apiVersion: v1 kind: Template labels: template: manageiq-ext-db metadata: name: manageiq-ext-db annotations: description: ManageIQ appliance with persistent storage using a external DB host tags: instant-app,manageiq,miq iconClass: icon-rails objects: - apiVersion: v1 kind: ServiceAccount metadata: name: miq-orchestrator - apiVersion: v1 kind: ServiceAccount metadata: name: miq-anyuid - apiVersion: v1 kind: ServiceAccount metadata: name: miq-privileged - apiVersion: v1 kind: ServiceAccount metadata: name: miq-httpd - apiVersion: v1 kind: Secret metadata: name: "${NAME}-secrets" stringData: pg-password: "${DATABASE_PASSWORD}" database-url: postgresql://${DATABASE_USER}:${DATABASE_PASSWORD}@${DATABASE_SERVICE_NAME}/${DATABASE_NAME}?encoding=utf8&pool=5&wait_timeout=5 v2-key: "${V2_KEY}" - apiVersion: v1 kind: Secret metadata: name: "${ANSIBLE_SERVICE_NAME}-secrets" stringData: rabbit-password: "${ANSIBLE_RABBITMQ_PASSWORD}" secret-key: "${ANSIBLE_SECRET_KEY}" admin-password: "${ANSIBLE_ADMIN_PASSWORD}" - apiVersion: v1 kind: Service metadata: annotations: description: Exposes and load balances ManageIQ pods service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"},{"name":"${MEMCACHED_SERVICE_NAME}","namespace":"","kind":"Service"}]' name: "${NAME}" spec: clusterIP: None ports: - name: http port: 80 protocol: TCP targetPort: 80 selector: name: "${NAME}" - apiVersion: v1 kind: Route metadata: name: "${HTTPD_SERVICE_NAME}" spec: host: "${APPLICATION_DOMAIN}" port: targetPort: http tls: termination: edge insecureEdgeTerminationPolicy: Redirect to: kind: Service name: "${HTTPD_SERVICE_NAME}" - apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: "${NAME}" annotations: description: Defines how to deploy the ManageIQ appliance spec: serviceName: "${NAME}" replicas: "${APPLICATION_REPLICA_COUNT}" template: metadata: labels: name: "${NAME}" name: "${NAME}" spec: containers: - name: manageiq image: "${APPLICATION_IMG_NAME}:${FRONTEND_APPLICATION_IMG_TAG}" livenessProbe: tcpSocket: port: 80 initialDelaySeconds: 480 timeoutSeconds: 3 readinessProbe: httpGet: path: "/" port: 80 scheme: HTTP initialDelaySeconds: 200 timeoutSeconds: 3 ports: - containerPort: 80 protocol: TCP volumeMounts: - name: "${NAME}-server" mountPath: "/persistent" env: - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: APPLICATION_INIT_DELAY value: "${APPLICATION_INIT_DELAY}" - name: DATABASE_SERVICE_NAME value: "${DATABASE_SERVICE_NAME}" - name: DATABASE_REGION value: "${DATABASE_REGION}" - name: DATABASE_URL valueFrom: secretKeyRef: name: "${NAME}-secrets" key: database-url - name: MEMCACHED_SERVER value: "${MEMCACHED_SERVICE_NAME}:11211" - name: MEMCACHED_SERVICE_NAME value: "${MEMCACHED_SERVICE_NAME}" - name: V2_KEY valueFrom: secretKeyRef: name: "${NAME}-secrets" key: v2-key - name: ANSIBLE_SERVICE_NAME value: "${ANSIBLE_SERVICE_NAME}" - name: ANSIBLE_ADMIN_PASSWORD valueFrom: secretKeyRef: name: "${ANSIBLE_SERVICE_NAME}-secrets" key: admin-password resources: requests: memory: "${APPLICATION_MEM_REQ}" cpu: "${APPLICATION_CPU_REQ}" limits: memory: "${APPLICATION_MEM_LIMIT}" lifecycle: preStop: exec: command: - "/opt/manageiq/container-scripts/sync-pv-data" serviceAccount: miq-orchestrator serviceAccountName: miq-orchestrator terminationGracePeriodSeconds: 90 volumeClaimTemplates: - metadata: name: "${NAME}-server" annotations: spec: accessModes: - ReadWriteOnce resources: requests: storage: "${APPLICATION_VOLUME_CAPACITY}" - apiVersion: v1 kind: Service metadata: annotations: description: Headless service for ManageIQ backend pods name: "${NAME}-backend" spec: clusterIP: None selector: name: "${NAME}-backend" - apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: "${NAME}-backend" annotations: description: Defines how to deploy the ManageIQ appliance spec: serviceName: "${NAME}-backend" replicas: 0 template: metadata: labels: name: "${NAME}-backend" name: "${NAME}-backend" spec: containers: - name: manageiq image: "${APPLICATION_IMG_NAME}:${BACKEND_APPLICATION_IMG_TAG}" livenessProbe: exec: command: - pidof - MIQ Server initialDelaySeconds: 480 timeoutSeconds: 3 volumeMounts: - name: "${NAME}-server" mountPath: "/persistent" env: - name: APPLICATION_INIT_DELAY value: "${APPLICATION_INIT_DELAY}" - name: DATABASE_URL valueFrom: secretKeyRef: name: "${NAME}-secrets" key: database-url - name: MIQ_SERVER_DEFAULT_ROLES value: database_operations,event,reporting,scheduler,smartstate,ems_operations,ems_inventory,automate - name: FRONTEND_SERVICE_NAME value: "${NAME}" - name: MEMCACHED_SERVER value: "${MEMCACHED_SERVICE_NAME}:11211" - name: V2_KEY valueFrom: secretKeyRef: name: "${NAME}-secrets" key: v2-key - name: ANSIBLE_SERVICE_NAME value: "${ANSIBLE_SERVICE_NAME}" - name: ANSIBLE_ADMIN_PASSWORD valueFrom: secretKeyRef: name: "${ANSIBLE_SERVICE_NAME}-secrets" key: admin-password resources: requests: memory: "${APPLICATION_MEM_REQ}" cpu: "${APPLICATION_CPU_REQ}" limits: memory: "${APPLICATION_MEM_LIMIT}" lifecycle: preStop: exec: command: - "/opt/manageiq/container-scripts/sync-pv-data" serviceAccount: miq-orchestrator serviceAccountName: miq-orchestrator terminationGracePeriodSeconds: 90 volumeClaimTemplates: - metadata: name: "${NAME}-server" annotations: spec: accessModes: - ReadWriteOnce resources: requests: storage: "${APPLICATION_VOLUME_CAPACITY}" - apiVersion: v1 kind: Service metadata: name: "${MEMCACHED_SERVICE_NAME}" annotations: description: Exposes the memcached server spec: ports: - name: memcached port: 11211 targetPort: 11211 selector: name: "${MEMCACHED_SERVICE_NAME}" - apiVersion: v1 kind: DeploymentConfig metadata: name: "${MEMCACHED_SERVICE_NAME}" annotations: description: Defines how to deploy memcached spec: strategy: type: Recreate triggers: - type: ConfigChange replicas: 1 selector: name: "${MEMCACHED_SERVICE_NAME}" template: metadata: name: "${MEMCACHED_SERVICE_NAME}" labels: name: "${MEMCACHED_SERVICE_NAME}" spec: volumes: [] containers: - name: memcached image: "${MEMCACHED_IMG_NAME}:${MEMCACHED_IMG_TAG}" ports: - containerPort: 11211 readinessProbe: timeoutSeconds: 1 initialDelaySeconds: 5 tcpSocket: port: 11211 livenessProbe: timeoutSeconds: 1 initialDelaySeconds: 30 tcpSocket: port: 11211 volumeMounts: [] env: - name: MEMCACHED_MAX_MEMORY value: "${MEMCACHED_MAX_MEMORY}" - name: MEMCACHED_MAX_CONNECTIONS value: "${MEMCACHED_MAX_CONNECTIONS}" - name: MEMCACHED_SLAB_PAGE_SIZE value: "${MEMCACHED_SLAB_PAGE_SIZE}" resources: requests: memory: "${MEMCACHED_MEM_REQ}" cpu: "${MEMCACHED_CPU_REQ}" limits: memory: "${MEMCACHED_MEM_LIMIT}" - apiVersion: v1 kind: Service metadata: name: "${DATABASE_SERVICE_NAME}" annotations: description: Remote database service spec: ports: - name: postgresql port: 5432 targetPort: "${{DATABASE_PORT}}" selector: {} - apiVersion: v1 kind: Endpoints metadata: name: "${DATABASE_SERVICE_NAME}" subsets: - addresses: - ip: "${DATABASE_IP}" ports: - port: "${{DATABASE_PORT}}" name: postgresql - apiVersion: v1 kind: Service metadata: annotations: description: Exposes and load balances Ansible pods service.alpha.openshift.io/dependencies: '[{"name":"${DATABASE_SERVICE_NAME}","namespace":"","kind":"Service"}]' name: "${ANSIBLE_SERVICE_NAME}" spec: ports: - name: http port: 80 protocol: TCP targetPort: 80 - name: https port: 443 protocol: TCP targetPort: 443 selector: name: "${ANSIBLE_SERVICE_NAME}" - apiVersion: v1 kind: DeploymentConfig metadata: name: "${ANSIBLE_SERVICE_NAME}" annotations: description: Defines how to deploy the Ansible appliance spec: strategy: type: Recreate serviceName: "${ANSIBLE_SERVICE_NAME}" replicas: 0 template: metadata: labels: name: "${ANSIBLE_SERVICE_NAME}" name: "${ANSIBLE_SERVICE_NAME}" spec: containers: - name: ansible image: "${ANSIBLE_IMG_NAME}:${ANSIBLE_IMG_TAG}" livenessProbe: tcpSocket: port: 443 initialDelaySeconds: 480 timeoutSeconds: 3 readinessProbe: httpGet: path: "/" port: 443 scheme: HTTPS initialDelaySeconds: 200 timeoutSeconds: 3 ports: - containerPort: 80 protocol: TCP - containerPort: 443 protocol: TCP securityContext: privileged: true env: - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: "${ANSIBLE_SERVICE_NAME}-secrets" key: admin-password - name: RABBITMQ_USER_NAME value: "${ANSIBLE_RABBITMQ_USER_NAME}" - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: name: "${ANSIBLE_SERVICE_NAME}-secrets" key: rabbit-password - name: ANSIBLE_SECRET_KEY valueFrom: secretKeyRef: name: "${ANSIBLE_SERVICE_NAME}-secrets" key: secret-key - name: DATABASE_SERVICE_NAME value: "${DATABASE_SERVICE_NAME}" - name: POSTGRESQL_USER value: "${DATABASE_USER}" - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: "${NAME}-secrets" key: pg-password - name: POSTGRESQL_DATABASE value: "${ANSIBLE_DATABASE_NAME}" resources: requests: memory: "${ANSIBLE_MEM_REQ}" cpu: "${ANSIBLE_CPU_REQ}" limits: memory: "${ANSIBLE_MEM_LIMIT}" serviceAccount: miq-privileged serviceAccountName: miq-privileged - apiVersion: v1 kind: ConfigMap metadata: name: "${HTTPD_SERVICE_NAME}-configs" data: application.conf: | # Timeout: The number of seconds before receives and sends time out. Timeout 120 RewriteEngine On Options SymLinksIfOwnerMatch KeepAlive on ProxyPreserveHost on ProxyPass /ws/ ws://${NAME}/ws/ ProxyPassReverse /ws/ ws://${NAME}/ws/ ProxyPass / http://${NAME}/ ProxyPassReverse / http://${NAME}/ - apiVersion: v1 kind: ConfigMap metadata: name: "${HTTPD_SERVICE_NAME}-auth-configs" data: auth-type: internal auth-configuration.conf: | # External Authentication Configuration File # # For details on usage please see https://github.com/ManageIQ/manageiq-pods/blob/master/README.md#configuring-external-authentication - apiVersion: v1 kind: Service metadata: name: "${HTTPD_SERVICE_NAME}" annotations: description: Exposes the httpd server service.alpha.openshift.io/dependencies: '[{"name":"${NAME}","namespace":"","kind":"Service"}]' spec: ports: - name: http port: 80 targetPort: 80 selector: name: httpd - apiVersion: v1 kind: DeploymentConfig metadata: name: "${HTTPD_SERVICE_NAME}" annotations: description: Defines how to deploy httpd spec: strategy: type: Recreate recreateParams: timeoutSeconds: 1200 triggers: - type: ConfigChange replicas: 1 selector: name: "${HTTPD_SERVICE_NAME}" template: metadata: name: "${HTTPD_SERVICE_NAME}" labels: name: "${HTTPD_SERVICE_NAME}" spec: volumes: - name: httpd-config configMap: name: "${HTTPD_SERVICE_NAME}-configs" - name: httpd-auth-config configMap: name: "${HTTPD_SERVICE_NAME}-auth-configs" containers: - name: httpd image: "${HTTPD_IMG_NAME}:${HTTPD_IMG_TAG}" ports: - containerPort: 80 livenessProbe: exec: command: - pidof - httpd initialDelaySeconds: 15 timeoutSeconds: 3 readinessProbe: tcpSocket: port: 80 initialDelaySeconds: 10 timeoutSeconds: 3 volumeMounts: - name: httpd-config mountPath: "${HTTPD_CONFIG_DIR}" - name: httpd-auth-config mountPath: "${HTTPD_AUTH_CONFIG_DIR}" resources: requests: memory: "${HTTPD_MEM_REQ}" cpu: "${HTTPD_CPU_REQ}" limits: memory: "${HTTPD_MEM_LIMIT}" env: - name: HTTPD_AUTH_TYPE valueFrom: configMapKeyRef: name: "${HTTPD_SERVICE_NAME}-auth-configs" key: auth-type lifecycle: postStart: exec: command: - "/usr/bin/save-container-environment" serviceAccount: miq-anyuid serviceAccountName: miq-anyuid parameters: - name: NAME displayName: Name required: true description: The name assigned to all of the frontend objects defined in this template. value: manageiq - name: V2_KEY displayName: ManageIQ Encryption Key required: true description: Encryption Key for ManageIQ Passwords from: "[a-zA-Z0-9]{43}" generate: expression - name: DATABASE_SERVICE_NAME displayName: PostgreSQL Service Name required: true description: The name of the OpenShift Service exposed for the PostgreSQL container. value: postgresql - name: DATABASE_USER displayName: PostgreSQL User required: true description: PostgreSQL user that will access the database. value: root - name: DATABASE_PASSWORD displayName: PostgreSQL Password required: true description: Password for the PostgreSQL user. from: "[a-zA-Z0-9]{8}" generate: expression - name: DATABASE_IP displayName: PostgreSQL Server IP required: true description: PostgreSQL external server IP used to configure service. value: '' - name: DATABASE_PORT displayName: PostgreSQL Server Port required: true description: PostgreSQL external server port used to configure service. value: '5432' - name: DATABASE_NAME required: true displayName: PostgreSQL Database Name description: Name of the PostgreSQL database accessed. value: vmdb_production - name: DATABASE_REGION required: true displayName: Application Database Region description: Database region that will be used for application. value: '0' - name: ANSIBLE_DATABASE_NAME displayName: Ansible PostgreSQL database name required: true description: The database to be used by the Ansible continer value: awx - name: MEMCACHED_SERVICE_NAME required: true displayName: Memcached Service Name description: The name of the OpenShift Service exposed for the Memcached container. value: memcached - name: MEMCACHED_MAX_MEMORY displayName: Memcached Max Memory description: Memcached maximum memory for memcached object storage in MB. value: '64' - name: MEMCACHED_MAX_CONNECTIONS displayName: Memcached Max Connections description: Memcached maximum number of connections allowed. value: '1024' - name: MEMCACHED_SLAB_PAGE_SIZE displayName: Memcached Slab Page Size description: Memcached size of each slab page. value: 1m - name: ANSIBLE_SERVICE_NAME displayName: Ansible Service Name description: The name of the OpenShift Service exposed for the Ansible container. value: ansible - name: ANSIBLE_ADMIN_PASSWORD displayName: Ansible admin User password required: true description: The password for the Ansible container admin user from: "[a-zA-Z0-9]{32}" generate: expression - name: ANSIBLE_SECRET_KEY displayName: Ansible Secret Key required: true description: Encryption key for the Ansible container from: "[a-f0-9]{32}" generate: expression - name: ANSIBLE_RABBITMQ_USER_NAME displayName: RabbitMQ Username required: true description: Username for the Ansible RabbitMQ Server value: ansible - name: ANSIBLE_RABBITMQ_PASSWORD displayName: RabbitMQ Server Password required: true description: Password for the Ansible RabbitMQ Server from: "[a-zA-Z0-9]{32}" generate: expression - name: APPLICATION_CPU_REQ displayName: Application Min CPU Requested required: true description: Minimum amount of CPU time the Application container will need (expressed in millicores). value: 1000m - name: MEMCACHED_CPU_REQ displayName: Memcached Min CPU Requested required: true description: Minimum amount of CPU time the Memcached container will need (expressed in millicores). value: 200m - name: ANSIBLE_CPU_REQ displayName: Ansible Min CPU Requested required: true description: Minimum amount of CPU time the Ansible container will need (expressed in millicores). value: 1000m - name: APPLICATION_MEM_REQ displayName: Application Min RAM Requested required: true description: Minimum amount of memory the Application container will need. value: 6144Mi - name: MEMCACHED_MEM_REQ displayName: Memcached Min RAM Requested required: true description: Minimum amount of memory the Memcached container will need. value: 64Mi - name: ANSIBLE_MEM_REQ displayName: Ansible Min RAM Requested required: true description: Minimum amount of memory the Ansible container will need. value: 2048Mi - name: APPLICATION_MEM_LIMIT displayName: Application Max RAM Limit required: true description: Maximum amount of memory the Application container can consume. value: 16384Mi - name: MEMCACHED_MEM_LIMIT displayName: Memcached Max RAM Limit required: true description: Maximum amount of memory the Memcached container can consume. value: 256Mi - name: ANSIBLE_MEM_LIMIT displayName: Ansible Max RAM Limit required: true description: Maximum amount of memory the Ansible container can consume. value: 8096Mi - name: MEMCACHED_IMG_NAME displayName: Memcached Image Name description: This is the Memcached image name requested to deploy. value: docker.io/manageiq/memcached - name: MEMCACHED_IMG_TAG displayName: Memcached Image Tag description: This is the Memcached image tag/version requested to deploy. value: latest - name: APPLICATION_IMG_NAME displayName: Application Image Name description: This is the Application image name requested to deploy. value: docker.io/manageiq/manageiq-pods - name: FRONTEND_APPLICATION_IMG_TAG displayName: Front end Application Image Tag description: This is the ManageIQ Frontend Application image tag/version requested to deploy. value: frontend-latest - name: BACKEND_APPLICATION_IMG_TAG displayName: Back end Application Image Tag description: This is the ManageIQ Backend Application image tag/version requested to deploy. value: backend-latest - name: ANSIBLE_IMG_NAME displayName: Ansible Image Name description: This is the Ansible image name requested to deploy. value: docker.io/manageiq/embedded-ansible - name: ANSIBLE_IMG_TAG displayName: Ansible Image Tag description: This is the Ansible image tag/version requested to deploy. value: latest - name: APPLICATION_DOMAIN displayName: Application Hostname description: The exposed hostname that will route to the application service, if left blank a value will be defaulted. value: '' - name: APPLICATION_REPLICA_COUNT displayName: Application Replica Count description: This is the number of Application replicas requested to deploy. value: '1' - name: APPLICATION_INIT_DELAY displayName: Application Init Delay required: true description: Delay in seconds before we attempt to initialize the application. value: '15' - name: APPLICATION_VOLUME_CAPACITY displayName: Application Volume Capacity required: true description: Volume space available for application data. value: 5Gi - name: HTTPD_SERVICE_NAME required: true displayName: Apache httpd Service Name description: The name of the OpenShift Service exposed for the httpd container. value: httpd - name: HTTPD_IMG_NAME displayName: Apache httpd Image Name description: This is the httpd image name requested to deploy. value: docker.io/manageiq/httpd - name: HTTPD_IMG_TAG displayName: Apache httpd Image Tag description: This is the httpd image tag/version requested to deploy. value: latest - name: HTTPD_CONFIG_DIR displayName: Apache httpd Configuration Directory description: Directory used to store the Apache configuration files. value: "/etc/httpd/conf.d" - name: HTTPD_AUTH_CONFIG_DIR displayName: External Authentication Configuration Directory description: Directory used to store the external authentication configuration files. value: "/etc/httpd/auth-conf.d" - name: HTTPD_CPU_REQ displayName: Apache httpd Min CPU Requested required: true description: Minimum amount of CPU time the httpd container will need (expressed in millicores). value: 500m - name: HTTPD_MEM_REQ displayName: Apache httpd Min RAM Requested required: true description: Minimum amount of memory the httpd container will need. value: 512Mi - name: HTTPD_MEM_LIMIT displayName: Apache httpd Max RAM Limit required: true description: Maximum amount of memory the httpd container can consume. value: 8192Mi