ansible/roles/ocp-workload-bxms-pam/defaults/main.yml
@@ -1,7 +1,13 @@ --- become_override: false ocp_username: jbride-redhat.com ocp_user: dtorresf-redhat.com ocp_user_needs_quota: True businesscentral_application_name: "{{ app_name }}-bc" kieserver_application_name: "{{ app_name }}-kieserver" pam_version_tag: 7.3.0.GA pam_secrets_template_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/{{pam_version_tag}}/example-app-secret-template.yaml ocp_user_groups: - OPENTLC-PROJECT-PROVISIONERS @@ -25,14 +31,39 @@ deploy_status_retries: 25 deploy_status_delay: 25 kie_admin_user: adminUser kie_admin_password: r3dh4t1! kie_admin_passwd: test1234! nexus_project_display_name: "Sonatype Nexus" nexus_volume_capacity: 10Gi nexus_memory_request: 2Gi nexus_memory_limit: 6Gi nexus_cpu_request: 1 nexus_cpu_limit: 2 nexus_version: "3.12.1" MAVEN_REPO_URL: http://nexus3.default.svc.cluster.local:8081/repository/maven-public/ nexus_admin_user: admin nexus_admin_password: admin123 #nexus_remote_proxy_repos: # - name: redhat-ga # url: https://maven.repository.redhat.com/ga/ # - name: redhat-ea # url: https://maven.repository.redhat.com/earlyaccess/all/ # - name: redhat-techpreview # url: https://maven.repository.redhat.com/techpreview/all/ # - name: jboss-ce # url: https://repository.jboss.org/nexus/content/groups/public/ nexus_proxy_repo_template: "/tmp/{{ guid }}/nexus-proxy-repo.json" loadtester_deployment_name: loadtester MAVEN_REPO_URL: "http://nexus.{{tools_project}}:8081/repository/maven-public/" POSTGRESQL_IMAGE_STREAM_TAG: 9.5 pam_tag: 7.0.2.GA app_name: rht app_name: advprocdev pam_imagestreams_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/{{pam_tag}}/rhpam70-image-streams.yaml pam_secrets_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/{{pam_tag}}/example-app-secret-template.yaml @@ -40,7 +71,60 @@ bcentral_app_secret: businesscentral-app-secret kserver_app_secret: kserver-app-secret kieserver_image: quay.io/rhtgptetraining/rhpam-ks-apd:1.2 businesscentral_image: quay.io/rhtgptetraining/rhpam-bc-apd:1.2 kieserver_image_namespace: openshift businesscentral_image_namespace: openshift loadtester_image: quay.io/rhtgptetraining/loadtester:latest bc_service_account: businesscentral-service-account ks_service_account: kieserver-service-account businesscentral_cpu_request: 1 businesscentral_cpu_limit: 2 businesscentral_memory_request: 1Gi businesscentral_memory_limit: 2Gi pam_template_yml: https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/{{pam_tag}}/templates/rhpam70-authoring.yaml pam_template_name: rhpam70-authoring products_data: https://raw.githubusercontent.com/gpe-mw-training/rhpam-order-fulfillment/master/src/main/resources/products.txt businesscentral_java_max_mem_ratio: 60 businesscentral_java_initial_mem_ratio: 0 businesscentral_gc_max_metaspace_size: 500 businesscentral_java_opts_append: "-Dorg.uberfire.nio.git.ssh.algorithm=RSA" kie_server_controller_prefer_kieserver_service: "false" kie_server_controller_template_cache_ttl: "60000" kie_workbench_controller_openshift_enabled: "false" businesscentral_pvc_name: "{{ businesscentral_application_name }}-claim" businesscentral_pvc_volume_capacity: "1Gi" kieserver_cpu_request: 200m kieserver_memory_request: 1Gi kieserver_cpu_limit: 2 kieserver_memory_limit: 3Gi kieserver_java_max_mem_ratio: 60 kieserver_java_initial_mem_ratio: 0 kieserver_gc_max_metaspace_size: 500 kieserver_controller_user: controllerUser kieserver_controller_password: controller1! kieserver_user: executionUser kieserver_password: execution1! kie_maven_user: adminUser kie_maven_password: admin1! kie_mbeans: enabled kieserver_id: kieserver-dev drools_server_filter_classes: true kieserver_bypass_auth_user: false kieserver_controller_protocol: ws kieserver_host: "{{ kieserver_application_name }}" kieserver_port: 8080 kieserver_protocol: http ansible/roles/ocp-workload-bxms-pam/files/nexus-proxy-repo.json
New file @@ -0,0 +1,26 @@ { "data": { "repoType": "proxy", "id": "{{ proxy_repo.name }}", "name": "{{ proxy_repo.name }}", "browseable": true, "indexable": true, "notFoundCacheTTL": 1440, "artifactMaxAge": -1, "metadataMaxAge": 1440, "itemMaxAge": 1440, "repoPolicy": "RELEASE", "provider": "maven2", "providerRole": "org.sonatype.nexus.proxy.repository.Repository", "downloadRemoteIndexes": false, "autoBlockActive": true, "fileTypeValidation": true, "exposed": true, "checksumPolicy": "WARN", "remoteStorage": { "remoteStorageUrl": "{{ proxy_repo.url }}", "authentication": null, "connectionSettings": null } } } ansible/roles/ocp-workload-bxms-pam/readme.adoc
@@ -8,17 +8,17 @@ ----- WORKLOAD="ocp-workload-bxms-pam" ocp_username="user1" ocp_user="user1" ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ -e"ocp_workload=${WORKLOAD}" \ -e"ACTION=create" \ -e"ocp_username=$ocp_username" -e"ocp_user=$ocp_user" ansible-playbook -i localhost, -c local ./configs/ocp-workloads/ocp-workload.yml \ -e"ocp_workload=${WORKLOAD}" \ -e"ACTION=remove" \ -e"ocp_username=$ocp_username" -e"ocp_user=$ocp_user" ----- ----- ansible/roles/ocp-workload-bxms-pam/tasks/configure_repository.yml
New file @@ -0,0 +1,62 @@ --- - name: define nexus_route set_fact: nexus_route: "nexus-{{tools_project}}.{{ ocp_domain }}" - name: check if nexus is configured with repo {{ proxy_repo.name }} uri: url: http://{{nexus_route}}/content/repositories/{{ proxy_repo.name }}/ status_code: 200,404 register: result ignore_errors: true changed_when: false - name: proxy repo template template: src: "{{ nexus_proxy_repo_template }}" dest: "/tmp/{{ guid }}/nexus-proxy-repo.json" changed_when: false - name: configure proxy repo {{ proxy_repo.name }} block: - name: configure proxy repo uri: url: http://{{nexus_route}}/service/local/repositories method: POST status_code: 201 body_format: json body: "{{ lookup('file', repo_template) }}" force_basic_auth: yes user: "{{ nexus_admin_user }}" password: "{{ nexus_admin_password }}" vars: repo_template: "/tmp/{{ guid }}/nexus-proxy-repo.json" - name: get public group uri: url: http://{{nexus_route}}/service/local/repo_groups/public method: GET status_code: 200 headers: Accept: application/json return_content: true force_basic_auth: yes user: "{{ nexus_admin_user }}" password: "{{ nexus_admin_password }}" register: public_group_response - name: add repo to public group shell: | echo {{ public_group_response.content|to_json }} > /tmp/{{ guid }}/group-{{ proxy_repo.name }}.json sed -i 's/\"repositories\":\[/\"repositories\":[{\"id\": \"{{ proxy_repo.name }}\"},/g' /tmp/{{ guid }}/group-{{ proxy_repo.name }}.json - name: put public group uri: url: http://{{nexus_route}}/service/local/repo_groups/public method: PUT status_code: 200 body_format: json body: "{{ lookup('file', group_template) }}" force_basic_auth: yes user: "{{ nexus_admin_user }}" password: "{{ nexus_admin_password }}" vars: group_template: "/tmp/{{ guid }}/group-{{ proxy_repo.name }}.json" when: result.status == 404 ansible/roles/ocp-workload-bxms-pam/tasks/post_workload.yml
@@ -1,5 +1,10 @@ --- - name: Delete the remote files used in this role file: path: /tmp/{{guid}} state: absent - name: post_workload Tasks Complete debug: msg: "Post-Software checks completed successfully" ansible/roles/ocp-workload-bxms-pam/tasks/pre_workload.yml
@@ -1,5 +1,38 @@ --- - name: Show path shell: "echo $PATH" - name: Create user Quota - clusterresourcequota shell: | oc create clusterquota clusterquota-"{{ocp_user}}-{{guid}}" \ --project-annotation-selector=openshift.io/requester="{{ocp_user}}" \ --hard requests.cpu="{{quota_requests_cpu}}" \ --hard limits.cpu="{{quota_limits_cpu}}" \ --hard requests.memory="{{quota_requests_memory}}" \ --hard limits.memory="{{quota_limits_memory}}" \ --hard configmaps="{{quota_configmaps}}" \ --hard pods="{{quota_pods}}" \ --hard persistentvolumeclaims="{{quota_persistentvolumeclaims}}" \ --hard services="{{quota_services}}" \ --hard secrets="{{quota_secrets}}" \ --hard requests.storage="{{quota_requests_storage}}" ignore_errors: true - name: Create working directory used in this role file: path: /tmp/{{guid}} state: directory - name: Copy the files used in this role synchronize: src: "files/" dest: "/tmp/{{guid}}/" rsync_opts: - "--no-motd" - "--exclude=.git,*.qcow2" - name: pre_workload Tasks Complete debug: msg: "Pre-Software checks completed successfully" ansible/roles/ocp-workload-bxms-pam/tasks/remove_workload.yml
@@ -3,12 +3,27 @@ debug: msg: "Pre-Software checks completed successfully - Removed" - name: define ocp_project - name: define ocp_projects set_fact: ocp_project: "rhpam-dev-{{ ocp_username }}" dev_project: "rhpam-{{ guid }}-dev" tools_project: "rhpam-{{ guid }}-tools" - name: Remove any lingering tmp files shell: "rm -rf /tmp/{{ ocp_username }}" - name: Remove user dev Project shell: "oc delete project {{dev_project}}" ignore_errors: true - name: Remove user dev Project shell: "oc delete project {{tools_project}}" ignore_errors: true - name: Remove user Quota - oc delete clusterresourcequota "clusterquota-{{ocp_user}}-{{guid}}" shell: oc delete clusterresourcequota clusterquota-{{ocp_user}}-{{guid}} ignore_errors: true - name: Delete the remote files used in this role file: path: /tmp/{{guid}} state: absent - name: post_workload Tasks Complete debug: ansible/roles/ocp-workload-bxms-pam/tasks/workload.yml
@@ -1,29 +1,223 @@ --- - name: define ocp_project - name: define ocp_projects set_fact: ocp_project: "rhpam-dev-{{ ocp_username }}" - name: "Create project for workload {{ocp_project}}" shell: "oc new-project {{ocp_project}}" dev_project: "rhpam-{{ guid }}-dev" tools_project: "rhpam-{{ guid }}-tools" - name: Prep local filesystem for temp files file: path: "/tmp/{{ ocp_username }}" state: directory - name: "Create projects {{dev_project}}" block: - command: "oc new-project {{dev_project}}" - command: "oc new-project {{tools_project}}" - name: "Label namespaces" block: - command: "oc label namespace {{dev_project}} AAD='{{guid}}'" - command: "oc label namespace {{tools_project}} AAD='{{guid}}'" # Modify kieserver to include required data products information - name: Download products data file get_url: url: '{{products_data}}' dest: /tmp/{{ ocp_username }}/products.txt - name: add custom pam image streams block: - command: "oc import-image {{kieserver_image}} -n {{ kieserver_image_namespace }} --confirm" - command: "oc import-image {{businesscentral_image}} -n {{ businesscentral_image_namespace }} --confirm" - name: Create products configmap shell: oc create configmap products-cm --from-file=/tmp/{{ ocp_username }}/products.txt -n {{ocp_project}} # Deploy Nexus - name: Check if Nexus was already provisioned command: "oc get service nexus -n {{ tools_project}}" register: nexus_already_installed ignore_errors: true changed_when: false - name: Modify kieserver to include products in a volume shell: oc set volume dc/rhpam-kieserver -n {{ocp_project}} \ --overwrite --add -t configmap -m /data --name=products-volume --configmap-name=products-cm - name: Prepare nexus template template: src: "templates/nexus3-persistent-template.yaml" dest: "/tmp/{{guid}}/nexus-template.yaml" changed_when: false when: nexus_already_installed is failed ### We should add a check if a pv is already created (nexus requests a 10Gi pv) - name: Instantiate Nexus from template command: >- oc new-app -f /tmp/{{ guid }}/nexus-template.yaml --param=VOLUME_CAPACITY={{ nexus_volume_capacity }} --param=MEMORY_LIMIT={{ nexus_memory_limit }} --param=MEMORY_REQUEST={{ nexus_memory_request }} --param=CPU_LIMIT={{ nexus_cpu_limit }} --param=CPU_REQUEST={{ nexus_cpu_request}} --param=NEXUS_VERSION={{ nexus_version }} -n {{ tools_project }} when: nexus_already_installed is failed - name: get domain url shell: echo $(oc get route nexus -o jsonpath='{.spec.host}' -n {{ tools_project }} | sed "s/nexus-{{ tools_project }}.//g") register: ocp_domain_host - name: set ocp_domain fact set_fact: ocp_domain: "{{ ocp_domain_host.stdout }}" - name: Wait for Nexus to be deployed command: "oc get dc/nexus -o yaml -n {{ tools_project }}" register: result until: '"availableReplicas: 1" in result.stdout' retries: 5 delay: 60 changed_when: false when: - nexus_already_installed is failed - name: Wait for Nexus to be running (HTTP test) uri: url: "http://nexus-{{tools_project}}.{{ ocp_domain }}" register: _result until: _result.status == 200 retries: 10 delay: 60 changed_when: false when: - nexus_already_installed is failed # TODO: Use Groovy scripts to create repositories in Nexus 3 # https://help.sonatype.com/repomanager3/rest-and-integration-api/script-api # https://gist.github.com/nblair/7ff67e67e7ba2114881af7105259e1a3 #- name: configure remote repos # include_tasks: configure_repository.yml # with_items: # - "{{ nexus_remote_proxy_repos }}" # loop_control: # loop_var: proxy_repo # TODO: Configure hosted repository # Deploy load tester - name: Check if Load Tester was already provisioned command: "oc get service loadtester -n {{ tools_project}}" register: loadtester_already_installed ignore_errors: true changed_when: false - name: Prepare loadtester template template: src: "templates/loadtester-template.yaml" dest: "/tmp/{{guid}}/loadtester-template.yaml" changed_when: false when: loadtester_already_installed is failed - name: Instantiate loadtester from template command: >- oc new-app -f /tmp/{{ guid }}/loadtester-template.yaml -n {{ tools_project }} when: loadtester_already_installed is failed - name: Import PAM Authoring template shell: "oc create -f {{pam_template_yml}} -n {{dev_project}}" - name: Create Secrets Business Central shell: oc process -f {{pam_secrets_template_yml}} -p SECRET_NAME=businesscentral-app-secret | oc create -f - -n {{dev_project}} - name: Create Secrets KIE-server shell: oc process -f {{pam_secrets_template_yml}} -p SECRET_NAME=kieserver-app-secret | oc create -f - -n {{dev_project}} - name: Create Service Account Business Central shell: oc create serviceaccount {{bc_service_account}} -n {{dev_project}} - name: Create Service Account KIE Server shell: oc create serviceaccount {{ks_service_account}} -n {{dev_project}} - name: Link secrets and service account Business Central shell: oc secrets link --for=mount {{bc_service_account}} businesscentral-app-secret -n {{dev_project}} - name: Link secrets and service account KIE-server shell: oc secrets link --for=mount {{ks_service_account}} kieserver-app-secret -n {{dev_project}} # Deploy Business Central - name: Check if Business Central was already provisioned command: "oc get service {{ businesscentral_application_name }} -n {{ dev_project}}" register: bc_already_installed ignore_errors: true changed_when: false - name: define nexus service vars set_fact: nexus_host: "nexus.{{ tools_project }}.svc" nexus_port: 8081 nexus_path: content/groups/public/ - name: Prepare Business Central template template: src: "templates/rhpam-dev-businesscentral.yaml" dest: "/tmp/{{guid}}/rhpam-dev-businesscentral.yaml" changed_when: false when: bc_already_installed is failed - name: Instantiate Business Central from template command: >- oc new-app -f /tmp/{{ guid }}/rhpam-dev-businesscentral.yaml -n {{ dev_project }} when: bc_already_installed is failed - name: Wait for Business Central to be deployed command: "oc get dc/{{businesscentral_application_name}} -o yaml -n {{ dev_project }}" register: result until: '"availableReplicas: 1" in result.stdout' retries: 5 delay: 60 changed_when: false when: - bc_already_installed is failed - name: Wait for Business Central to be running (HTTP test) uri: url: "https://{{businesscentral_application_name}}-{{dev_project}}.{{ ocp_domain }}" register: _result until: _result.status == 200 retries: 10 delay: 60 changed_when: false when: - bc_already_installed is failed # Deploy Kie-server - name: Check if Kie Server was already provisioned command: "oc get service {{ kieserver_application_name }} -n {{ dev_project}}" register: ks_already_installed ignore_errors: true changed_when: false - name: Prepare Kie Server template template: src: "templates/rhpam-dev-kieserver.yaml" dest: "/tmp/{{guid}}/rhpam-dev-kieserver.yaml" changed_when: false when: ks_already_installed is failed - name: Instantiate Kie Server from template command: >- oc new-app -f /tmp/{{ guid }}/rhpam-dev-kieserver.yaml -n {{ dev_project }} when: ks_already_installed is failed - name: Wait for Kie Server to be deployed command: "oc get dc/{{kieserver_application_name}} -o yaml -n {{ dev_project }}" register: result until: '"availableReplicas: 1" in result.stdout' retries: 5 delay: 60 changed_when: false when: - ks_already_installed is failed - name: Wait for Kie Server to be running (HTTP test) uri: url: "https://{{kieserver_application_name}}-{{dev_project}}.{{ ocp_domain }}/docs" register: _result until: _result.status == 200 retries: 10 delay: 60 changed_when: false when: - ks_already_installed is failed # TODO: Patch kie-server with smtp sidecar - name: workload Tasks Complete debug: ansible/roles/ocp-workload-bxms-pam/templates/loadtester-template.yaml
New file @@ -0,0 +1,44 @@ --- apiVersion: v1 kind: Template labels: template: loadtester group: xpaas metadata: name: loadtester objects: - kind: Service apiVersion: v1 spec: ports: - name: http port: 8080 targetPort: 8080 selector: deploymentConfig: "{{ loadtester_deployment_name }}" metadata: name: "{{ loadtester_deployment_name }}" labels: app: "{{ app_name }}" service: "{{ loadtester_deployment_name }}" - apiVersion: apps/v1 kind: Deployment metadata: labels: app: "{{ app_name }}" name: "{{ loadtester_deployment_name }}" spec: replicas: 1 selector: matchLabels: app: "{{ app_name }}" name: "{{ loadtester_deployment_name }}" template: metadata: labels: app: "{{ app_name }}" name: "{{ loadtester_deployment_name }}" spec: containers: - image: "{{ loadtester_image }}" name: "{{ loadtester_deployment_name }}" ansible/roles/ocp-workload-bxms-pam/templates/nexus3-persistent-template.yaml
New file @@ -0,0 +1,184 @@ --- apiVersion: v1 kind: Template labels: template: nexus3-persistent-template metadata: name: nexus3-persistent annotations: description: Sonatype Nexus 3 persistent template tags: ci,nexus objects: - apiVersion: v1 kind: ImageStream metadata: labels: app: ${SERVICE_NAME} name: ${SERVICE_NAME} spec: tags: - from: kind: DockerImage name: docker.io/sonatype/nexus3:${NEXUS_VERSION} name: ${NEXUS_VERSION} - apiVersion: v1 kind: DeploymentConfig metadata: labels: app: ${SERVICE_NAME} name: ${SERVICE_NAME} spec: replicas: 1 selector: deploymentconfig: ${SERVICE_NAME} strategy: recreateParams: post: failurePolicy: Abort execNewPod: containerName: ${SERVICE_NAME} command: - "/bin/bash" - "-c" - "curl -o /tmp/nexus-functions -s https://raw.githubusercontent.com/OpenShiftDemos/nexus/master/scripts/nexus-functions; source /tmp/nexus-functions; add_nexus3_redhat_repos {{nexus_admin_user}} {{nexus_admin_password}} http://${SERVICE_NAME}:8081" type: Recreate template: metadata: labels: deploymentconfig: ${SERVICE_NAME} spec: containers: - env: - name: CONTEXT_PATH value: / image: ' ' imagePullPolicy: IfNotPresent livenessProbe: exec: command: - echo - ok failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: ${SERVICE_NAME} ports: - containerPort: 8081 protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: / port: 8081 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: memory: ${MEMORY_LIMIT} cpu: ${CPU_LIMIT} requests: memory: ${MEMORY_REQUEST} cpu: ${CPU_REQUEST} terminationMessagePath: /dev/termination-log volumeMounts: - mountPath: /nexus-data name: ${SERVICE_NAME}-data dnsPolicy: ClusterFirst restartPolicy: Always securityContext: {} terminationGracePeriodSeconds: 30 volumes: - name: ${SERVICE_NAME}-data persistentVolumeClaim: claimName: ${SERVICE_NAME}-pv test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - ${SERVICE_NAME} from: kind: ImageStreamTag name: ${SERVICE_NAME}:${NEXUS_VERSION} type: ImageChange - apiVersion: v1 kind: Service metadata: labels: app: ${SERVICE_NAME} name: ${SERVICE_NAME} spec: ports: - name: 8081-tcp port: 8081 protocol: TCP targetPort: 8081 selector: deploymentconfig: ${SERVICE_NAME} sessionAffinity: None type: ClusterIP - apiVersion: v1 kind: Route metadata: labels: app: ${SERVICE_NAME} name: ${SERVICE_NAME} spec: port: targetPort: 8081-tcp to: kind: Service name: ${SERVICE_NAME} weight: 100 - apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: app: ${SERVICE_NAME} name: ${SERVICE_NAME}-pv spec: accessModes: - ReadWriteOnce resources: requests: storage: ${VOLUME_CAPACITY} parameters: - displayName: Sonatype Nexus service name name: SERVICE_NAME required: true value: nexus - displayName: Sonatype Nexus version name: NEXUS_VERSION required: true value: 3.12.1 - description: Volume space available for Sonatype Nexus e.g. 512Mi, 2Gi displayName: Volume Space for Nexus name: VOLUME_CAPACITY required: true value: 2Gi - description: Memory Limit allocated to the Nexus pod displayName: Memory Limit name: MEMORY_LIMIT required: true value: 3Gi - description: Memory Request allocated to the Nexus pod displayName: Memory Request name: MEMORY_REQUEST required: true value: 1Gi - description: CPU Limit allocated to the Nexus pod displayName: CPU Limit name: CPU_LIMIT required: true value: "2" - description: CPU Request allocated to the Nexus pod displayName: CPU Request name: CPU_REQUEST required: true value: "1" ansible/roles/ocp-workload-bxms-pam/templates/rhpam-dev-businesscentral.yaml
New file @@ -0,0 +1,188 @@ --- apiVersion: v1 kind: Template labels: template: rhpam-businesscental-with-users group: xpaas metadata: name: rhpam-businesscentral-with-users objects: - kind: Service apiVersion: v1 spec: ports: - name: http port: 8080 targetPort: 8080 - name: https port: 8443 targetPort: 8443 - name: git-ssh port: 8001 targetPort: 8001 selector: deploymentConfig: "{{ businesscentral_application_name }}" metadata: name: "{{ businesscentral_application_name }}" labels: app: "{{ app_name }}" service: "{{ businesscentral_application_name }}" - kind: Route apiVersion: v1 id: "{{ businesscentral_application_name }}-https" metadata: name: "{{ businesscentral_application_name }}" labels: app: "{{ app_name }}" service: "{{ businesscentral_application_name }}" annotations: haproxy.router.openshift.io/timeout: 60s spec: to: name: "{{ businesscentral_application_name }}" port: targetPort: http tls: termination: edge - kind: DeploymentConfig apiVersion: v1 metadata: name: "{{ businesscentral_application_name }}" labels: app: "{{ app_name }}" service: "{{ businesscentral_application_name }}" spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "{{ businesscentral_application_name }}" from: kind: ImageStreamTag namespace: openshift name: rhpam-bc-apd:1.2 - type: ConfigChange replicas: 1 selector: deploymentConfig: "{{ businesscentral_application_name }}" template: metadata: name: "{{ businesscentral_application_name }}" labels: deploymentConfig: "{{ businesscentral_application_name }}" app: "{{ app_name }}" service: "{{ businesscentral_application_name }}" spec: serviceAccountName: "{{ bc_service_account }}" terminationGracePeriodSeconds: 60 containers: - name: "{{ businesscentral_application_name }}" image: rhpam-bc-apd:1.2 imagePullPolicy: IfNotPresent resources: requests: cpu: "{{ businesscentral_cpu_request }}" memory: "{{ businesscentral_memory_request }}" limits: cpu: "{{ businesscentral_cpu_limit }}" memory: "{{ businesscentral_memory_limit }}" volumeMounts: - name: "{{ businesscentral_application_name }}-pvol" mountPath: "/opt/eap/standalone/data/kie" livenessProbe: exec: command: - "/bin/bash" - "-c" - "curl --fail --silent -u '{{ kie_admin_user }}:{{ kie_admin_password }}' http://localhost:8080/kie-wb.jsp" initialDelaySeconds: 180 timeoutSeconds: 2 periodSeconds: 15 readinessProbe: exec: command: - "/bin/bash" - "-c" - "curl --fail --silent -u '{{ kie_admin_user }}:{{ kie_admin_password }}' http://localhost:8080/kie-wb.jsp" initialDelaySeconds: 60 timeoutSeconds: 2 periodSeconds: 30 failureThreshold: 6 ports: - name: jolokia containerPort: 8778 protocol: TCP - name: http containerPort: 8080 protocol: TCP - name: https containerPort: 8443 protocol: TCP - name: git-ssh containerPort: 8001 protocol: TCP env: - name: JAVA_MAX_MEM_RATIO value: "{{ businesscentral_java_max_mem_ratio }}" - name: JAVA_INITIAL_MEM_RATIO value: "{{ businesscentral_java_initial_mem_ratio }}" - name: GC_MAX_METASPACE_SIZE value: "{{ businesscentral_gc_max_metaspace_size }}" - name: KIE_ADMIN_USER value: "{{ kie_admin_user }}" - name: KIE_ADMIN_PWD value: "{{ kie_admin_password }}" - name: KIE_MBEANS value: "{{ kie_mbeans }}" - name: KIE_SERVER_CONTROLLER_OPENSHIFT_PREFER_KIESERVER_SERVICE value: "{{ kie_server_controller_prefer_kieserver_service }}" - name: KIE_SERVER_CONTROLLER_TEMPLATE_CACHE_TTL value: "{{ kie_server_controller_template_cache_ttl }}" - name: KIE_WORKBENCH_CONTROLLER_OPENSHIFT_ENABLED value: "{{ kie_workbench_controller_openshift_enabled }}" - name: KIE_SERVER_CONTROLLER_USER value: "{{ kieserver_controller_user }}" - name: KIE_SERVER_CONTROLLER_PWD value: "{{ kieserver_controller_password }}" - name: KIE_SERVER_USER value: "{{ kieserver_user }}" - name: KIE_SERVER_PWD value: "{{ kieserver_password }}" - name: KIE_MAVEN_USER value: "{{ kie_maven_user }}" - name: KIE_MAVEN_PWD value: "{{ kie_maven_password }}" - name: ADMIN_USERNAME value: "eapadmin" - name: ADMIN_PASSWORD value: "eapadmin1!" - name: MAVEN_REPOS value: "EXTERNAL" - name: EXTERNAL_MAVEN_REPO_HOST value: "{{ nexus_host }}" - name: EXTERNAL_MAVEN_REPO_PORT value: "{{ nexus_port }}" - name: EXTERNAL_MAVEN_REPO_PATH value: "{{ nexus_path }}" - name: JAVA_OPTS_APPEND value: "{{ businesscentral_java_opts_append }}" volumes: - name: "{{ businesscentral_application_name }}-pvol" persistentVolumeClaim: claimName: "{{ businesscentral_pvc_name }}" - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: "{{ businesscentral_pvc_name }}" labels: application: "{{ app_name }}" service: "{{ businesscentral_application_name }}" spec: accessModes: - ReadWriteOnce resources: requests: storage: "{{ businesscentral_pvc_volume_capacity }}" ansible/roles/ocp-workload-bxms-pam/templates/rhpam-dev-kieserver.yaml
New file @@ -0,0 +1,174 @@ --- apiVersion: v1 kind: Template labels: template: rhpam-dev-kieserver-with-users group: xpaas metadata: name: rhpam-dev-kieserver-with-users objects: - kind: Service apiVersion: v1 spec: ports: - name: http port: 8080 targetPort: 8080 - name: https port: 8443 targetPort: 8443 selector: deploymentConfig: "{{ kieserver_application_name }}" metadata: name: "{{ kieserver_application_name }}" labels: app: "{{ app_name }}" service: "{{ kieserver_application_name }}" - kind: Route apiVersion: v1 id: "{{ kieserver_application_name }}-https" metadata: name: "{{ kieserver_application_name }}" labels: app: "{{ app_name }}" service: "{{ kieserver_application_name }}" spec: to: name: "{{ kieserver_application_name }}" port: targetPort: http tls: termination: edge - kind: DeploymentConfig apiVersion: v1 metadata: name: "{{ kieserver_application_name }}" labels: app: "{{ app_name }}" service: "{{ kieserver_application_name }}" spec: strategy: type: Recreate triggers: - type: ImageChange imageChangeParams: automatic: true containerNames: - "{{ kieserver_application_name }}" from: kind: ImageStreamTag namespace: "{{ kieserver_image_namespace }}" name: rhpam-ks-apd:1.2 - type: ConfigChange replicas: 1 selector: deploymentConfig: "{{ kieserver_application_name }}" template: metadata: name: "{{ kieserver_application_name }}" labels: deploymentConfig: "{{ kieserver_application_name }}" app: "{{ app_name }}" service: "{{ kieserver_application_name }}" spec: serviceAccountName: "{{ ks_service_account }}" terminationGracePeriodSeconds: 60 containers: - name: "{{ kieserver_application_name }}" image: rhpam-ks-apd:1.2 imagePullPolicy: IfNotPresent resources: requests: cpu: "{{ kieserver_cpu_request }}" memory: "{{ kieserver_memory_request }}" limits: cpu: "{{ kieserver_cpu_limit }}" memory: "{{ kieserver_memory_limit }}" livenessProbe: exec: command: - "/bin/bash" - "-c" - "curl --fail --silent -u '{{ kie_admin_user }}:{{ kie_admin_password }}' http://localhost:8080/services/rest/server/healthcheck" initialDelaySeconds: 180 timeoutSeconds: 2 periodSeconds: 15 failureThreshold: 3 readinessProbe: exec: command: - "/bin/bash" - "-c" - "curl --fail --silent -u '{{ kie_admin_user }}:{{ kie_admin_password }}' http://localhost:8080/services/rest/server/readycheck" initialDelaySeconds: 30 timeoutSeconds: 2 periodSeconds: 30 failureThreshold: 6 ports: - name: jolokia containerPort: 8778 protocol: TCP - name: http containerPort: 8080 protocol: TCP - name: https containerPort: 8443 protocol: TCP env: - name: JAVA_MAX_MEM_RATIO value: "{{ kieserver_java_max_mem_ratio }}" - name: JAVA_INITIAL_MEM_RATIO value: "{{ kieserver_java_initial_mem_ratio }}" - name: GC_MAX_METASPACE_SIZE value: "{{ kieserver_gc_max_metaspace_size }}" - name: DROOLS_SERVER_FILTER_CLASSES value: "{{ drools_server_filter_classes }}" - name: KIE_ADMIN_USER value: "{{ kie_admin_user }}" - name: KIE_ADMIN_PWD value: "{{ kie_admin_password }}" - name: KIE_MBEANS value: "{{ kie_mbeans }}" - name: KIE_SERVER_BYPASS_AUTH_USER value: "{{ kieserver_bypass_auth_user }}" - name: KIE_SERVER_CONTROLLER_USER value: "{{ kieserver_controller_user }}" - name: KIE_SERVER_CONTROLLER_PWD value: "{{ kieserver_controller_password }}" - name: KIE_SERVER_CONTROLLER_SERVICE value: "{{ businesscentral_application_name }}" - name: KIE_SERVER_CONTROLLER_PROTOCOL value: "{{ kieserver_controller_protocol }}" - name: KIE_SERVER_ID value: "{{ kieserver_id }}" - name: KIE_SERVER_HOST value: "{{ kieserver_host }}" - name: KIE_SERVER_PORT value: "{{ kieserver_port }}" - name: KIE_SERVER_PROTOCOL value: "{{ kieserver_protocol }}" - name: KIE_SERVER_USER value: "{{ kieserver_user }}" - name: KIE_SERVER_PWD value: "{{ kieserver_password }}" - name: MAVEN_REPOS value: "RHPAMCENTR,EXTERNAL" - name: RHPAMCENTR_MAVEN_REPO_SERVICE value: "{{ businesscentral_application_name }}" - name: RHPAMCENTR_MAVEN_REPO_PATH value: "/maven2/" - name: RHPAMCENTR_MAVEN_REPO_USERNAME value: "{{ kie_maven_user }}" - name: RHPAMCENTR_MAVEN_REPO_PASSWORD value: "{{ kie_maven_password }}" - name: EXTERNAL_MAVEN_REPO_HOST value: "{{ nexus_host }}" - name: EXTERNAL_MAVEN_REPO_PORT value: "{{ nexus_port }}" - name: EXTERNAL_MAVEN_REPO_PATH value: "{{ nexus_path }}" # Default for org.kie-mail.session = java:/jbpmMailSession # Will switch back to Default since current approach is to add a postfix based smtp relay as a sidecar listening on localhost:25 - name: JAVA_OPTS_APPEND value: " -Dorg.kie.mail.session=java:jboss/mail/Default"