diff options
Diffstat (limited to 'roles')
72 files changed, 2625 insertions, 1278 deletions
diff --git a/roles/etcd/README.md b/roles/etcd/README.md new file mode 100644 index 000000000..49207c428 --- /dev/null +++ b/roles/etcd/README.md @@ -0,0 +1,39 @@ +Role Name +========= + +Configures an etcd cluster for an arbitrary number of hosts + +Requirements +------------ + +This role assumes it's being deployed on a RHEL/Fedora based host with package +named 'etcd' available via yum. + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +None + +Example Playbook +---------------- + + - hosts: etcd + roles: + - { etcd } + +License +------- + +MIT + +Author Information +------------------ + +Scott Dodson <sdodson@redhat.com> +Adapted from https://github.com/retr0h/ansible-etcd for use on RHEL/Fedora. We +should at some point submit a PR to merge this with that module. diff --git a/roles/etcd/defaults/main.yaml b/roles/etcd/defaults/main.yaml new file mode 100644 index 000000000..0fb45f37c --- /dev/null +++ b/roles/etcd/defaults/main.yaml @@ -0,0 +1,31 @@ +--- +etcd_interface: eth0 +etcd_client_port: 2379 +etcd_peer_port: 2380 +etcd_peers_group: etcd +etcd_url_scheme: http +etcd_peer_url_scheme: http +etcd_conf_dir: /etc/etcd +etcd_ca_file: "{{ etcd_conf_dir }}/ca.crt" +etcd_cert_file: "{{ etcd_conf_dir }}/server.crt" +etcd_key_file: "{{ etcd_conf_dir }}/server.key" +etcd_peer_ca_file: "{{ etcd_conf_dir }}/ca.crt" +etcd_peer_cert_file: "{{ etcd_conf_dir }}/peer.crt" +etcd_peer_key_file: "{{ etcd_conf_dir }}/peer.key" + +etcd_initial_cluster_state: new +etcd_initial_cluster_token: etcd-cluster-1 + +etcd_initial_advertise_peer_urls: "{{ etcd_peer_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}" +etcd_listen_peer_urls: "{{ etcd_peer_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}" +etcd_advertise_client_urls: "{{ etcd_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_client_port }}" +etcd_listen_client_urls: "{{ etcd_url_scheme }}://{{ hostvars[inventory_hostname]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_client_port }}" + +etcd_data_dir: /var/lib/etcd/ + +os_firewall_use_firewalld: False +os_firewall_allow: +- service: etcd + port: "{{etcd_client_port}}/tcp" +- service: etcd peering + port: "{{ etcd_peer_port }}/tcp" diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml new file mode 100644 index 000000000..b897913f9 --- /dev/null +++ b/roles/etcd/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart etcd + service: name=etcd state=restarted diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml new file mode 100644 index 000000000..82b1a62b8 --- /dev/null +++ b/roles/etcd/meta/main.yml @@ -0,0 +1,19 @@ +--- +# This module is based on https://github.com/retr0h/ansible-etcd with most +# changes centered around installing from a pre-existing rpm +# TODO: Extend https://github.com/retr0h/ansible-etcd rather than forking +galaxy_info: + author: Scott Dodson + description: etcd management + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: os_firewall } diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml new file mode 100644 index 000000000..79a91dfde --- /dev/null +++ b/roles/etcd/tasks/main.yml @@ -0,0 +1,52 @@ +--- +- name: Install etcd + yum: pkg=etcd state=present + +- name: Validate permissions on the config dir + file: + path: "{{ etcd_conf_dir }}" + state: directory + owner: etcd + group: etcd + mode: 0700 + +- name: Validate permissions on certificate files + file: + path: "{{ item }}" + mode: 0600 + group: etcd + owner: etcd + when: etcd_url_scheme == 'https' + with_items: + - "{{ etcd_ca_file }}" + - "{{ etcd_cert_file }}" + - "{{ etcd_key_file }}" + +- name: Validate permissions on peer certificate files + file: + path: "{{ item }}" + mode: 0600 + group: etcd + owner: etcd + when: etcd_peer_url_scheme == 'https' + with_items: + - "{{ etcd_peer_ca_file }}" + - "{{ etcd_peer_cert_file }}" + - "{{ etcd_peer_key_file }}" + +- name: Write etcd global config file + template: + src: etcd.conf.j2 + dest: /etc/etcd/etcd.conf + notify: + - restart etcd + +- name: Enable etcd + service: + name: etcd + state: started + enabled: yes + register: start_result + +- pause: seconds=30 + when: start_result | changed diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2 new file mode 100644 index 000000000..801be2c97 --- /dev/null +++ b/roles/etcd/templates/etcd.conf.j2 @@ -0,0 +1,52 @@ +{% macro initial_cluster() -%} +{% for host in groups[etcd_peers_group] -%} +{% if loop.last -%} +{{ host }}={{ etcd_peer_url_scheme }}://{{ hostvars[host]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }} +{%- else -%} +{{ host }}={{ etcd_peer_url_scheme }}://{{ hostvars[host]['ansible_' + etcd_interface]['ipv4']['address'] }}:{{ etcd_peer_port }}, +{%- endif -%} +{% endfor -%} +{% endmacro -%} + +{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %} +ETCD_NAME={{ inventory_hostname }} +ETCD_LISTEN_PEER_URLS={{ etcd_listen_peer_urls }} +{% else %} +ETCD_NAME=default +{% endif %} +ETCD_DATA_DIR={{ etcd_data_dir }} +#ETCD_SNAPSHOT_COUNTER="10000" +#ETCD_HEARTBEAT_INTERVAL="100" +#ETCD_ELECTION_TIMEOUT="1000" +ETCD_LISTEN_CLIENT_URLS={{ etcd_listen_client_urls }} +#ETCD_MAX_SNAPSHOTS="5" +#ETCD_MAX_WALS="5" +#ETCD_CORS="" + +{% if groups[etcd_peers_group] and groups[etcd_peers_group] | length > 1 %} +#[cluster] +ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_initial_advertise_peer_urls }} +ETCD_INITIAL_CLUSTER={{ initial_cluster() }} +ETCD_INITIAL_CLUSTER_STATE={{ etcd_initial_cluster_state }} +ETCD_INITIAL_CLUSTER_TOKEN={{ etcd_initial_cluster_token }} +#ETCD_DISCOVERY="" +#ETCD_DISCOVERY_SRV="" +#ETCD_DISCOVERY_FALLBACK="proxy" +#ETCD_DISCOVERY_PROXY="" +{% endif %} +ETCD_ADVERTISE_CLIENT_URLS={{ etcd_advertise_client_urls }} + +#[proxy] +#ETCD_PROXY="off" + +#[security] +{% if etcd_url_scheme == 'https' -%} +ETCD_CA_FILE={{ etcd_ca_file }} +ETCD_CERT_FILE={{ etcd_cert_file }} +ETCD_KEY_FILE={{ etcd_key_file }} +{% endif -%} +{% if etcd_peer_url_scheme == 'https' -%} +ETCD_PEER_CA_FILE={{ etcd_peer_ca_file }} +ETCD_PEER_CERT_FILE={{ etcd_peer_cert_file }} +ETCD_PEER_KEY_FILE={{ etcd_peer_key_file }} +{% endif -%} diff --git a/roles/etcd_ca/README.md b/roles/etcd_ca/README.md new file mode 100644 index 000000000..60a880e30 --- /dev/null +++ b/roles/etcd_ca/README.md @@ -0,0 +1,34 @@ +etcd_ca +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Scott Dodson (sdodson@redhat.com) diff --git a/roles/etcd_ca/meta/main.yml b/roles/etcd_ca/meta/main.yml new file mode 100644 index 000000000..ce909b992 --- /dev/null +++ b/roles/etcd_ca/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: openshift_facts } diff --git a/roles/etcd_ca/tasks/main.yml b/roles/etcd_ca/tasks/main.yml new file mode 100644 index 000000000..ab151fe5b --- /dev/null +++ b/roles/etcd_ca/tasks/main.yml @@ -0,0 +1,44 @@ +--- +- file: + path: "{{ etcd_ca_dir }}/{{ item }}" + state: directory + mode: 0700 + owner: root + group: root + with_items: + - certs + - crl + - fragments + +- command: cp /etc/pki/tls/openssl.cnf ./ + args: + chdir: "{{ etcd_ca_dir }}/fragments" + creates: "{{ etcd_ca_dir }}/fragments/openssl.cnf" + +- template: + dest: "{{ etcd_ca_dir }}/fragments/openssl_append.cnf" + src: openssl_append.j2 + +- assemble: + src: "{{ etcd_ca_dir }}/fragments" + dest: "{{ etcd_ca_dir }}/openssl.cnf" + +- command: touch index.txt + args: + chdir: "{{ etcd_ca_dir }}" + creates: "{{ etcd_ca_dir }}/index.txt" + +- copy: + dest: "{{ etcd_ca_dir }}/serial" + content: "01" + force: no + +- command: > + openssl req -config openssl.cnf -newkey rsa:4096 + -keyout ca.key -new -out ca.crt -x509 -extensions etcd_v3_ca_self + -batch -nodes -subj /CN=etcd-signer@{{ ansible_date_time.epoch }} + args: + chdir: "{{ etcd_ca_dir }}" + creates: "{{ etcd_ca_dir }}/ca.crt" + environment: + SAN: '' diff --git a/roles/etcd_ca/templates/openssl_append.j2 b/roles/etcd_ca/templates/openssl_append.j2 new file mode 100644 index 000000000..de2adaead --- /dev/null +++ b/roles/etcd_ca/templates/openssl_append.j2 @@ -0,0 +1,51 @@ + +[ etcd_v3_req ] +basicConstraints = critical,CA:FALSE +keyUsage = digitalSignature,keyEncipherment +subjectAltName = ${ENV::SAN} + +[ etcd_ca ] +dir = {{ etcd_ca_dir }} +crl_dir = $dir/crl +database = $dir/index.txt +new_certs_dir = $dir/certs +certificate = $dir/ca.crt +serial = $dir/serial +private_key = $dir/ca.key +crl_number = $dir/crlnumber +x509_extensions = etcd_v3_ca_client +default_days = 365 +default_md = sha256 +preserve = no +name_opt = ca_default +cert_opt = ca_default +policy = policy_anything +unique_subject = no +copy_extensions = copy + +[ etcd_v3_ca_self ] +authorityKeyIdentifier = keyid,issuer +basicConstraints = critical,CA:TRUE,pathlen:0 +keyUsage = critical,digitalSignature,keyEncipherment,keyCertSign +subjectKeyIdentifier = hash + +[ etcd_v3_ca_peer ] +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = critical,CA:FALSE +extendedKeyUsage = clientAuth,serverAuth +keyUsage = digitalSignature,keyEncipherment +subjectKeyIdentifier = hash + +[ etcd_v3_ca_server ] +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = critical,CA:FALSE +extendedKeyUsage = serverAuth +keyUsage = digitalSignature,keyEncipherment +subjectKeyIdentifier = hash + +[ etcd_v3_ca_client ] +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = critical,CA:FALSE +extendedKeyUsage = clientAuth +keyUsage = digitalSignature,keyEncipherment +subjectKeyIdentifier = hash diff --git a/roles/etcd_ca/vars/main.yml b/roles/etcd_ca/vars/main.yml new file mode 100644 index 000000000..901e95027 --- /dev/null +++ b/roles/etcd_ca/vars/main.yml @@ -0,0 +1,3 @@ +--- +etcd_conf_dir: /etc/etcd +etcd_ca_dir: /etc/etcd/ca diff --git a/roles/etcd_certificates/README.md b/roles/etcd_certificates/README.md new file mode 100644 index 000000000..95f8f8aab --- /dev/null +++ b/roles/etcd_certificates/README.md @@ -0,0 +1,34 @@ +OpenShift etcd certificates +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Scott Dodson (sdodson@redhat.com) diff --git a/roles/etcd_certificates/meta/main.yml b/roles/etcd_certificates/meta/main.yml new file mode 100644 index 000000000..41370fab4 --- /dev/null +++ b/roles/etcd_certificates/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: etcd_ca } diff --git a/roles/etcd_certificates/tasks/client.yml b/roles/etcd_certificates/tasks/client.yml new file mode 100644 index 000000000..28f33f442 --- /dev/null +++ b/roles/etcd_certificates/tasks/client.yml @@ -0,0 +1,42 @@ +--- +- name: Ensure generated_certs directory present + file: + path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + state: directory + mode: 0700 + with_items: etcd_needing_client_certs + +- name: Create the client csr + command: > + openssl req -new -keyout {{ item.etcd_cert_prefix }}client.key + -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}client.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ item.openshift.common.hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'client.csr' }}" + environment: + SAN: "IP:{{ item.openshift.common.ip }}" + with_items: etcd_needing_client_certs + +- name: Sign and create the client crt + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}client.crt + -in {{ item.etcd_cert_prefix }}client.csr + -batch + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'client.crt' }}" + environment: + SAN: '' + with_items: etcd_needing_client_certs + +- file: + src: "{{ etcd_ca_cert }}" + dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" + state: hard + with_items: etcd_needing_client_certs diff --git a/roles/etcd_certificates/tasks/main.yml b/roles/etcd_certificates/tasks/main.yml new file mode 100644 index 000000000..da875e8ea --- /dev/null +++ b/roles/etcd_certificates/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- include: client.yml + when: etcd_needing_client_certs is defined and etcd_needing_client_certs + +- include: server.yml + when: etcd_needing_server_certs is defined and etcd_needing_server_certs + + + diff --git a/roles/etcd_certificates/tasks/server.yml b/roles/etcd_certificates/tasks/server.yml new file mode 100644 index 000000000..727b7fa2c --- /dev/null +++ b/roles/etcd_certificates/tasks/server.yml @@ -0,0 +1,73 @@ +--- +- name: Ensure generated_certs directory present + file: + path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + state: directory + mode: 0700 + with_items: etcd_needing_server_certs + +- name: Create the server csr + command: > + openssl req -new -keyout {{ item.etcd_cert_prefix }}server.key + -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}server.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ item.openshift.common.hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'server.csr' }}" + environment: + SAN: "IP:{{ item.openshift.common.ip }}" + with_items: etcd_needing_server_certs + +- name: Sign and create the server crt + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}server.crt + -in {{ item.etcd_cert_prefix }}server.csr + -extensions {{ etcd_ca_exts_server }} -batch + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'server.crt' }}" + environment: + SAN: '' + with_items: etcd_needing_server_certs + +- name: Create the peer csr + command: > + openssl req -new -keyout {{ item.etcd_cert_prefix }}peer.key + -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}peer.csr + -reqexts {{ etcd_req_ext }} -batch -nodes + -subj /CN={{ item.openshift.common.hostname }} + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'peer.csr' }}" + environment: + SAN: "IP:{{ item.openshift.common.ip }}" + with_items: etcd_needing_server_certs + +- name: Sign and create the peer crt + command: > + openssl ca -name {{ etcd_ca_name }} -config {{ etcd_openssl_conf }} + -out {{ item.etcd_cert_prefix }}peer.crt + -in {{ item.etcd_cert_prefix }}peer.csr + -extensions {{ etcd_ca_exts_peer }} -batch + args: + chdir: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}" + creates: "{{ etcd_generated_certs_dir ~ '/' ~ item.etcd_cert_subdir ~ '/' + ~ item.etcd_cert_prefix ~ 'peer.crt' }}" + environment: + SAN: '' + with_items: etcd_needing_server_certs + +- file: + src: "{{ etcd_ca_cert }}" + dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt" + state: hard + with_items: etcd_needing_server_certs + + diff --git a/roles/etcd_certificates/vars/main.yml b/roles/etcd_certificates/vars/main.yml new file mode 100644 index 000000000..0eaeeb82b --- /dev/null +++ b/roles/etcd_certificates/vars/main.yml @@ -0,0 +1,11 @@ +--- +etcd_conf_dir: /etc/etcd +etcd_ca_dir: /etc/etcd/ca +etcd_generated_certs_dir: /etc/etcd/generated_certs +etcd_ca_cert: "{{ etcd_ca_dir }}/ca.crt" +etcd_ca_key: "{{ etcd_ca_dir }}/ca.key" +etcd_openssl_conf: "{{ etcd_ca_dir }}/openssl.cnf" +etcd_ca_name: etcd_ca +etcd_req_ext: etcd_v3_req +etcd_ca_exts_peer: etcd_v3_ca_peer +etcd_ca_exts_server: etcd_v3_ca_server diff --git a/roles/openshift_examples/README.md b/roles/openshift_examples/README.md index 787624ab6..7d8735a0a 100644 --- a/roles/openshift_examples/README.md +++ b/roles/openshift_examples/README.md @@ -4,6 +4,10 @@ OpenShift Examples Installs example image streams, db-templates, and quickstart-templates by copying examples from this module to your first master and importing them with oc create -n into the openshift namespace +The examples-sync.sh script can be used to pull the latest content from github +and stage it for updating the ansible repo. This script is not used directly by +ansible. + Requirements ------------ diff --git a/roles/openshift_examples/defaults/main.yml b/roles/openshift_examples/defaults/main.yml index 0f8e9f7ee..3246790aa 100644 --- a/roles/openshift_examples/defaults/main.yml +++ b/roles/openshift_examples/defaults/main.yml @@ -3,7 +3,7 @@ openshift_examples_load_centos: "{{ openshift_deployment_type != 'enterprise' }}" openshift_examples_load_rhel: "{{ openshift_deployment_type == 'enterprise' }}" openshift_examples_load_db_templates: true -openshift_examples_load_xpaas: false +openshift_examples_load_xpaas: "{{ openshift_deployment_type == 'enterprise' }}" openshift_examples_load_quickstarts: true examples_base: /usr/share/openshift/examples diff --git a/roles/openshift_examples/templates.sh b/roles/openshift_examples/examples-sync.sh index 4f3050494..12d3bc263 100755 --- a/roles/openshift_examples/templates.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -1,5 +1,10 @@ #!/bin/bash +# Utility script to update the ansible repo with the latest templates and image +# streams from several github repos +# +# This script should be run from openshift-ansible/roles/openshift_examples + EXAMPLES_BASE=$(pwd)/files/examples find files/examples -name '*.json' -delete TEMP=`mktemp -d` @@ -26,6 +31,6 @@ cp nodejs-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ cp dancer-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ cp cakephp-ex-master/openshift/templates/* ${EXAMPLES_BASE}/quickstart-templates/ mv application-templates-master/jboss-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/ -find application-templates-master/ -name '*.json' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; +find application-templates-master/ -name '*.json' ! -wholename '*secret*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; popd git diff files/examples diff --git a/roles/openshift_examples/files/examples/xpaas-streams/jboss-image-streams.json b/roles/openshift_examples/files/examples/xpaas-streams/jboss-image-streams.json index 425cc3e0f..37e6269fe 100644 --- a/roles/openshift_examples/files/examples/xpaas-streams/jboss-image-streams.json +++ b/roles/openshift_examples/files/examples/xpaas-streams/jboss-image-streams.json @@ -81,7 +81,7 @@ "name": "jboss-amq-6" }, "spec": { - "dockerImageRepository": "registry.access.redhat.com/jboss-amq-6/amq-openshift:6.2", + "dockerImageRepository": "registry.access.redhat.com/jboss-amq-6/amq-openshift", "tags": [ { "name": "6.2", @@ -95,63 +95,6 @@ } ] } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "jboss-mysql-55", - "annotations": { - "description": "Provides MySQL 5.5 images for use with JBoss Middleware products." - } - }, - "spec": { - "dockerImageRepository": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7", - "tags": [ - { - "name": "latest", - "dockerImageReference": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest" - } - ] - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "jboss-postgresql-92", - "annotations": { - "description": "Provides PostgreSQL 9.2 images for use with JBoss Middleware products." - } - }, - "spec": { - "dockerImageRepository": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7", - "tags": [ - { - "name": "latest", - "dockerImageReference": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest" - } - ] - } - }, - { - "kind": "ImageStream", - "apiVersion": "v1", - "metadata": { - "name": "jboss-mongodb-24", - "annotations": { - "description": "Provides MongoDB 2.4 images for use with JBoss Middleware products." - } - }, - "spec": { - "dockerImageRepository": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7", - "tags": [ - { - "name": "latest", - "dockerImageReference": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest" - } - ] - } } ] } diff --git a/roles/openshift_examples/files/examples/xpaas-templates/amq6-persistent.json b/roles/openshift_examples/files/examples/xpaas-templates/amq6-persistent.json index 00b63ce8c..c0925b453 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/amq6-persistent.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/amq6-persistent.json @@ -64,6 +64,21 @@ "name": "AMQ_ADMIN_PASSWORD", "from": "[a-zA-Z0-9]{8}", "generate": "expression" + }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret" + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts" + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks" } ], "objects": [ @@ -258,6 +273,7 @@ ], "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-amq-6:${AMQ_RELEASE}" } } @@ -276,11 +292,23 @@ } }, "spec": { + "serviceAccount": "amq-service-account", "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "registry.access.redhat.com/jboss-amq-6/amq-openshift:${AMQ_RELEASE}", + "image": "jboss-amq-6", "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + }, + { + "mountPath": "/opt/amq/data/kahadb", + "name": "${APPLICATION_NAME}-amq-pvol" + } + ], "readinessProbe": { "exec": { "command": [ @@ -327,12 +355,6 @@ "protocol": "TCP" } ], - "volumeMounts": [ - { - "mountPath": "/opt/amq/data/kahadb", - "name": "${APPLICATION_NAME}-amq-pvol" - } - ], "env": [ { "name": "AMQ_USER", @@ -361,12 +383,30 @@ { "name": "AMQ_ADMIN_PASSWORD", "value": "${AMQ_ADMIN_PASSWORD}" + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" } ] } ], "volumes": [ { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + }, + { "name": "${APPLICATION_NAME}-amq-pvol", "persistentVolumeClaim": { "claimName": "${APPLICATION_NAME}-amq-claim" diff --git a/roles/openshift_examples/files/examples/xpaas-templates/amq6.json b/roles/openshift_examples/files/examples/xpaas-templates/amq6.json index 0bb1b0651..63ec9a235 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/amq6.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/amq6.json @@ -59,6 +59,21 @@ "name": "AMQ_ADMIN_PASSWORD", "from": "[a-zA-Z0-9]{8}", "generate": "expression" + }, + { + "description": "Name of a secret containing SSL related files", + "name": "AMQ_SECRET", + "value": "amq-app-secret" + }, + { + "description": "SSL trust store filename", + "name": "AMQ_TRUSTSTORE", + "value": "broker.ts" + }, + { + "description": "SSL key store filename", + "name": "AMQ_KEYSTORE", + "value": "broker.ks" } ], "objects": [ @@ -253,6 +268,7 @@ ], "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-amq-6:${AMQ_RELEASE}" } } @@ -271,11 +287,19 @@ } }, "spec": { + "serviceAccount": "amq-service-account", "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "registry.access.redhat.com/jboss-amq-6/amq-openshift:${AMQ_RELEASE}", + "image": "jboss-amq-6", "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "broker-secret-volume", + "mountPath": "/etc/amq-secret-volume", + "readOnly": true + } + ], "readinessProbe": { "exec": { "command": [ @@ -354,9 +378,29 @@ { "name": "AMQ_MESH_SERVICE_NAME", "value": "${APPLICATION_NAME}-amq-tcp" + }, + { + "name": "AMQ_KEYSTORE_TRUSTSTORE_DIR", + "value": "/etc/amq-secret-volume" + }, + { + "name": "AMQ_TRUSTSTORE", + "value": "${AMQ_TRUSTSTORE}" + }, + { + "name": "AMQ_KEYSTORE", + "value": "${AMQ_KEYSTORE}" } ] } + ], + "volumes": [ + { + "name": "broker-secret-volume", + "secret": { + "secretName": "${AMQ_SECRET}" + } + } ] } } diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap-app-secret.json b/roles/openshift_examples/files/examples/xpaas-templates/eap-app-secret.json deleted file mode 100644 index cfe038048..000000000 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap-app-secret.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "kind": "List", - "apiVersion": "v1", - "metadata": {}, - "items": [ - { - "kind": "ServiceAccount", - "apiVersion": "v1", - "metadata": { - "name": "eap-service-account" - }, - "secrets": [ - { - "name": "eap-app-secret" - } - ] - }, - { - "kind": "Secret", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Default secret file with name 'jboss' and password 'mykeystorepass'" - }, - "name": "eap-app-secret" - }, - "data": { - "keystore.jks": "/u3+7QAAAAIAAAABAAAAAQAFamJvc3MAAAFNbVtLLAAABQMwggT/MA4GCisGAQQBKgIRAQEFAASCBOsxl4wqa+E+XP8+qMZY9XLhvKrRX8V1MHdwFZQaLTEVURCizqYXoMnbhtfV0oMAUFsE7013TTA9Q2l+pSs+cqz6HH/vwjEEIkqJx5wD8WcD/bu9e9F9EHQ+zrjZFmpMFvXsvj9+ux1o/YLBDGY3kd4MoDcJy0yJ/ZpzNYLkXanlrMhWqxC7MAliCBsdyVgNn5RFb4Nn+JZgJuNSIGo/K292+0IFaFv9vsXbX889W9HPCvfO0mQIzoy8In0NhzdKli/67y4kbDkWaI0fRONckZTxNpxn6rMc0nN9zKrGVToLxj1Ufcoj/tCvR8agtPpv7KIWUqBYDg83ad+i4EE5XYISovlsl6RmtrrTb39PJcL86+wJ+x2ZrLuyzh6C9sAOdSBiKt/DY97ICIYltRMrb+cNwWdnJvT+PeYvv3vKo7YThha+akoJDjsWMp1HWpbIC9zg9ZjugU+/ao6nHtmoZmCaYjLuEE+sYl5s179uyQjE3LRc+0cVY2+bYCOD6P6JLH9GdfjkR40OhjryiWy2Md6vAGaATh6kjjreRHfSie4KCgIZx9Ngb1+uAwauYSM8d9OIwT5lRmLd4Go9CaFXtFdq/IZv3x5ZEPVqMjxcq0KXcs1QcfK3oSYL/rrkxXxKFTrd0N3KgvwATWx/KS90tdHBg65dF3PpBjK1AYQL3Q7KV3t45SVyYHd92TUsaduY1nUQk4TukNC8l9f8xYVeOFXoFHZRx9edqn8fjDMmCYn5PTPNuMPHQm7nKxeWhV2URY5jt774gmvHLNcXeEgrM7US81wOvs2y1jY/paJWn+OACf2x2a75MWFFkZH67bZoh9pPWAwOUEtegXTL5QVicHjzZrop8Qb7K7hlGgD0RP5YYOFYF4DD+SL5BHKr6fw/LS6MMJaK1wKsJd0oGg9HcHXjph9Kb+mqXrQ54C1KI42LpFftU3DCg8wGoqvg/zO/UtVeHX3rBZDUIkeQrCULEkki9oL5diDxe9mNx9Qua5FJ6FJGIffQmsC4b0+Xys6NyqUu1aeWLcAPA/5hcs6ZTiSRTHTBe3vxapyBjnAL5uij4ILbWbEGH1e0mAHBeiihRx+w4oxH4OGCvXOhwIDHETLJJUcnJe1CouECdqdfVy/eEsIfiEheVs8OwogJLiWgzB7PoebXM4SKsAWL3NcDtC1LV3KuPgFuTDH7MjPIR83eSxkKlJLMNGfEpUHyg+lm7aJ98PVIS+l1YV9oUzLfbo3S6S2sMjVgyviS90vNIPo5JOTEFHsg5aWJNHL0OV4zRUeILzwwdQz+VkTk9DobnkLWUeLnwUNWheOpaQh79Mk0IfwfLj4D0Vx9p+PShKKZCGs0wjckmCFBM5Pc1x2lwMdaP5yATzrw+jUc+/3UY4PF/4Ya66m/DRsBKEcXjVAHcTce6OdNdGlBNT8VgkxPiylwO8hvyvpf6j+wdb9iXi6eOnk0AiEJ6mUAXs/eyDD/cqQjnUBKRGLQUSdHhvtpw8RfvyVhAAxNOnBsOT0WYol9iK6pSclGTF5mZleASRzZhH69GgdebfFhXimb0j/wYj3uLgf6mrKMDwlrXJ80SiWkXxd5TX/7XtB9lbPzNpaR12M8U8UVg16VOtMwCR2Gss2vmhqQnQFLsUsAKcYM0TRp1pWqbzpGebCvJkVWiIYocN3ZI1csAhGX3G86ewAAAAEABVguNTA5AAADeTCCA3UwggJdoAMCAQICBGekovEwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMB4XDTE1MDUxOTE4MDYxOFoXDTE1MDgxNzE4MDYxOFowazELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYDVQQKEw1teWNvbXBhbnkuY29tMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEPMA0GA1UEAxMGanNtaXRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0zbGtem+If//jw0OTszIcpX4ydOCC0PeqktulYkm4pG0qEVBB+HuMj7yeTBc1KCDl2xm+Q6LPeTzUufk7BXFEg4Ru1l3PSW70LyJBfHy5ns0dYE5M1I0Avv9rvjgC1VTsiBmdXh+tIIQDPknIKpWpcs79XPOURGLvuGjfyj08EZWFvAZzYrk3lKwkceDHpYYb5i+zxFRz5K6of/h9gQ9CzslqNd7uxxvyy/yTtNFk2J797Vk3hKtbiATqc9+egEHcEQrzADejPYol5ke3DA1NPRBqFGku5n215i2eYzYvVV1xmifID/3lzvNWN0bWlOxl74VsPnWa/2JPP3hZ6p5QIDAQABoyEwHzAdBgNVHQ4EFgQURLJKk/gaSrMjDyX8iYtCzPtTBqAwDQYJKoZIhvcNAQELBQADggEBAA4ESTKsWevv40hFv11t+lGNHT16u8Xk+WnvB4Ko5sZjVhvRWTTKOEBE5bDYfMhf0esn8gg0B4Qtm4Rb5t9PeaG/0d6xxD0BIV6eWihJVtEGOH47Wf/UzfC88fqoIxZ6MMBPik/WeafvOK+HIHfZSwAmqlXgl4nNVDdMNHtBhNAvikL3osxrSbqdi3eyI7rqSpb41Lm9v+PF+vZTOGRQf22Gq30/Ie85DlqugtRKimWHJYL2HeL4ywTtQKgde6JDRCOHwbDcsl6CbMjugt3yyI7Yo9EJdKb5p6YoVOpnCz7369W9Uim+Xrl2ELZWM5WTiQFxd6S36Ql2TUk+s8zj/GoN9ov0Y/yNNCxAibwyzo94N+Q4vA==" - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-persistent-sti.json index 2a9c06bee..0790d6546 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-persistent-sti.json @@ -28,9 +28,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -144,7 +144,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -168,7 +168,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -242,7 +242,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -262,7 +262,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -302,6 +302,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -502,6 +503,7 @@ ], "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-amq-6:${AMQ_RELEASE}" } } @@ -523,7 +525,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "registry.access.redhat.com/jboss-amq-6/amq-openshift:${AMQ_RELEASE}", + "image": "jboss-amq-6", "imagePullPolicy": "Always", "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-sti.json index e96eef6f7..a0505f81e 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-amq-sti.json @@ -28,9 +28,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -139,7 +139,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -163,7 +163,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -237,7 +237,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -257,7 +257,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -297,6 +297,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -497,6 +498,7 @@ ], "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-amq-6:${AMQ_RELEASE}" } } @@ -518,7 +520,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-amq", - "image": "registry.access.redhat.com/jboss-amq-6/amq-openshift:${AMQ_RELEASE}", + "image": "jboss-amq-6", "imagePullPolicy": "Always", "readinessProbe": { "exec": { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-basic-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-basic-sti.json index 7148d8fd7..d894deda0 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-basic-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-basic-sti.json @@ -23,23 +23,24 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", - "name": "GIT_URI" + "name": "GIT_URI", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts" }, { "description": "Git branch/tag reference", "name": "GIT_REF", - "value": "master" + "value": "6.4.x" }, { "description": "Path within Git project to build; empty for root project directory.", "name": "GIT_CONTEXT_DIR", - "value": "" + "value": "kitchensink" }, { "description": "Queue names", @@ -52,26 +53,6 @@ "value": "" }, { - "description": "The name of the secret containing the keystore file", - "name": "EAP_HTTPS_SECRET", - "value": "eap-app-secret" - }, - { - "description": "The name of the keystore file within the secret", - "name": "EAP_HTTPS_KEYSTORE", - "value": "keystore.jks" - }, - { - "description": "The name associated with the server certificate", - "name": "EAP_HTTPS_NAME", - "value": "" - }, - { - "description": "The password for the keystore and certificate", - "name": "EAP_HTTPS_PASSWORD", - "value": "" - }, - { "description": "HornetQ cluster admin password", "name": "HORNETQ_CLUSTER_PASSWORD", "from": "[a-zA-Z0-9]{8}", @@ -106,7 +87,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -121,30 +102,6 @@ "spec": { "ports": [ { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-https-service", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { "port": 8888, "targetPort": 8888 } @@ -180,30 +137,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https-route", - "metadata": { - "name": "${APPLICATION_NAME}-https-route", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${APPLICATION_HOSTNAME}", - "to": { - "name": "${APPLICATION_NAME}-https-service" - }, - "tls": { - "termination" : "passthrough" + "name": "${APPLICATION_NAME}" } } }, @@ -240,6 +174,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -310,19 +245,11 @@ } }, "spec": { - "serviceAccount": "eap-service-account", "containers": [ { "name": "${APPLICATION_NAME}", "image": "${APPLICATION_NAME}", "imagePullPolicy": "Always", - "volumeMounts": [ - { - "name": "eap-keystore-volume", - "mountPath": "/etc/eap-secret-volume", - "readOnly": true - } - ], "readinessProbe": { "exec": { "command": [ @@ -339,11 +266,6 @@ "protocol": "TCP" }, { - "name": "${APPLICATION_NAME}-tcp-8443", - "containerPort": 8443, - "protocol": "TCP" - }, - { "name": "${APPLICATION_NAME}-ping-8888", "containerPort": 8888, "protocol": "TCP" @@ -359,22 +281,6 @@ "value": "8888" }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", - "value": "/etc/eap-secret-volume" - }, - { - "name": "EAP_HTTPS_KEYSTORE", - "value": "${EAP_HTTPS_KEYSTORE}" - }, - { - "name": "EAP_HTTPS_NAME", - "value": "${EAP_HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${EAP_HTTPS_PASSWORD}" - }, - { "name": "HORNETQ_CLUSTER_PASSWORD", "value": "${HORNETQ_CLUSTER_PASSWORD}" }, @@ -388,14 +294,6 @@ } ] } - ], - "volumes": [ - { - "name": "eap-keystore-volume", - "secret": { - "secretName": "${EAP_HTTPS_SECRET}" - } - } ] } } diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-https-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-https-sti.json new file mode 100644 index 000000000..14585d60f --- /dev/null +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-https-sti.json @@ -0,0 +1,407 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-jboss", + "description": "Application template for EAP 6 applications built using STI." + }, + "name": "eap6-basic-sti" + }, + "labels": { + "template": "eap6-basic-sti" + }, + "parameters": [ + { + "description": "EAP Release version, e.g. 6.4, etc.", + "name": "EAP_RELEASE", + "value": "6.4" + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "eap-app" + }, + { + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "APPLICATION_HOSTNAME", + "value": "" + }, + { + "description": "Git source URI for application", + "name": "GIT_URI", + "value": "https://github.com/jboss-developer/jboss-eap-quickstarts" + }, + { + "description": "Git branch/tag reference", + "name": "GIT_REF", + "value": "6.4.x" + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "GIT_CONTEXT_DIR", + "value": "kitchensink" + }, + { + "description": "Queue names", + "name": "HORNETQ_QUEUES", + "value": "" + }, + { + "description": "Topic names", + "name": "HORNETQ_TOPICS", + "value": "" + }, + { + "description": "The name of the secret containing the keystore file", + "name": "EAP_HTTPS_SECRET", + "value": "eap-app-secret" + }, + { + "description": "The name of the keystore file within the secret", + "name": "EAP_HTTPS_KEYSTORE", + "value": "keystore.jks" + }, + { + "description": "The name associated with the server certificate", + "name": "EAP_HTTPS_NAME", + "value": "" + }, + { + "description": "The password for the keystore and certificate", + "name": "EAP_HTTPS_PASSWORD", + "value": "" + }, + { + "description": "HornetQ cluster admin password", + "name": "HORNETQ_CLUSTER_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Github trigger secret", + "name": "GITHUB_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8888, + "targetPort": 8888 + } + ], + "portalIP": "None", + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}-ping", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Ping service for clustered applications." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http-route", + "metadata": { + "name": "${APPLICATION_NAME}-http-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https-route", + "metadata": { + "name": "${APPLICATION_NAME}-https-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination" : "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${GIT_URI}", + "ref": "${GIT_REF}" + }, + "contextDir":"${GIT_CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "openshift", + "name": "jboss-eap6-openshift:${EAP_RELEASE}" + } + } + }, + "output": { + "to": { + "name": "${APPLICATION_NAME}" + } + }, + "triggers": [ + { + "type": "github", + "github": { + "secret": "${GITHUB_TRIGGER_SECRET}" + } + }, + { + "type": "generic", + "generic": { + "secret": "${GENERIC_TRIGGER_SECRET}" + } + }, + { + "type": "imageChange", + "imageChange": {} + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "eap-service-account", + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "volumeMounts": [ + { + "name": "eap-keystore-volume", + "mountPath": "/etc/eap-secret-volume", + "readOnly": true + } + ], + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "/opt/eap/bin/readinessProbe.sh" + ] + } + }, + "ports": [ + { + "name": "${APPLICATION_NAME}-tcp-8080", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "${APPLICATION_NAME}-tcp-8443", + "containerPort": 8443, + "protocol": "TCP" + }, + { + "name": "${APPLICATION_NAME}-ping-8888", + "containerPort": 8888, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", + "value": "${APPLICATION_NAME}-ping" + }, + { + "name": "OPENSHIFT_DNS_PING_SERVICE_PORT", + "value": "8888" + }, + { + "name": "EAP_HTTPS_KEYSTORE_DIR", + "value": "/etc/eap-secret-volume" + }, + { + "name": "EAP_HTTPS_KEYSTORE", + "value": "${EAP_HTTPS_KEYSTORE}" + }, + { + "name": "EAP_HTTPS_NAME", + "value": "${EAP_HTTPS_NAME}" + }, + { + "name": "EAP_HTTPS_PASSWORD", + "value": "${EAP_HTTPS_PASSWORD}" + }, + { + "name": "HORNETQ_CLUSTER_PASSWORD", + "value": "${HORNETQ_CLUSTER_PASSWORD}" + }, + { + "name": "HORNETQ_QUEUES", + "value": "${HORNETQ_QUEUES}" + }, + { + "name": "HORNETQ_TOPICS", + "value": "${HORNETQ_TOPICS}" + } + ] + } + ], + "volumes": [ + { + "name": "eap-keystore-volume", + "secret": { + "secretName": "${EAP_HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-persistent-sti.json index 03cfbb11e..13d4289ae 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-persistent-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -87,6 +87,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -151,7 +163,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -175,7 +187,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -249,7 +261,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -269,7 +281,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -309,6 +321,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -444,6 +457,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, @@ -517,7 +542,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -538,7 +564,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-sti.json index 39f5a5a62..690b918a1 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mongodb-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -82,6 +82,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -146,7 +158,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -170,7 +182,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -244,7 +256,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -264,7 +276,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -304,6 +316,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -439,6 +452,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, @@ -512,7 +537,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -533,7 +559,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-persistent-sti.json index 0fa4421c6..27062596f 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -87,6 +87,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -153,7 +165,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -177,7 +189,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -251,7 +263,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -271,7 +283,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -311,6 +323,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -443,7 +456,19 @@ }, { "name": "TX_DATABASE_PREFIX_MAPPING", - "value": "${APPLICATION_NAME}-postgresql=DB" + "value": "${APPLICATION_NAME}-mysql=DB" + }, + { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" }, { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", @@ -519,7 +544,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -540,7 +566,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-sti.json index 981e16cef..69537e697 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-mysql-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -82,6 +82,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -148,7 +160,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -172,7 +184,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -246,7 +258,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -266,7 +278,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -306,6 +318,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -441,6 +454,18 @@ "value": "${APPLICATION_NAME}-mysql=DB" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, @@ -514,7 +539,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -535,7 +561,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-persistent-sti.json index 409ba5165..1325e26de 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -87,6 +87,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -141,7 +153,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -165,7 +177,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -239,7 +251,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -259,7 +271,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -299,6 +311,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -434,6 +447,18 @@ "value": "${APPLICATION_NAME}-postgresql=DB" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, @@ -507,7 +532,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -528,7 +554,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-sti.json index c2ca18f9d..83921c57e 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/eap6-postgresql-sti.json @@ -23,9 +23,9 @@ "value": "eap-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "eap-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -82,6 +82,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -136,7 +148,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -160,7 +172,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -234,7 +246,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -254,7 +266,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -294,6 +306,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-eap6-openshift:${EAP_RELEASE}" } } @@ -429,6 +442,18 @@ "value": "${APPLICATION_NAME}-postgresql=DB" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "OPENSHIFT_DNS_PING_SERVICE_NAME", "value": "${APPLICATION_NAME}-ping" }, @@ -502,7 +527,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -523,7 +549,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-app-secret.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-app-secret.json deleted file mode 100644 index c24e4ed8b..000000000 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-app-secret.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "kind": "List", - "apiVersion": "v1", - "metadata": {}, - "items": [ - { - "kind": "ServiceAccount", - "apiVersion": "v1", - "metadata": { - "name": "jws-service-account" - }, - "secrets": [ - { - "name": "jws-app-secret" - } - ] - }, - { - "kind": "Secret", - "apiVersion": "v1", - "metadata": { - "annotations": { - "description": "Default secret files with password 'mycertpass'" - }, - "name": "jws-app-secret" - }, - "data": { - "server.crt": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURhakNDQWxLZ0F3SUJBZ0lKQUlVcmJBS2pjd3lkTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ3d4Q3pBSkJnTlYKQkFZVEFrTkJNUXN3Q1FZRFZRUUlFd0pDUXpFUU1BNEdBMVVFQ2hNSFVtVmtJRWhoZERBZUZ3MHhOVEExTWpNdwpNalE0TWpCYUZ3MHhPREExTWpJd01qUTRNakJhTUN3eEN6QUpCZ05WQkFZVEFrTkJNUXN3Q1FZRFZRUUlFd0pDClF6RVFNQTRHQTFVRUNoTUhVbVZrSUVoaGREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0MKZ2dFQkFMejlGcWYwbFV0eHBXbFlqQVF3MGNPVU5NMmF0SjFjWmMybEx5UEh3NVVYMkNna29jaHhuY0ZhSDZsYwpSeWVvUC9KQXVlM2d2cjJ0ZURicTRGMitRRWRFL3hrM0xLZEVhVXhwaGgvaVpDYUg0VnlXdzE3Y01aaS83UFUxCkhTak1waEVoK3MwQ1JIZnBCSVZDZ2hFQjZCekhYazNLSHU1K0JsRTYzRDVOSXJuNVBiRGhwUG5VaG1vY05HNU0KdFlEZE9mRHphTVdzcWU2ZGFkL0c3eXpDeVZYMnA2RllIbEdvQWpDTkVPdkFtTEFtMVcwNDdOOGV0QjIybFA3NQozK2dYby83T2Q1WHJJU0xLWTBNZ0puaDdmVEh1VVdhWEIxSEZ0YmFReXVreGVYZG1wRFR4VkdzenhHVXIxemd4ClU4VVFnMjFGOFhONjVydGNScVdCNWNFQXcrRUNBd0VBQWFPQmpqQ0JpekFkQmdOVkhRNEVGZ1FVVXJZUm5NOXIKemNGUS9QMFk4VlhzUm1OWVlUUXdYQVlEVlIwakJGVXdVNEFVVXJZUm5NOXJ6Y0ZRL1AwWThWWHNSbU5ZWVRTaApNS1F1TUN3eEN6QUpCZ05WQkFZVEFrTkJNUXN3Q1FZRFZRUUlFd0pDUXpFUU1BNEdBMVVFQ2hNSFVtVmtJRWhoCmRJSUpBSVVyYkFLamN3eWRNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFEeGcKckh1NFpoeXU4UjlZWGpLZVBXaXUxQnZYUVhJRG5DQVZiZXlMNHZ5WHczdFZTeng1S3BuaHprTm5zemxpS1RQRAozOWNNbTJ0VTBUcGpHRVZ1TDVTR0R5V3JRakNQWDY2NjZpdjhzNkpVYUxmdnBPNlduN0wzVXVMVnFoMmpVM2FOCkU2TDB4UEg4SWRzc3lGZ3Rac3BueVlxZ0cvYUoxUEtmZDYweXRtK0hveUYyZW5xZnVKaHNKNnp3QUVZdi9vUCsKcXhYK04yZDJEVmt2RjVRZ3llSjZiYWd1M0QxbWRpbE5pWDliZmVHZ3ptT1JXaHBYNkVqdnFqeTZ4TllqQ2IxbAo1anVzdHhHZlFGSm1UOTdaZnZQK1kxeTJvUkZFc01BVy9BNWNrai92SnlUUlZIeWZZSG1qeW82SFhSdzRWdERNCjJtOWZqOFhYTDh5TlZha2h6dE09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K", - "server.key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpQcm9jLVR5cGU6IDQsRU5DUllQVEVECkRFSy1JbmZvOiBERVMtRURFMy1DQkMsODRGOEVFQjcyN0FCNzc4RgoKS2lkL0tKZ2JyWE1YUGwwQXc4azI0dW1QcW53NUhQZHk3ZUZ2aG1NNEU3T1V2bkZYeWpMN2dQZ0JjTmxTbEx2Rgp6eXZYVWZwUXROQ2dUWWJvU0dWVFpkV01OL0ttcTNheUJTckNvWGg3MUFMWm1KVDF4aDNCcWUyMzVNRzZlR2NTCngrY3hudW0yMXNWRFBHUnBmZUx4VXA3WU5mOTNwYzBNaTUzSVdmT0IvM2FscDJlajI0RkRTVG1xM0NpVFR1b3cKcUc2MjdjREY2RVNhNFphZmFXelpOVDJnUStrejRGQkcwc1dJYWVod012SXJiQWFldGpUSUhQTmZraUtOcTF3Qwpma2h0NU9xRDU0RzVnR1ZYd0tXcGF4S2M0K24rcEtsZk1od2NPQ3Z5Y2hwQmtQbzk0T2E2bE1oVUk3Y0FkemVOCmI0TmNVWS9UekxpNjgyRjlFZUpsOXJuQ0N2N0RJcEZJbkg5bG4zUElVT2pCYVlySFpqY0pSK2xWOFhWRVJzcTAKZ0hyTUZ2WjRXYXZPclhVaFhxTm10UmNSOVpoS3pvVnB5MStIRUlONTZIL2huaFB5ZEJLb3pnbXFwSFJoWVZwNApNWEk0ZGtlMVZ5VmlRQUMxUzU3Wi81anFTZTN5akRyYTZJMThJRzNPSGNxeEpuWXNNOS9NdVBRZjlJNlJWTEx3CnVXcDNDdkIvNUJyWlNQWVFGbnhCT09hLzd3SWVtNjE2Z2ZnREdCRjZpc3BVNTlhbjlKQWtHYmhKT2h4RzYvRjYKZFpNZUZOa0lkRUwzR3pQRWNjNWpVTGJmSE5tWmVsODlYRUVpak96LzhvVEdHYUNyRkUxVVZKLytZSVVzK3lnOQpwRFJ6bkxyV2hwNGxNTnVLYjRNeXkySlkrWW9DOHhMVUtaYnNYcUxlN2k5QTJwYWtFUmdhazZaK1BEZUR2OWpYCnU0M3dzU0dwRTRUeDFkR2JsRzJDd0pPSW53WnpETUEwTDliWm8xemY4bUZGN0FmejlCbjNMOWMybTVJUDlZQ1AKQ1dVcFA4S3AzbEhzQkpQWWl4VTJ3TlZWSGs1Vjlla2R3aEl3Mlc3d0gyOTB6azZFTXJvZ2NoMjdKTFk0MlBzOApyRDl6Wm5vbEgrN1pPa3lLQ1UxVWJHWUJFSUtvZVFGa1FCek01aEpFT0xGVXd0YmdvZE5YYS9oMStXMjdkaHd1CnIyMG1tb3lCRGpNNWdGVVh6dGpqNDZMakZuNE5iRmtwbkNNT1VDNVM2bkIyeTlONnoxUWRSekVPRy80cU5xVFkKRzY3c2szemlqVzFISkxJVGorMVNPZHdIWktSUFl3cGxNTkY4TFRKVlBOYVQ5L3FDVGV3bXl4WUpIVjljVWhuSwpMQUZZYXNKVG9HZytEQnNJL21GbDY3WHNhWnp1cUdSSksydnVvNG9jWjJNb250L3BSSXRwQStaUFNpREFqTzNjCm9kTW5LRmhkRkpMSTZZTXVja1RySGQycXREQmdPaEEyZjk3ajArckVGeWVNOHY2eGhGN0I4cEtscW5TQU01M2kKbGl1ZHh1NzA2RWNQQ3JlU3pPRjF5bWMrQnBmVjVtSnU0U1hEcUF4aEYzZFFPbEg5TDdPVmJtRDU4dUs0eDNldwpXQ05Qa2FGc1UxRThJR2M4UGVqc1kwdHUxdWtoK3ZMYnlNQlBVRXRxaEgrNFhNeUVJL0xjUVhIRlkybjBEcmZDCmxTclM3T3FKcGhPbW1VSWFwNGZLK0QzcldzZmFpSm9wc2Yxc044MEdLeVptSFY1TWtEY0k3NXdTWWp1RXhvcGgKVW0wcmJxMDdVVVVFR0tYL1JIQWhWS21nek5JMEZpYUZtbkhHOUw0bWZwclFHd2J5dTR1RktLUGtjOGxodlVwRAp6Z29SMTZQSUM4THpvcE5qTmJPem0xV0RUd1FxaUt5NWRsVWlWZlFRRlNmd09vcDMzakhvQXUzVWxYU3Bwby9vCnJnbGIxUUtBdm5zUEVFaG9HZUZpenFIWXhLVjZpT1hET3ZCcFhOcC8yMVB0OHpRbWVXUXZRZmhyOEc0cEpkVVcKRTFBWlc1b2JWWG1seWc4OWRML0pMTG02VFVNdUZaZFgxRlRNaVphangvQklqekhFVjdRNkhJZWFHYjBRb2dFZwotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=" - } - } - ] -} diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-basic-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-basic-sti.json index bb5bbb134..a3947593c 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-basic-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-basic-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -42,26 +42,6 @@ "value": "" }, { - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret" - }, - { - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt" - }, - { - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key" - }, - { - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "" - }, - { "description": "JWS Admin User", "name": "JWS_ADMIN_USERNAME", "from": "[a-zA-Z0-9]{8}", @@ -102,7 +82,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -112,30 +92,6 @@ } }, { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-https-service", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-http-route", @@ -151,30 +107,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https-route", - "metadata": { - "name": "${APPLICATION_NAME}-https-route", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${APPLICATION_HOSTNAME}", - "to": { - "name": "${APPLICATION_NAME}-https-service" - }, - "tls": { - "termination" : "passthrough" + "name": "${APPLICATION_NAME}" } } }, @@ -211,6 +144,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -281,7 +215,6 @@ } }, "spec": { - "serviceAccount": "jws-service-account", "containers": [ { "name": "${APPLICATION_NAME}", @@ -296,43 +229,15 @@ ] } }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], "ports": [ { "name": "${APPLICATION_NAME}-tcp-8080", "containerPort": 8080, "protocol": "TCP" - }, - { - "name": "${APPLICATION_NAME}-tcp-8443", - "containerPort": 8443, - "protocol": "TCP" } ], "env": [ { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { "name": "JWS_ADMIN_USERNAME", "value": "${JWS_ADMIN_USERNAME}" }, @@ -342,14 +247,6 @@ } ] } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } ] } } diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-https-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-https-sti.json new file mode 100644 index 000000000..1f9c17cf2 --- /dev/null +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-https-sti.json @@ -0,0 +1,360 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-tomcat", + "description": "Application template for JWS applications built using STI." + }, + "name": "jws-tomcat7-basic-sti" + }, + "labels": { + "template": "jws-tomcat7-basic-sti" + }, + "parameters": [ + { + "description": "JWS Release version, e.g. 3.0, 2.1, etc.", + "name": "JWS_RELEASE", + "value": "3.0" + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app" + }, + { + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "APPLICATION_HOSTNAME", + "value": "" + }, + { + "description": "Git source URI for application", + "name": "GIT_URI" + }, + { + "description": "Git branch/tag reference", + "name": "GIT_REF", + "value": "master" + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "GIT_CONTEXT_DIR", + "value": "" + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret" + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt" + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key" + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "" + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Github trigger secret", + "name": "GITHUB_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http-route", + "metadata": { + "name": "${APPLICATION_NAME}-http-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https-route", + "metadata": { + "name": "${APPLICATION_NAME}-https-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination" : "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${GIT_URI}", + "ref": "${GIT_REF}" + }, + "contextDir":"${GIT_CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "openshift", + "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" + } + } + }, + "output": { + "to": { + "name": "${APPLICATION_NAME}" + } + }, + "triggers": [ + { + "type": "github", + "github": { + "secret": "${GITHUB_TRIGGER_SECRET}" + } + }, + { + "type": "generic", + "generic": { + "secret": "${GENERIC_TRIGGER_SECRET}" + } + }, + { + "type": "imageChange", + "imageChange": {} + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "jws-service-account", + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "${APPLICATION_NAME}-tcp-8080", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "${APPLICATION_NAME}-tcp-8443", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-persistent-sti.json index 86d4d3d25..55746fc11 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -147,7 +159,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -171,7 +183,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -220,7 +232,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -240,7 +252,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -280,6 +292,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -410,6 +423,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -471,7 +496,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -492,7 +518,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-sti.json index 696587cf3..f540c885c 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mongodb-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -142,7 +154,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -166,7 +178,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -215,7 +227,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -235,7 +247,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -275,6 +287,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -405,6 +418,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -466,7 +491,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -487,7 +513,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-persistent-sti.json index 3ff5a712e..984b075a2 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -149,7 +161,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -173,7 +185,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -222,7 +234,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -242,7 +254,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -282,6 +294,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -408,6 +421,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -469,7 +494,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -490,7 +516,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "ports": [ { "name": "${APPLICATION_NAME}-mysql-tcp-3306", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-sti.json index 872e13f95..af9c7c17c 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-mysql-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -144,7 +156,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -168,7 +180,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -217,7 +229,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -237,7 +249,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -277,6 +289,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -403,6 +416,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -464,7 +489,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -485,7 +511,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "ports": [ { "name": "${APPLICATION_NAME}-mysql-tcp-3306", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-persistent-sti.json index b22cce6fd..ec59a6a5b 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -137,7 +149,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -161,7 +173,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -210,7 +222,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -230,7 +242,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -270,6 +282,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -396,6 +409,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -457,7 +482,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -478,7 +504,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "ports": [ { "name": "${APPLICATION_NAME}-postgresql-tcp-5432", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-sti.json index 43be3c3fe..6040f7208 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat7-postgresql-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -132,7 +144,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -156,7 +168,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -205,7 +217,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -225,7 +237,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -265,6 +277,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat7-openshift:${JWS_RELEASE}" } } @@ -391,6 +404,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -452,7 +477,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -473,7 +499,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "ports": [ { "name": "${APPLICATION_NAME}-postgresql-tcp-5432", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-basic-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-basic-sti.json index 1d45b4214..25b6497b2 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-basic-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-basic-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -42,26 +42,6 @@ "value": "" }, { - "description": "The name of the secret containing the certificate files", - "name": "JWS_HTTPS_SECRET", - "value": "jws-app-secret" - }, - { - "description": "The name of the certificate file within the secret", - "name": "JWS_HTTPS_CERTIFICATE", - "value": "server.crt" - }, - { - "description": "The name of the certificate key file within the secret", - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "server.key" - }, - { - "description": "The certificate password", - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "" - }, - { "description": "JWS Admin User", "name": "JWS_ADMIN_USERNAME", "from": "[a-zA-Z0-9]{8}", @@ -102,7 +82,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -112,30 +92,6 @@ } }, { - "kind": "Service", - "apiVersion": "v1", - "spec": { - "ports": [ - { - "port": 8443, - "targetPort": 8443 - } - ], - "selector": { - "deploymentConfig": "${APPLICATION_NAME}" - } - }, - "metadata": { - "name": "${APPLICATION_NAME}-https-service", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "The web server's https port." - } - } - }, - { "kind": "Route", "apiVersion": "v1", "id": "${APPLICATION_NAME}-http-route", @@ -151,30 +107,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" - } - } - }, - { - "kind": "Route", - "apiVersion": "v1", - "id": "${APPLICATION_NAME}-https-route", - "metadata": { - "name": "${APPLICATION_NAME}-https-route", - "labels": { - "application": "${APPLICATION_NAME}" - }, - "annotations": { - "description": "Route for application's https service." - } - }, - "spec": { - "host": "${APPLICATION_HOSTNAME}", - "to": { - "name": "${APPLICATION_NAME}-https-service" - }, - "tls": { - "termination" : "passthrough" + "name": "${APPLICATION_NAME}" } } }, @@ -211,6 +144,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -281,7 +215,6 @@ } }, "spec": { - "serviceAccount": "jws-service-account", "containers": [ { "name": "${APPLICATION_NAME}", @@ -296,43 +229,15 @@ ] } }, - "volumeMounts": [ - { - "name": "jws-certificate-volume", - "mountPath": "/etc/jws-secret-volume", - "readOnly": true - } - ], "ports": [ { "name": "${APPLICATION_NAME}-tcp-8080", "containerPort": 8080, "protocol": "TCP" - }, - { - "name": "${APPLICATION_NAME}-tcp-8443", - "containerPort": 8443, - "protocol": "TCP" } ], "env": [ { - "name": "JWS_HTTPS_CERTIFICATE_DIR", - "value": "/etc/jws-secret-volume" - }, - { - "name": "JWS_HTTPS_CERTIFICATE", - "value": "${JWS_HTTPS_CERTIFICATE}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_KEY", - "value": "${JWS_HTTPS_CERTIFICATE_KEY}" - }, - { - "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", - "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" - }, - { "name": "JWS_ADMIN_USERNAME", "value": "${JWS_ADMIN_USERNAME}" }, @@ -342,14 +247,6 @@ } ] } - ], - "volumes": [ - { - "name": "jws-certificate-volume", - "secret": { - "secretName": "${JWS_HTTPS_SECRET}" - } - } ] } } diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-https-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-https-sti.json new file mode 100644 index 000000000..af4c94ae0 --- /dev/null +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-https-sti.json @@ -0,0 +1,360 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "annotations": { + "iconClass" : "icon-tomcat", + "description": "Application template for JWS applications built using STI." + }, + "name": "jws-tomcat8-basic-sti" + }, + "labels": { + "template": "jws-tomcat8-basic-sti" + }, + "parameters": [ + { + "description": "JWS Release version, e.g. 3.0, 2.1, etc.", + "name": "JWS_RELEASE", + "value": "3.0" + }, + { + "description": "The name for the application.", + "name": "APPLICATION_NAME", + "value": "jws-app" + }, + { + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", + "name": "APPLICATION_HOSTNAME", + "value": "" + }, + { + "description": "Git source URI for application", + "name": "GIT_URI" + }, + { + "description": "Git branch/tag reference", + "name": "GIT_REF", + "value": "master" + }, + { + "description": "Path within Git project to build; empty for root project directory.", + "name": "GIT_CONTEXT_DIR", + "value": "" + }, + { + "description": "The name of the secret containing the certificate files", + "name": "JWS_HTTPS_SECRET", + "value": "jws-app-secret" + }, + { + "description": "The name of the certificate file within the secret", + "name": "JWS_HTTPS_CERTIFICATE", + "value": "server.crt" + }, + { + "description": "The name of the certificate key file within the secret", + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "server.key" + }, + { + "description": "The certificate password", + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "" + }, + { + "description": "JWS Admin User", + "name": "JWS_ADMIN_USERNAME", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "JWS Admin Password", + "name": "JWS_ADMIN_PASSWORD", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Github trigger secret", + "name": "GITHUB_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + }, + { + "description": "Generic build trigger secret", + "name": "GENERIC_TRIGGER_SECRET", + "from": "[a-zA-Z0-9]{8}", + "generate": "expression" + } + ], + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's http port." + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "spec": { + "ports": [ + { + "port": 8443, + "targetPort": 8443 + } + ], + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + } + }, + "metadata": { + "name": "secure-${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "The web server's https port." + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-http-route", + "metadata": { + "name": "${APPLICATION_NAME}-http-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's http service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "id": "${APPLICATION_NAME}-https-route", + "metadata": { + "name": "${APPLICATION_NAME}-https-route", + "labels": { + "application": "${APPLICATION_NAME}" + }, + "annotations": { + "description": "Route for application's https service." + } + }, + "spec": { + "host": "${APPLICATION_HOSTNAME}", + "to": { + "name": "secure-${APPLICATION_NAME}" + }, + "tls": { + "termination" : "passthrough" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${GIT_URI}", + "ref": "${GIT_REF}" + }, + "contextDir":"${GIT_CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "openshift", + "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" + } + } + }, + "output": { + "to": { + "name": "${APPLICATION_NAME}" + } + }, + "triggers": [ + { + "type": "github", + "github": { + "secret": "${GITHUB_TRIGGER_SECRET}" + } + }, + { + "type": "generic", + "generic": { + "secret": "${GENERIC_TRIGGER_SECRET}" + } + }, + { + "type": "imageChange", + "imageChange": {} + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "${APPLICATION_NAME}" + ], + "from": { + "kind": "ImageStream", + "name": "${APPLICATION_NAME}" + } + } + } + ], + "replicas": 1, + "selector": { + "deploymentConfig": "${APPLICATION_NAME}" + }, + "template": { + "metadata": { + "name": "${APPLICATION_NAME}", + "labels": { + "deploymentConfig": "${APPLICATION_NAME}", + "application": "${APPLICATION_NAME}" + } + }, + "spec": { + "serviceAccount": "jws-service-account", + "containers": [ + { + "name": "${APPLICATION_NAME}", + "image": "${APPLICATION_NAME}", + "imagePullPolicy": "Always", + "readinessProbe": { + "exec": { + "command": [ + "/bin/bash", + "-c", + "curl -s -u ${JWS_ADMIN_USERNAME}:${JWS_ADMIN_PASSWORD} 'http://localhost:8080/manager/jmxproxy/?get=Catalina%3Atype%3DServer&att=stateName' |grep -iq 'stateName *= *STARTED'" + ] + } + }, + "volumeMounts": [ + { + "name": "jws-certificate-volume", + "mountPath": "/etc/jws-secret-volume", + "readOnly": true + } + ], + "ports": [ + { + "name": "${APPLICATION_NAME}-tcp-8080", + "containerPort": 8080, + "protocol": "TCP" + }, + { + "name": "${APPLICATION_NAME}-tcp-8443", + "containerPort": 8443, + "protocol": "TCP" + } + ], + "env": [ + { + "name": "JWS_HTTPS_CERTIFICATE_DIR", + "value": "/etc/jws-secret-volume" + }, + { + "name": "JWS_HTTPS_CERTIFICATE", + "value": "${JWS_HTTPS_CERTIFICATE}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_KEY", + "value": "${JWS_HTTPS_CERTIFICATE_KEY}" + }, + { + "name": "JWS_HTTPS_CERTIFICATE_PASSWORD", + "value": "${JWS_HTTPS_CERTIFICATE_PASSWORD}" + }, + { + "name": "JWS_ADMIN_USERNAME", + "value": "${JWS_ADMIN_USERNAME}" + }, + { + "name": "JWS_ADMIN_PASSWORD", + "value": "${JWS_ADMIN_PASSWORD}" + } + ] + } + ], + "volumes": [ + { + "name": "jws-certificate-volume", + "secret": { + "secretName": "${JWS_HTTPS_SECRET}" + } + } + ] + } + } + } + } + ] +} diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-persistent-sti.json index 693cfaa0f..b5975b646 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -147,7 +159,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -171,7 +183,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -220,7 +232,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -240,7 +252,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -280,6 +292,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -410,6 +423,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -471,7 +496,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -492,7 +518,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-sti.json index 8d27e8d94..8145ee34e 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mongodb-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Disable data file preallocation.", "name": "MONGODB_NOPREALLOC" }, @@ -142,7 +154,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -166,7 +178,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -215,7 +227,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -235,7 +247,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -275,6 +287,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -405,6 +418,18 @@ "value": "${DB_ADMIN_PASSWORD}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -466,7 +491,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mongodb-24:latest" + "namespace": "openshift", + "name": "mongodb:latest" } } } @@ -487,7 +513,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mongodb", - "image": "registry.access.redhat.com/openshift3_beta/mongodb-24-rhel7:latest", + "image": "mongodb", "imagePullPolicy": "Always", "ports": [ { diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-persistent-sti.json index 1abf4e8cd..b0808949c 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -149,7 +161,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -173,7 +185,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -222,7 +234,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -242,7 +254,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -282,6 +294,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -408,6 +421,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -469,7 +494,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -490,7 +516,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "ports": [ { "name": "${APPLICATION_NAME}-mysql-tcp-3306", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-sti.json index 1944d3557..46ad18b91 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-mysql-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "Sets how the table names are stored and compared.", "name": "MYSQL_LOWER_CASE_TABLE_NAMES" }, @@ -144,7 +156,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -168,7 +180,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -217,7 +229,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -237,7 +249,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -277,6 +289,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -403,6 +416,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -464,7 +489,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-mysql-55:latest" + "namespace": "openshift", + "name": "mysql:latest" } } } @@ -485,7 +511,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-mysql", - "image": "registry.access.redhat.com/openshift3_beta/mysql-55-rhel7:latest", + "image": "mysql", "ports": [ { "name": "${APPLICATION_NAME}-mysql-tcp-3306", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-persistent-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-persistent-sti.json index 619895655..19cd2be30 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-persistent-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-persistent-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -77,6 +77,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -137,7 +149,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -161,7 +173,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -210,7 +222,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -230,7 +242,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -270,6 +282,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -396,6 +409,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -457,7 +482,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -478,7 +504,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "ports": [ { "name": "${APPLICATION_NAME}-postgresql-tcp-5432", diff --git a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-sti.json b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-sti.json index 0e269d53f..185808baf 100644 --- a/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-sti.json +++ b/roles/openshift_examples/files/examples/xpaas-templates/jws-tomcat8-postgresql-sti.json @@ -23,9 +23,9 @@ "value": "jws-app" }, { - "description": "Hostname for service routes", + "description": "Custom hostname for service routes. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>", "name": "APPLICATION_HOSTNAME", - "value": "jws-app.local" + "value": "" }, { "description": "Git source URI for application", @@ -72,6 +72,18 @@ "value": "" }, { + "description": "Sets xa-pool/min-pool-size for the configured datasource.", + "name": "DB_MIN_POOL_SIZE" + }, + { + "description": "Sets xa-pool/max-pool-size for the configured datasource.", + "name": "DB_MAX_POOL_SIZE" + }, + { + "description": "Sets transaction-isolation for the configured datasource.", + "name": "DB_TX_ISOLATION" + }, + { "description": "The maximum number of client connections allowed. This also sets the maximum number of prepared transactions.", "name": "POSTGRESQL_MAX_CONNECTIONS" }, @@ -132,7 +144,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-http-service", + "name": "${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -156,7 +168,7 @@ } }, "metadata": { - "name": "${APPLICATION_NAME}-https-service", + "name": "secure-${APPLICATION_NAME}", "labels": { "application": "${APPLICATION_NAME}" }, @@ -205,7 +217,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-http-service" + "name": "${APPLICATION_NAME}" } } }, @@ -225,7 +237,7 @@ "spec": { "host": "${APPLICATION_HOSTNAME}", "to": { - "name": "${APPLICATION_NAME}-https-service" + "name": "secure-${APPLICATION_NAME}" }, "tls": { "termination" : "passthrough" @@ -265,6 +277,7 @@ "sourceStrategy": { "from": { "kind": "ImageStreamTag", + "namespace": "openshift", "name": "jboss-webserver3-tomcat8-openshift:${JWS_RELEASE}" } } @@ -391,6 +404,18 @@ "value": "${DB_DATABASE}" }, { + "name": "DB_MIN_POOL_SIZE", + "value": "${DB_MIN_POOL_SIZE}" + }, + { + "name": "DB_MAX_POOL_SIZE", + "value": "${DB_MAX_POOL_SIZE}" + }, + { + "name": "DB_TX_ISOLATION", + "value": "${DB_TX_ISOLATION}" + }, + { "name": "JWS_HTTPS_CERTIFICATE_DIR", "value": "/etc/jws-secret-volume" }, @@ -452,7 +477,8 @@ ], "from": { "kind": "ImageStreamTag", - "name": "jboss-postgresql-92:latest" + "namespace": "openshift", + "name": "postgresql:latest" } } } @@ -473,7 +499,7 @@ "containers": [ { "name": "${APPLICATION_NAME}-postgresql", - "image": "registry.access.redhat.com/openshift3_beta/postgresql-92-rhel7:latest", + "image": "postgresql", "ports": [ { "name": "${APPLICATION_NAME}-postgresql-tcp-5432", diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 1b789ca89..727861b07 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -366,13 +366,23 @@ def set_url_facts_if_unset(facts): console_port = facts['master']['console_port'] console_path = facts['master']['console_path'] etcd_use_ssl = facts['master']['etcd_use_ssl'] + etcd_hosts = facts['master']['etcd_hosts'] etcd_port = facts['master']['etcd_port'], hostname = facts['common']['hostname'] public_hostname = facts['common']['public_hostname'] if 'etcd_urls' not in facts['master']: - facts['master']['etcd_urls'] = [format_url(etcd_use_ssl, hostname, - etcd_port)] + etcd_urls = [] + if etcd_hosts != '': + facts['master']['etcd_port'] = etcd_port + facts['master']['embedded_etcd'] = False + for host in etcd_hosts: + etcd_urls.append(format_url(etcd_use_ssl, host, + etcd_port)) + else: + etcd_urls = [format_url(etcd_use_ssl, hostname, + etcd_port)] + facts['master']['etcd_urls'] = etcd_urls if 'api_url' not in facts['master']: facts['master']['api_url'] = format_url(api_use_ssl, hostname, api_port) @@ -487,7 +497,7 @@ def get_current_config(facts): current_config['kubeconfig'] = config # override pylint broad-except warning, since we do not want - # to bubble up any exceptions if openshift ex config view + # to bubble up any exceptions if oc config view # fails # pylint: disable=broad-except except Exception: @@ -683,7 +693,7 @@ class OpenShiftFacts(object): hostname_f = output.strip() if exit_code == 0 else '' hostname_values = [hostname_f, self.system_facts['nodename'], self.system_facts['fqdn']] - hostname = choose_hostname(hostname_values) + hostname = choose_hostname(hostname_values, ip_addr) common = dict(use_openshift_sdn=True, ip=ip_addr, public_ip=ip_addr, deployment_type='origin', hostname=hostname, @@ -695,7 +705,7 @@ class OpenShiftFacts(object): if 'master' in roles: master = dict(api_use_ssl=True, api_port='8443', console_use_ssl=True, console_path='/console', - console_port='8443', etcd_use_ssl=True, + console_port='8443', etcd_use_ssl=True, etcd_hosts='', etcd_port='4001', portal_net='172.30.0.0/16', embedded_etcd=True, embedded_kube=True, embedded_dns=True, dns_port='53', @@ -707,11 +717,7 @@ class OpenShiftFacts(object): defaults['master'] = master if 'node' in roles: - node = dict(pod_cidr='', labels={}, annotations={}, portal_net='172.30.0.0/16') - node['resources_cpu'] = self.system_facts['processor_cores'] - node['resources_memory'] = int( - int(self.system_facts['memtotal_mb']) * 1024 * 1024 * 0.75 - ) + node = dict(labels={}, annotations={}, portal_net='172.30.0.0/16') defaults['node'] = node return defaults diff --git a/roles/openshift_manage_node/tasks/main.yml b/roles/openshift_manage_node/tasks/main.yml new file mode 100644 index 000000000..d17f3f532 --- /dev/null +++ b/roles/openshift_manage_node/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Wait for Node Registration + command: > + {{ openshift.common.client_binary }} get node {{ item }} + register: omd_get_node + until: omd_get_node.rc == 0 + retries: 10 + delay: 5 + with_items: openshift_nodes + +- name: Handle unscheduleable node + command: > + {{ openshift.common.admin_binary }} manage-node {{ item }} --schedulable=false + with_items: openshift_unscheduleable_nodes + +- name: Handle scheduleable node + command: > + {{ openshift.common.admin_binary }} manage-node {{ item }} --schedulable=true + with_items: openshift_scheduleable_nodes diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index da0a663ec..02905f32d 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -12,11 +12,6 @@ yum: pkg=openshift-master state=present register: install_result -# TODO: Is this necessary or was this a workaround for an old bug in packaging? -- name: Reload systemd units - command: systemctl daemon-reload - when: install_result | changed - - name: Set master OpenShift facts openshift_facts: role: master @@ -31,6 +26,7 @@ console_url: "{{ openshift_master_console_url | default(None) }}" console_use_ssl: "{{ openshift_master_console_use_ssl | default(None) }}" public_console_url: "{{ openshift_master_public_console_url | default(None) }}" + etcd_hosts: "{{ openshift_master_etcd_hosts | default(None)}}" etcd_port: "{{ openshift_master_etcd_port | default(None) }}" etcd_use_ssl: "{{ openshift_master_etcd_use_ssl | default(None) }}" etcd_urls: "{{ openshift_master_etcd_urls | default(None) }}" @@ -65,16 +61,6 @@ path: "{{ openshift_master_config_dir }}" state: directory -- name: Create the master certificates if they do not already exist - command: > - {{ openshift.common.admin_binary }} create-master-certs - --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }} - --master={{ openshift.master.api_url }} - --public-master={{ openshift.master.public_api_url }} - --cert-dir={{ openshift_master_config_dir }} --overwrite=false - args: - creates: "{{ openshift_master_config_dir }}/master.server.key" - - name: Create the policy file if it does not already exist command: > {{ openshift.common.admin_binary }} create-bootstrap-policy-file @@ -128,6 +114,11 @@ - name: Start and enable openshift-master service: name=openshift-master enabled=yes state=started + register: start_result + +- name: pause to prevent service restart from interfering with bootstrapping + pause: seconds=30 + when: start_result | changed - name: Create the OpenShift client config dir(s) file: diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 9df07e925..bc766ec9b 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -18,19 +18,19 @@ corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} - {{ origin }} {% endfor %} -{% if openshift.master.embedded_dns %} +{% if openshift.master.embedded_dns | bool %} dnsConfig: bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} {% endif %} etcdClientInfo: - ca: ca.crt + ca: {{ "ca.crt" if (openshift.master.embedded_etcd | bool) else "master.etcd-ca.crt" }} certFile: master.etcd-client.crt keyFile: master.etcd-client.key urls: {% for etcd_url in openshift.master.etcd_urls %} - {{ etcd_url }} {% endfor %} -{% if openshift.master.embedded_etcd %} +{% if openshift.master.embedded_etcd | bool %} etcdConfig: address: {{ openshift.common.hostname }}:{{ openshift.master.etcd_port }} peerAddress: {{ openshift.common.hostname }}:7001 @@ -61,7 +61,7 @@ kubeletClientInfo: certFile: master.kubelet-client.crt keyFile: master.kubelet-client.key port: 10250 -{% if openshift.master.embedded_kube %} +{% if openshift.master.embedded_kube | bool %} kubernetesMasterConfig: apiLevels: - v1beta3 @@ -100,6 +100,8 @@ projectConfig: mcsAllocatorRange: s0:/2 mcsLabelsPerProject: 5 uidAllocatorRange: 1000000000-1999999999/10000 +routingConfig: + subdomain: router.default.local serviceAccountConfig: managedNames: - default @@ -113,5 +115,5 @@ servingInfo: certFile: master.server.crt clientCA: ca.crt keyFile: master.server.key - maxRequestsInFlight: 0 - requestTimeoutSeconds: 0 + maxRequestsInFlight: 500 + requestTimeoutSeconds: 3600 diff --git a/roles/openshift_master_ca/README.md b/roles/openshift_master_ca/README.md new file mode 100644 index 000000000..5b2d3601b --- /dev/null +++ b/roles/openshift_master_ca/README.md @@ -0,0 +1,34 @@ +OpenShift Master CA +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_register_nodes/meta/main.yml b/roles/openshift_master_ca/meta/main.yml index e40a152c1..f3236e850 100644 --- a/roles/openshift_register_nodes/meta/main.yml +++ b/roles/openshift_master_ca/meta/main.yml @@ -14,4 +14,3 @@ galaxy_info: - system dependencies: - { role: openshift_facts } - diff --git a/roles/openshift_master_ca/tasks/main.yml b/roles/openshift_master_ca/tasks/main.yml new file mode 100644 index 000000000..8163ecd7f --- /dev/null +++ b/roles/openshift_master_ca/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: Install the OpenShift package for admin tooling + yum: pkg=openshift state=present + register: install_result + +- name: Reload generated facts + openshift_facts: + +- name: Create openshift_master_config_dir if it doesn't exist + file: + path: "{{ openshift_master_config_dir }}" + state: directory + +- name: Create the master certificates if they do not already exist + command: > + {{ openshift.common.admin_binary }} create-master-certs + --hostnames={{ openshift.common.hostname }},{{ openshift.common.public_hostname }} + --master={{ openshift.master.api_url }} + --public-master={{ openshift.master.public_api_url }} + --cert-dir={{ openshift_master_config_dir }} --overwrite=false + args: + creates: "{{ openshift_master_config_dir }}/master.server.key" diff --git a/roles/openshift_master_ca/vars/main.yml b/roles/openshift_master_ca/vars/main.yml new file mode 100644 index 000000000..2925680bb --- /dev/null +++ b/roles/openshift_master_ca/vars/main.yml @@ -0,0 +1,5 @@ +--- +openshift_master_config_dir: /etc/openshift/master +openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" +openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" +openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" diff --git a/roles/openshift_master_certificates/README.md b/roles/openshift_master_certificates/README.md new file mode 100644 index 000000000..ba3d5f28c --- /dev/null +++ b/roles/openshift_master_certificates/README.md @@ -0,0 +1,34 @@ +OpenShift Master Certificates +======================== + +TODO + +Requirements +------------ + +TODO + +Role Variables +-------------- + +TODO + +Dependencies +------------ + +TODO + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License Version 2.0 + +Author Information +------------------ + +Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_master_certificates/meta/main.yml b/roles/openshift_master_certificates/meta/main.yml new file mode 100644 index 000000000..fd7b73b0f --- /dev/null +++ b/roles/openshift_master_certificates/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Jason DeTiberus + description: + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- { role: openshift_master_ca } diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml new file mode 100644 index 000000000..b5a3f8e40 --- /dev/null +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Ensure the generated_configs directory present + file: + path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}" + state: directory + mode: 0700 + with_items: masters_needing_certs + +- file: + src: "{{ openshift_master_ca_cert }}" + dest: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/ca.crt" + with_items: masters_needing_certs + +- name: Create the master certificates if they do not already exist + command: > + {{ openshift.common.admin_binary }} create-master-certs + --hostnames={{ item.openshift.common.hostname }},{{ item.openshift.common.public_hostname }} + --master={{ item.openshift.master.api_url }} + --public-master={{ item.openshift.master.public_api_url }} + --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }} + --overwrite=false + args: + creates: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}/master.server.crt" + with_items: masters_needing_certs diff --git a/roles/openshift_register_nodes/vars/main.yml b/roles/openshift_master_certificates/vars/main.yml index 3801b8427..6e577b13b 100644 --- a/roles/openshift_register_nodes/vars/main.yml +++ b/roles/openshift_master_certificates/vars/main.yml @@ -1,8 +1,6 @@ --- -openshift_node_config_dir: /etc/openshift/node -openshift_master_config_dir: /etc/openshift/master openshift_generated_configs_dir: /etc/openshift/generated-configs +openshift_master_config_dir: /etc/openshift/master openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" -openshift_kube_api_version: v1beta3 diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 13f30a6f8..e18846db8 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -1,5 +1,11 @@ --- # TODO: allow for overriding default ports where possible +- fail: + msg: This role requres that osn_cluster_dns_domain is set + when: osn_cluster_dns_domain is not defined or not osn_cluster_dns_domain +- fail: + msg: This role requres that osn_cluster_dns_ip is set + when: osn_cluster_dns_ip is not defined or not osn_cluster_dns_ip - name: Install OpenShift Node package yum: pkg=openshift-node state=present @@ -10,11 +16,6 @@ register: sdn_install_result when: openshift.common.use_openshift_sdn -- name: Reload systemd units - command: systemctl daemon-reload - when: (node_install_result | changed or (openshift.common.use_openshift_sdn - and sdn_install_result | changed)) - - name: Set node OpenShift facts openshift_facts: role: "{{ item.role }}" @@ -27,9 +28,6 @@ deployment_type: "{{ openshift_deployment_type }}" - role: node local_facts: - resources_cpu: "{{ openshift_node_resources_cpu | default(none) }}" - resources_memory: "{{ openshift_node_resources_memory | default(none) }}" - pod_cidr: "{{ openshift_node_pod_cidr | default(none) }}" labels: "{{ openshift_node_labels | default(none) }}" annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" @@ -73,24 +71,3 @@ - name: Start and enable openshift-node service: name=openshift-node enabled=yes state=started - -- name: Check scheduleable state - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.client_binary }} get node {{ openshift.common.hostname }} - register: ond_get_node - until: ond_get_node.rc == 0 - retries: 10 - delay: 5 - -- name: Handle unscheduleable node - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname }} --schedulable=false - when: openshift_scheduleable is defined and openshift_scheduleable == False and "SchedulingDisabled" not in ond_get_node.stdout - -- name: Handle scheduleable node - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname }} --schedulable=true - when: (openshift_scheduleable is not defined or openshift_scheduleable == True) and "SchedulingDisabled" in ond_get_node.stdout diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index f313f6a4b..7778a2a61 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -1,7 +1,7 @@ allowDisabledDocker: false apiVersion: v1 -dnsDomain: {{ hostvars[openshift_first_master].openshift.dns.domain }} -dnsIP: {{ hostvars[openshift_first_master].openshift.dns.ip }} +dnsDomain: {{ osn_cluster_dns_domain }} +dnsIP: {{ osn_cluster_dns_ip }} dockerConfig: execHandlerName: "" imageConfig: diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 1b68bc673..64a799dfb 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -3,6 +3,7 @@ file: path: "{{ openshift_generated_configs_dir }}" state: directory + when: nodes_needing_certs | length > 0 - name: Generate the node client config command: > @@ -21,7 +22,6 @@ with_items: nodes_needing_certs - name: Generate the node server certificate - delegate_to: "{{ openshift_first_master }}" command: > {{ openshift.common.admin_binary }} create-server-cert --cert=server.crt --key=server.key --overwrite=true diff --git a/roles/openshift_node_certificates/vars/main.yml b/roles/openshift_node_certificates/vars/main.yml index 3801b8427..a018bb0f9 100644 --- a/roles/openshift_node_certificates/vars/main.yml +++ b/roles/openshift_node_certificates/vars/main.yml @@ -5,4 +5,3 @@ openshift_generated_configs_dir: /etc/openshift/generated-configs openshift_master_ca_cert: "{{ openshift_master_config_dir }}/ca.crt" openshift_master_ca_key: "{{ openshift_master_config_dir }}/ca.key" openshift_master_ca_serial: "{{ openshift_master_config_dir }}/ca.serial.txt" -openshift_kube_api_version: v1beta3 diff --git a/roles/openshift_register_nodes/README.md b/roles/openshift_register_nodes/README.md deleted file mode 100644 index b1d2000f1..000000000 --- a/roles/openshift_register_nodes/README.md +++ /dev/null @@ -1,15 +0,0 @@ -OpenShift Register Nodes -======================== - -DEPRECATED!!! -Nodes should now auto register themselves. Use openshift_node_certificates role instead. - -License -------- - -Apache License Version 2.0 - -Author Information ------------------- - -Jason DeTiberus (jdetiber@redhat.com) diff --git a/roles/openshift_register_nodes/library/kubernetes_register_node.py b/roles/openshift_register_nodes/library/kubernetes_register_node.py deleted file mode 100755 index a8c38627b..000000000 --- a/roles/openshift_register_nodes/library/kubernetes_register_node.py +++ /dev/null @@ -1,513 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# vim: expandtab:tabstop=4:shiftwidth=4 -# -# disable pylint checks -# permanently disabled unless someone wants to refactor the object model: -# too-few-public-methods -# no-self-use -# too-many-arguments -# too-many-locals -# too-many-branches -# pylint:disable=too-many-arguments, no-self-use -# pylint:disable=too-many-locals, too-many-branches, too-few-public-methods -"""Ansible module to register a kubernetes node to the cluster""" - -import os - -DOCUMENTATION = ''' ---- -module: kubernetes_register_node -short_description: Registers a kubernetes node with a master -description: - - Registers a kubernetes node with a master -options: - name: - default: null - description: - - Identifier for this node (usually the node fqdn). - required: true - api_verison: - choices: ['v1beta1', 'v1beta3'] - default: 'v1beta1' - description: - - Kubernetes API version to use - required: true - host_ip: - default: null - description: - - IP Address to associate with the node when registering. - Available in the following API versions: v1beta1. - required: false - cpu: - default: null - description: - - Number of CPUs to allocate for this node. When using the v1beta1 - API, you must specify the CPU count as a floating point number - with no more than 3 decimal places. API version v1beta3 and newer - accepts arbitrary float values. - required: false - memory: - default: null - description: - - Memory available for this node. When using the v1beta1 API, you - must specify the memory size in bytes. API version v1beta3 and - newer accepts binary SI and decimal SI values. - required: false -''' -EXAMPLES = ''' -# Minimal node registration -- openshift_register_node: name=ose3.node.example.com - -# Node registration using the v1beta1 API and assigning 1 CPU core and 10 GB of -# Memory -- openshift_register_node: - name: ose3.node.example.com - api_version: v1beta1 - hostIP: 192.168.1.1 - cpu: 1 - memory: 500000000 -''' - - -class ClientConfigException(Exception): - """Client Configuration Exception""" - pass - -class ClientConfig(object): - """ Representation of a client config - - Attributes: - config (dict): dictionary representing the client configuration - - Args: - client_opts (list of str): client options to use - module (AnsibleModule): - - Raises: - ClientConfigException: - """ - def __init__(self, client_opts, module): - kubectl = module.params['kubectl_cmd'] - _, output, _ = module.run_command((kubectl + - ["config", "view", "-o", "json"] + - client_opts), check_rc=True) - self.config = json.loads(output) - - if not (bool(self.config['clusters']) or - bool(self.config['contexts']) or - bool(self.config['current-context']) or - bool(self.config['users'])): - raise ClientConfigException( - "Client config missing required values: %s" % output - ) - - def current_context(self): - """ Gets the current context for the client config - - Returns: - str: The current context as set in the config - """ - return self.config['current-context'] - - def section_has_value(self, section_name, value): - """ Test if specified section contains a value - - Args: - section_name (str): config section to test - value (str): value to test if present - Returns: - bool: True if successful, false otherwise - """ - section = self.config[section_name] - if isinstance(section, dict): - return value in section - else: - val = next((item for item in section - if item['name'] == value), None) - return val is not None - - def has_context(self, context): - """ Test if specified context exists in config - - Args: - context (str): value to test if present - Returns: - bool: True if successful, false otherwise - """ - return self.section_has_value('contexts', context) - - def has_user(self, user): - """ Test if specified user exists in config - - Args: - context (str): value to test if present - Returns: - bool: True if successful, false otherwise - """ - return self.section_has_value('users', user) - - def has_cluster(self, cluster): - """ Test if specified cluster exists in config - - Args: - context (str): value to test if present - Returns: - bool: True if successful, false otherwise - """ - return self.section_has_value('clusters', cluster) - - def get_value_for_context(self, context, attribute): - """ Get the value of attribute in context - - Args: - context (str): context to search - attribute (str): attribute wanted - Returns: - str: The value for attribute in context - """ - contexts = self.config['contexts'] - if isinstance(contexts, dict): - return contexts[context][attribute] - else: - return next((c['context'][attribute] for c in contexts - if c['name'] == context), None) - - def get_user_for_context(self, context): - """ Get the user attribute in context - - Args: - context (str): context to search - Returns: - str: The value for the attribute in context - """ - return self.get_value_for_context(context, 'user') - - def get_cluster_for_context(self, context): - """ Get the cluster attribute in context - - Args: - context (str): context to search - Returns: - str: The value for the attribute in context - """ - return self.get_value_for_context(context, 'cluster') - - def get_namespace_for_context(self, context): - """ Get the namespace attribute in context - - Args: - context (str): context to search - Returns: - str: The value for the attribute in context - """ - return self.get_value_for_context(context, 'namespace') - -class Util(object): - """Utility methods""" - @staticmethod - def remove_empty_elements(mapping): - """ Recursively removes empty elements from a dict - - Args: - mapping (dict): dict to remove empty attributes from - Returns: - dict: A copy of the dict with empty elements removed - """ - if isinstance(mapping, dict): - copy = mapping.copy() - for key, val in mapping.iteritems(): - if not val: - del copy[key] - return copy - else: - return mapping - -class NodeResources(object): - """ Kubernetes Node Resources - - Attributes: - resources (dict): A dictionary representing the node resources - - Args: - version (str): kubernetes api version - cpu (str): string representation of the cpu resources for the node - memory (str): string representation of the memory resources for the - node - """ - def __init__(self, version, cpu=None, memory=None): - if version == 'v1beta1': - self.resources = dict(capacity=dict()) - self.resources['capacity']['cpu'] = cpu - self.resources['capacity']['memory'] = memory - - def get_resources(self): - """ Get the dict representing the node resources - - Returns: - dict: representation of the node resources with any empty - elements removed - """ - return Util.remove_empty_elements(self.resources) - -class NodeSpec(object): - """ Kubernetes Node Spec - - Attributes: - spec (dict): A dictionary representing the node resources - - Args: - version (str): kubernetes api version - cpu (str): string representation of the cpu resources for the node - memory (str): string representation of the memory resources for the - node - cidr (str): string representation of the cidr block available for - the node - externalID (str): The external id of the node - """ - def __init__(self, version, cpu=None, memory=None, cidr=None, - externalID=None): - if version == 'v1beta3': - self.spec = dict(podCIDR=cidr, externalID=externalID, - capacity=dict()) - self.spec['capacity']['cpu'] = cpu - self.spec['capacity']['memory'] = memory - - def get_spec(self): - """ Get the dict representing the node spec - - Returns: - dict: representation of the node spec with any empty elements - removed - """ - return Util.remove_empty_elements(self.spec) - -class Node(object): - """ Kubernetes Node - - Attributes: - node (dict): A dictionary representing the node - - Args: - module (AnsibleModule): - client_opts (list): client connection options - version (str, optional): kubernetes api version - node_name (str, optional): name for node - hostIP (str, optional): node host ip - cpu (str, optional): cpu resources for the node - memory (str, optional): memory resources for the node - labels (list, optional): labels for the node - annotations (list, optional): annotations for the node - podCIDR (list, optional): cidr block to use for pods - externalID (str, optional): external id of the node - """ - def __init__(self, module, client_opts, version='v1beta1', node_name=None, - hostIP=None, cpu=None, memory=None, labels=None, - annotations=None, podCIDR=None, externalID=None): - self.module = module - self.client_opts = client_opts - if version == 'v1beta1': - self.node = dict(id=node_name, - kind='Node', - apiVersion=version, - hostIP=hostIP, - resources=NodeResources(version, cpu, memory), - cidr=podCIDR, - labels=labels, - annotations=annotations, - externalID=externalID) - elif version == 'v1beta3': - metadata = dict(name=node_name, - labels=labels, - annotations=annotations) - self.node = dict(kind='Node', - apiVersion=version, - metadata=metadata, - spec=NodeSpec(version, cpu, memory, podCIDR, - externalID)) - - def get_name(self): - """ Get the name for the node - - Returns: - str: node name - """ - if self.node['apiVersion'] == 'v1beta1': - return self.node['id'] - elif self.node['apiVersion'] == 'v1beta3': - return self.node['metadata']['name'] - - def get_node(self): - """ Get the dict representing the node - - Returns: - dict: representation of the node with any empty elements - removed - """ - node = self.node.copy() - if self.node['apiVersion'] == 'v1beta1': - node['resources'] = self.node['resources'].get_resources() - elif self.node['apiVersion'] == 'v1beta3': - node['spec'] = self.node['spec'].get_spec() - return Util.remove_empty_elements(node) - - def exists(self): - """ Tests if the node already exists - - Returns: - bool: True if node exists, otherwise False - """ - kubectl = self.module.params['kubectl_cmd'] - _, output, _ = self.module.run_command((kubectl + ["get", "nodes"] + - self.client_opts), - check_rc=True) - if re.search(self.module.params['name'], output, re.MULTILINE): - return True - return False - - def create(self): - """ Creates the node - - Returns: - bool: True if node creation successful - """ - kubectl = self.module.params['kubectl_cmd'] - cmd = kubectl + self.client_opts + ['create', '-f', '-'] - exit_code, output, error = self.module.run_command( - cmd, data=self.module.jsonify(self.get_node()) - ) - if exit_code != 0: - if re.search("minion \"%s\" already exists" % self.get_name(), - error): - self.module.exit_json(msg="node definition already exists", - changed=False, node=self.get_node()) - else: - self.module.fail_json(msg="Node creation failed.", - exit_code=exit_code, - output=output, error=error, - node=self.get_node()) - else: - return True - -def generate_client_opts(module): - """ Generates the client options - - Args: - module(AnsibleModule) - - Returns: - str: client options - """ - client_config = '~/.kube/.kubeconfig' - if 'default_client_config' in module.params: - client_config = module.params['default_client_config'] - user_has_client_config = os.path.exists(os.path.expanduser(client_config)) - if not (user_has_client_config or module.params['client_config']): - module.fail_json(msg="Could not locate client configuration, " - "client_config must be specified if " - "~/.kube/.kubeconfig is not present") - - client_opts = [] - if module.params['client_config']: - kubeconfig_flag = '--kubeconfig' - if 'kubeconfig_flag' in module.params: - kubeconfig_flag = module.params['kubeconfig_flag'] - client_opts.append(kubeconfig_flag + '=' + os.path.expanduser(module.params['client_config'])) - - try: - config = ClientConfig(client_opts, module) - except ClientConfigException as ex: - module.fail_json(msg="Failed to get client configuration", - exception=str(ex)) - - client_context = module.params['client_context'] - if config.has_context(client_context): - if client_context != config.current_context(): - client_opts.append("--context=%s" % client_context) - else: - module.fail_json(msg="Context %s not found in client config" % client_context) - - client_user = module.params['client_user'] - if config.has_user(client_user): - if client_user != config.get_user_for_context(client_context): - client_opts.append("--user=%s" % client_user) - else: - module.fail_json(msg="User %s not found in client config" % client_user) - - client_cluster = module.params['client_cluster'] - if config.has_cluster(client_cluster): - if client_cluster != config.get_cluster_for_context(client_context): - client_opts.append("--cluster=%s" % client_cluster) - else: - module.fail_json(msg="Cluster %s not found in client config" % client_cluster) - - client_namespace = module.params['client_namespace'] - if client_namespace != config.get_namespace_for_context(client_context): - client_opts.append("--namespace=%s" % client_namespace) - - return client_opts - - -def main(): - """ main """ - module = AnsibleModule( - argument_spec=dict( - name=dict(required=True, type='str'), - host_ip=dict(type='str'), - api_version=dict(type='str', default='v1beta1', - choices=['v1beta1', 'v1beta3']), - cpu=dict(type='str'), - memory=dict(type='str'), - # TODO: needs documented - labels=dict(type='dict', default={}), - # TODO: needs documented - annotations=dict(type='dict', default={}), - # TODO: needs documented - pod_cidr=dict(type='str'), - # TODO: needs documented - client_config=dict(type='str'), - # TODO: needs documented - client_cluster=dict(type='str', default='master'), - # TODO: needs documented - client_context=dict(type='str', default='default'), - # TODO: needs documented - client_namespace=dict(type='str', default='default'), - # TODO: needs documented - client_user=dict(type='str', default='system:admin'), - # TODO: needs documented - kubectl_cmd=dict(type='list', default=['kubectl']), - # TODO: needs documented - kubeconfig_flag=dict(type='str'), - # TODO: needs documented - default_client_config=dict(type='str') - ), - supports_check_mode=True - ) - - labels = module.params['labels'] - kube_hostname_label = 'kubernetes.io/hostname' - if kube_hostname_label not in labels: - labels[kube_hostname_label] = module.params['name'] - - node = Node(module, generate_client_opts(module), - module.params['api_version'], module.params['name'], - module.params['host_ip'], module.params['cpu'], - module.params['memory'], labels, module.params['annotations'], - module.params['pod_cidr']) - - if node.exists(): - module.exit_json(changed=False, node=node.get_node()) - elif module.check_mode: - module.exit_json(changed=True, node=node.get_node()) - elif node.create(): - module.exit_json(changed=True, msg="Node created successfully", - node=node.get_node()) - else: - module.fail_json(msg="Unknown error creating node", node=node.get_node()) - -# ignore pylint errors related to the module_utils import -# pylint: disable=redefined-builtin, unused-wildcard-import, wildcard-import -# import module snippets -from ansible.module_utils.basic import * -if __name__ == '__main__': - main() diff --git a/roles/openshift_register_nodes/tasks/main.yml b/roles/openshift_register_nodes/tasks/main.yml deleted file mode 100644 index 502dffc26..000000000 --- a/roles/openshift_register_nodes/tasks/main.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Create openshift_generated_configs_dir if it doesn't exist - file: - path: "{{ openshift_generated_configs_dir }}" - state: directory - -- name: Generate the node client config - command: > - {{ openshift.common.admin_binary }} create-api-client-config - --certificate-authority={{ openshift_master_ca_cert }} - --client-dir={{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }} - --groups=system:nodes - --master={{ openshift.master.api_url }} - --signer-cert={{ openshift_master_ca_cert }} - --signer-key={{ openshift_master_ca_key }} - --signer-serial={{ openshift_master_ca_serial }} - --user=system:node:{{ item.openshift.common.hostname }} - args: - chdir: "{{ openshift_generated_configs_dir }}" - creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" - with_items: nodes_needing_certs - -- name: Generate the node server certificate - delegate_to: "{{ openshift_first_master }}" - command: > - {{ openshift.common.admin_binary }} create-server-cert - --cert=server.crt --key=server.key --overwrite=true - --hostnames={{ [item.openshift.common.hostname, item.openshift.common.public_hostname]|unique|join(",") }} - --signer-cert={{ openshift_master_ca_cert }} - --signer-key={{ openshift_master_ca_key }} - --signer-serial={{ openshift_master_ca_serial }} - args: - chdir: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}" - creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt" - with_items: nodes_needing_certs - -- name: Register unregistered nodes - kubernetes_register_node: - kubectl_cmd: "{{ [openshift.common.client_binary] }}" - default_client_config: '~/.kube/config' - name: "{{ item.openshift.common.hostname }}" - api_version: "{{ openshift_kube_api_version }}" - cpu: "{{ item.openshift.node.resources_cpu | default(None) }}" - memory: "{{ item.openshift.node.resources_memory | default(None) }}" - pod_cidr: "{{ item.openshift.node.pod_cidr | default(None) }}" - host_ip: "{{ item.openshift.common.ip }}" - labels: "{{ item.openshift.node.labels | default({}) }}" - annotations: "{{ item.openshift.node.annotations | default({}) }}" - client_context: default/ose3-master-example-com:8443/system:openshift-master - client_user: system:openshift-master/ose3-master-example-com:8443 - client_cluster: ose3-master-example-com:8443 - with_items: openshift_nodes - register: register_result diff --git a/roles/openshift_repos/files/online/repos/enterprise-v3.repo b/roles/openshift_repos/files/online/repos/enterprise-v3.repo index 69c480f0a..92bd35834 100644 --- a/roles/openshift_repos/files/online/repos/enterprise-v3.repo +++ b/roles/openshift_repos/files/online/repos/enterprise-v3.repo @@ -1,7 +1,7 @@ [enterprise-v3] -name=OpenShift Enterprise Beta4 -baseurl=https://mirror.ops.rhcloud.com/libra/libra-7-ose-beta4/ - https://gce-mirror1.ops.rhcloud.com/libra/libra-7-ose-beta4/ +name=OpenShift Enterprise +baseurl=https://mirror.ops.rhcloud.com/libra/rhui-rhel-server-7-ose/ + https://gce-mirror1.ops.rhcloud.com/libra/rhui-rhel-server-7-ose/ enabled=1 gpgcheck=0 failovermethod=priority diff --git a/roles/os_zabbix/library/zbxapi.py b/roles/os_zabbix/library/zbxapi.py index b5fa5ee2b..48f294938 100755 --- a/roles/os_zabbix/library/zbxapi.py +++ b/roles/os_zabbix/library/zbxapi.py @@ -103,7 +103,6 @@ class ZabbixAPI(object): # pylint: disable=no-member # This method does not exist until the metaprogramming executed - # This is permanently disabled. results = self.user.login(user=self.username, password=self.password) if results[0]['status'] == '200': @@ -251,17 +250,26 @@ def exists(content, key='result'): return True -def diff_content(from_zabbix, from_user): +def diff_content(from_zabbix, from_user, ignore=None): ''' Compare passed in object to results returned from zabbix ''' - terms = ['search', 'output', 'groups', 'select', 'expand'] + terms = ['search', 'output', 'groups', 'select', 'expand', 'filter'] + if ignore: + terms.extend(ignore) regex = '(' + '|'.join(terms) + ')' retval = {} for key, value in from_user.items(): if re.findall(regex, key): continue - if from_zabbix[key] != str(value): + # special case here for templates. You query templates and + # the zabbix api returns parentTemplates. These will obviously fail. + # So when its templates compare against parentTemplates. + if key == 'templates' and from_zabbix.has_key('parentTemplates'): + if from_zabbix['parentTemplates'] != value: + retval[key] = value + + elif from_zabbix[key] != str(value): retval[key] = str(value) return retval @@ -280,6 +288,7 @@ def main(): params=dict(), debug=dict(default=False, type='bool'), state=dict(default='present', type='str'), + ignore=dict(default=None, type='list'), ), #supports_check_mode=True ) @@ -306,10 +315,12 @@ def main(): zapi = ZabbixAPI(api_data) + ignore = module.params['ignore'] zbx_class = module.params.get('zbx_class') rpc_params = module.params.get('params', {}) state = module.params.get('state') + # Get the instance we are trying to call zbx_class_inst = zapi.__getattribute__(zbx_class.lower()) @@ -337,14 +348,14 @@ def main(): module.exit_json(changed=True, results=content['result'], state="absent") if state == 'present': - # It's not there, create it! + # It's not there, create it! if not exists(content): zbx_action_method = zapi.__getattribute__(zbx_class.capitalize()).__dict__['create'] _, content = zbx_action_method(zbx_class_inst, rpc_params) module.exit_json(changed=True, results=content['result'], state='present') - # It's there and the same, do nothing! - diff_params = diff_content(content['result'][0], rpc_params) + # It's there and the same, do nothing! + diff_params = diff_content(content['result'][0], rpc_params, ignore) if not diff_params: module.exit_json(changed=False, results=content['result'], state="present") @@ -368,3 +379,4 @@ def main(): from ansible.module_utils.basic import * main() + |