2.1 platforms: - name: EL versions: @@ -13,4 +13,4 @@ galaxy_info: - cloud - system dependencies: -- { role: openshift_facts } +- role: openshift_facts diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 216c11093..8768fb0c2 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -1,36 +1,120 @@ --- -- name: Create openshift_generated_configs_dir if it doesn\'t exist +- name: Ensure CA certificate exists on openshift_ca_host + stat: + path: "{{ openshift_ca_cert }}" + register: g_ca_cert_stat_result + delegate_to: "{{ openshift_ca_host }}" + run_once: true + +- fail: + msg: > + CA certificate {{ openshift_ca_cert }} doesn't exist on CA host + {{ openshift_ca_host }}. Apply 'openshift_ca' role to + {{ openshift_ca_host }}. + when: not g_ca_cert_stat_result.stat.exists | bool + run_once: true + +- name: Check status of node certificates + stat: + path: "{{ openshift.common.config_base }}/node/{{ item }}" + with_items: + - "system:node:{{ openshift.common.hostname }}.crt" + - "system:node:{{ openshift.common.hostname }}.key" + - "system:node:{{ openshift.common.hostname }}.kubeconfig" + - ca.crt + - server.key + - server.crt + register: g_node_cert_stat_result + +- set_fact: + node_certs_missing: "{{ False in (g_node_cert_stat_result.results + | oo_collect(attribute='stat.exists') + | list) }}" + +- name: Create openshift_generated_configs_dir if it does not exist file: path: "{{ openshift_generated_configs_dir }}" state: directory mode: 0700 - when: nodes_needing_certs | length > 0 + when: node_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" - name: Generate the node client config command: > {{ openshift.common.admin_binary }} create-api-client-config - --certificate-authority={{ openshift_master_ca_cert }} - --client-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }} + {% for named_ca_certificate in hostvars[openshift_ca_host].openshift.master.named_certificates | default([]) | oo_collect('cafile') %} + --certificate-authority {{ named_ca_certificate }} + {% endfor %} + --certificate-authority={{ openshift_ca_cert }} + --client-dir={{ openshift_node_generated_config_dir }} --groups=system:nodes - --master={{ openshift.master.api_url }} - --signer-cert={{ openshift_master_ca_cert }} - --signer-key={{ openshift_master_ca_key }} - --signer-serial={{ openshift_master_ca_serial }} - --user=system:node:{{ item.openshift.common.hostname }} + --master={{ hostvars[openshift_ca_host].openshift.master.api_url }} + --signer-cert={{ openshift_ca_cert }} + --signer-key={{ openshift_ca_key }} + --signer-serial={{ openshift_ca_serial }} + --user=system:node:{{ openshift.common.hostname }} args: - creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" - with_items: "{{ nodes_needing_certs | default([]) }}" + creates: "{{ openshift_node_generated_config_dir }}" + when: node_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" - name: Generate the node server certificate command: > {{ openshift.common.admin_binary }} ca create-server-cert - --cert={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt - --key={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.key + --cert={{ openshift_node_generated_config_dir }}/server.crt + --key={{ openshift_generated_configs_dir }}/node-{{ openshift.common.hostname }}/server.key --overwrite=true - --hostnames={{ item.openshift.common.all_hostnames |join(",") }} - --signer-cert={{ openshift_master_ca_cert }} - --signer-key={{ openshift_master_ca_key }} - --signer-serial={{ openshift_master_ca_serial }} + --hostnames={{ openshift.common.all_hostnames |join(",") }} + --signer-cert={{ openshift_ca_cert }} + --signer-key={{ openshift_ca_key }} + --signer-serial={{ openshift_ca_serial }} + args: + creates: "{{ openshift_node_generated_config_dir }}/server.crt" + when: node_certs_missing | bool + delegate_to: "{{ openshift_ca_host}}" + +- name: Create local temp directory for syncing certs + local_action: command mktemp -d /tmp/openshift-ansible-XXXXXXX + register: node_cert_mktemp + changed_when: False + when: node_certs_missing | bool + delegate_to: localhost + become: no + +- name: Create a tarball of the node config directories + command: > + tar -czvf {{ openshift_node_generated_config_dir }}.tgz + --transform 's|system:{{ openshift_node_cert_subdir }}|node|' + -C {{ openshift_node_generated_config_dir }} . args: - creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt" - with_items: "{{ nodes_needing_certs | default([]) }}" + creates: "{{ openshift_node_generated_config_dir }}.tgz" + when: node_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" + +- name: Retrieve the node config tarballs from the master + fetch: + src: "{{ openshift_node_generated_config_dir }}.tgz" + dest: "{{ node_cert_mktemp.stdout }}/" + flat: yes + fail_on_missing: yes + validate_checksum: yes + when: node_certs_missing | bool + delegate_to: "{{ openshift_ca_host }}" + +- name: Ensure certificate directory exists + file: + path: "{{ openshift_node_cert_dir }}" + state: directory + when: node_certs_missing | bool + +- name: Unarchive the tarball on the node + unarchive: + src: "{{ node_cert_mktemp.stdout }}/{{ openshift_node_cert_subdir }}.tgz" + dest: "{{ openshift_node_cert_dir }}" + when: node_certs_missing | bool + +- file: name={{ node_cert_mktemp.stdout }} state=absent + changed_when: False + when: node_certs_missing | bool + delegate_to: localhost + become: no diff --git a/roles/openshift_node_certificates/vars/main.yml b/roles/openshift_node_certificates/vars/main.yml index 61fbb1e51..17ad8106d 100644 --- a/roles/openshift_node_certificates/vars/main.yml +++ b/roles/openshift_node_certificates/vars/main.yml @@ -1,7 +1,11 @@ --- -openshift_node_config_dir: "{{ openshift.common.config_base }}/node" -openshift_master_config_dir: "{{ openshift.common.config_base }}/master" openshift_generated_configs_dir: "{{ openshift.common.config_base }}/generated-configs" -openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" -openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" -openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" +openshift_node_cert_dir: "{{ openshift.common.config_base }}/node" +openshift_node_cert_subdir: "node-{{ openshift.common.hostname }}" +openshift_node_config_dir: "{{ openshift.common.config_base }}/node" +openshift_node_generated_config_dir: "{{ openshift_generated_configs_dir }}/{{ openshift_node_cert_subdir }}" + +openshift_ca_config_dir: "{{ openshift.common.config_base }}/master" +openshift_ca_cert: "{{ openshift_ca_config_dir }}/ca.crt" +openshift_ca_key: "{{ openshift_ca_config_dir }}/ca.key" +openshift_ca_serial: "{{ openshift_ca_config_dir }}/ca.serial.txt" |