From e05e6eafbf50761fdc67148162ef9a0fe2c2cfb0 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 26 Jul 2016 10:13:02 -0400 Subject: xPaaS v1.3.2 release --- .../v1.3/xpaas-templates/sso70-postgresql.json | 194 +++++++++++++++------ 1 file changed, 145 insertions(+), 49 deletions(-) (limited to 'roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json') diff --git a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json index 08257d192..d8402ef72 100644 --- a/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json +++ b/roles/openshift_examples/files/examples/v1.3/xpaas-templates/sso70-postgresql.json @@ -6,13 +6,13 @@ "description": "Application template for SSO 7.0 PostgreSQL applications", "iconClass" : "icon-jboss", "tags" : "sso,keycloak,postrgresql,java,database,jboss,xpaas", - "version" : "1.3" + "version" : "1.3.2" }, "name": "sso70-postgresql" }, "labels": { "template": "sso70-postgresql", - "xpaas" : "1.3.0" + "xpaas" : "1.3.2" }, "parameters": [ { @@ -45,6 +45,12 @@ "value": "root", "required": true }, + { + "description": "The name of the service account to use for the deployment. The service account should be configured to allow useage of the secret(s) specified by HTTPS_SECRET and JGROUPS_ENCRYPT_SECRET.", + "name": "SERVICE_ACCOUNT_NAME", + "value": "sso-service-account", + "required": true + }, { "description": "The name of the secret containing the keystore file", "name": "HTTPS_SECRET", @@ -58,15 +64,21 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The type of the keystore file (JKS or JCEKS)", + "name": "HTTPS_KEYSTORE_TYPE", + "value": "", + "required": false + }, + { + "description": "The name associated with the server certificate (e.g. jboss)", "name": "HTTPS_NAME", - "value": "jboss", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. mykeystorepass)", "name": "HTTPS_PASSWORD", - "value": "mykeystorepass", + "value": "", "required": false }, { @@ -94,13 +106,6 @@ "name": "POSTGRESQL_SHARED_BUFFERS", "required": false }, - { - "description": "HornetQ cluster admin password", - "name": "HORNETQ_CLUSTER_PASSWORD", - "from": "[a-zA-Z0-9]{8}", - "generate": "expression", - "required": true - }, { "description": "Database user name", "name": "DB_USERNAME", @@ -115,22 +120,10 @@ "generate": "expression", "required": true }, - { - "description": "Queue names", - "name": "HORNETQ_QUEUES", - "value": "", - "required": false - }, - { - "description": "Topic names", - "name": "HORNETQ_TOPICS", - "value": "", - "required": false - }, { "description": "The name of the secret containing the keystore file", "name": "JGROUPS_ENCRYPT_SECRET", - "value": "eap-app-secret", + "value": "sso-app-secret", "required": false }, { @@ -140,15 +133,15 @@ "required": false }, { - "description": "The name associated with the server certificate", + "description": "The name associated with the server certificate (e.g. secret-key)", "name": "JGROUPS_ENCRYPT_NAME", - "value": "secret-key", + "value": "", "required": false }, { - "description": "The password for the keystore and certificate", + "description": "The password for the keystore and certificate (e.g. password)", "name": "JGROUPS_ENCRYPT_PASSWORD", - "value": "password", + "value": "", "required": false }, { @@ -163,6 +156,54 @@ "name": "IMAGE_STREAM_NAMESPACE", "value": "openshift", "required": true + }, + { + "description": "SSO Server admin username", + "name": "SSO_ADMIN_USERNAME", + "value": "admin", + "required": false + }, + { + "description": "SSO Server admin password", + "name": "SSO_ADMIN_PASSWORD", + "value": "admin", + "required": false + }, + { + "description": "Realm to be created in the SSO server (e.g. demo).", + "name": "SSO_REALM", + "value": "", + "required": false + }, + { + "description": "The username used to access the SSO service. This is used by clients to create the appliction client(s) within the specified SSO realm.", + "name": "SSO_SERVICE_USERNAME", + "value": "", + "required": false + }, + { + "description": "The password for the SSO service user.", + "name": "SSO_SERVICE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the truststore file within the secret (e.g. truststore.jks)", + "name": "SSO_TRUSTSTORE", + "value": "", + "required": false + }, + { + "description": "The password for the truststore and certificate (e.g. mykeystorepass)", + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "", + "required": false + }, + { + "description": "The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName", + "name": "SSO_TRUSTSTORE_SECRET", + "value": "sso-app-secret", + "required": false } ], "objects": [ @@ -311,7 +352,7 @@ "from": { "kind": "ImageStreamTag", "namespace": "${IMAGE_STREAM_NAMESPACE}", - "name": "redhat-sso70-openshift:1.3-TP" + "name": "redhat-sso70-openshift:1.3" } } }, @@ -333,8 +374,8 @@ } }, "spec": { - "serviceAccountName": "sso-service-account", - "terminationGracePeriodSeconds": 60, + "serviceAccountName": "${SERVICE_ACCOUNT_NAME}", + "terminationGracePeriodSeconds": 75, "containers": [ { "name": "${APPLICATION_NAME}", @@ -350,8 +391,24 @@ "name": "eap-jgroups-keystore-volume", "mountPath": "/etc/jgroups-encrypt-secret-volume", "readOnly": true + }, + { + "name": "sso-truststore-volume", + "mountPath": "/etc/sso-secret-volume", + "readOnly": true } ], + "lifecycle": { + "preStop": { + "exec": { + "command": [ + "/opt/eap/bin/jboss-cli.sh", + "-c", + ":shutdown(timeout=60)" + ] + } + } + }, "livenessProbe": { "exec": { "command": [ @@ -385,6 +442,11 @@ "name": "https", "containerPort": 8443, "protocol": "TCP" + }, + { + "name": "ping", + "containerPort": 8888, + "protocol": "TCP" } ], "env": [ @@ -437,32 +499,24 @@ } }, { - "name": "EAP_HTTPS_KEYSTORE_DIR", + "name": "HTTPS_KEYSTORE_DIR", "value": "/etc/eap-secret-volume" }, { - "name": "EAP_HTTPS_KEYSTORE", + "name": "HTTPS_KEYSTORE", "value": "${HTTPS_KEYSTORE}" }, { - "name": "EAP_HTTPS_NAME", - "value": "${HTTPS_NAME}" - }, - { - "name": "EAP_HTTPS_PASSWORD", - "value": "${HTTPS_PASSWORD}" - }, - { - "name": "HORNETQ_CLUSTER_PASSWORD", - "value": "${HORNETQ_CLUSTER_PASSWORD}" + "name": "HTTPS_KEYSTORE_TYPE", + "value": "${HTTPS_KEYSTORE_TYPE}" }, { - "name": "HORNETQ_QUEUES", - "value": "${HORNETQ_QUEUES}" + "name": "HTTPS_NAME", + "value": "${HTTPS_NAME}" }, { - "name": "HORNETQ_TOPICS", - "value": "${HORNETQ_TOPICS}" + "name": "HTTPS_PASSWORD", + "value": "${HTTPS_PASSWORD}" }, { "name": "JGROUPS_ENCRYPT_SECRET", @@ -487,6 +541,38 @@ { "name": "JGROUPS_CLUSTER_PASSWORD", "value": "${JGROUPS_CLUSTER_PASSWORD}" + }, + { + "name": "SSO_ADMIN_USERNAME", + "value": "${SSO_ADMIN_USERNAME}" + }, + { + "name": "SSO_ADMIN_PASSWORD", + "value": "${SSO_ADMIN_PASSWORD}" + }, + { + "name": "SSO_REALM", + "value": "${SSO_REALM}" + }, + { + "name": "SSO_SERVICE_USERNAME", + "value": "${SSO_SERVICE_USERNAME}" + }, + { + "name": "SSO_SERVICE_PASSWORD", + "value": "${SSO_SERVICE_PASSWORD}" + }, + { + "name": "SSO_TRUSTSTORE", + "value": "${SSO_TRUSTSTORE}" + }, + { + "name": "SSO_TRUSTSTORE_DIR", + "value": "/etc/sso-secret-volume" + }, + { + "name": "SSO_TRUSTSTORE_PASSWORD", + "value": "${SSO_TRUSTSTORE_PASSWORD}" } ] } @@ -503,6 +589,12 @@ "secret": { "secretName": "${JGROUPS_ENCRYPT_SECRET}" } + }, + { + "name": "sso-truststore-volume", + "secret": { + "secretName": "${SSO_TRUSTSTORE_SECRET}" + } } ] } @@ -585,6 +677,10 @@ "name": "POSTGRESQL_MAX_CONNECTIONS", "value": "${POSTGRESQL_MAX_CONNECTIONS}" }, + { + "name": "POSTGRESQL_MAX_PREPARED_TRANSACTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, { "name": "POSTGRESQL_SHARED_BUFFERS", "value": "${POSTGRESQL_SHARED_BUFFERS}" -- cgit v1.2.3