ansible/roles/ocp4-workload-ccnrd/defaults/main.yml
@@ -3,10 +3,13 @@ ocp_username: opentlc-mgr silent: False num_users: 100 module_type: m4 num_users: 15 module_type: m1 gogs_pwd: 'r3dh4t1!' workshop_openshift_user_name: userXX workshop_openshift_user_password: 'r3dh4t1!' workshop_che_user_name: userXX workshop_che_user_password: 'r3dh4t1!' workshop_che_user_password: 'r3dh4t1!' workshop_rhamt_user_password: 'r3dh4t1!' ansible/roles/ocp4-workload-ccnrd/files/amqstreams_subscription.yaml
New file @@ -0,0 +1,13 @@ --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: amq-streams namespace: openshift-operators spec: channel: stable installPlanApproval: Automatic name: amq-streams source: redhat-operators sourceNamespace: openshift-marketplace startingCSV: amqstreams.v1.3.0 ansible/roles/ocp4-workload-ccnrd/files/ccn-sso72-template.yaml
New file @@ -0,0 +1,411 @@ apiVersion: template.openshift.io/v1 kind: Template labels: rh-sso: 7.2-v1.2.0 template: sso72-x509-postgresql-persistent message: A new persistent RH-SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is ${SSO_ADMIN_USERNAME}/${SSO_ADMIN_PASSWORD}. The username/password for accessing the PostgreSQL database "${DB_DATABASE}" is ${DB_USERNAME}/${DB_PASSWORD}. The HTTPS keystore used for serving secure content, the JGroups keystore used for securing JGroups communications, and server truststore used for securing RH-SSO requests were automatically created via OpenShift's service serving x509 certificate secrets. metadata: annotations: description: An example RH-SSO 7 application with a PostgreSQL database. For more information about using this template, see https://github.com/jboss-openshift/application-templates. iconClass: icon-sso openshift.io/display-name: Red Hat Single Sign-On 7.2 + PostgreSQL openshift.io/provider-display-name: Red Hat, Inc. tags: sso,keycloak,jboss template.openshift.io/documentation-url: https://access.redhat.com/documentation/en/red-hat-single-sign-on/ template.openshift.io/long-description: This template defines resources needed to develop Red Hat Single Sign-On 7.2 server based deployment, deployment configuration for PostgreSQL and securing RH-SSO communication using re-encrypt TLS. template.openshift.io/support-url: https://access.redhat.com version: rh-sso-7.2-v1.2.0 creationTimestamp: "2020-02-08T04:25:46Z" name: ccn-sso72 namespace: openshift resourceVersion: "42547" selfLink: /apis/template.openshift.io/v1/namespaces/openshift/templates/ccn-sso72 uid: ccdadd22-0e96-4e40-af28-727495c37d3e objects: - apiVersion: v1 kind: Service metadata: annotations: description: The web server's http port. labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: ports: - port: 8080 targetPort: 8080 selector: deploymentConfig: ${APPLICATION_NAME} - apiVersion: v1 kind: Service metadata: annotations: description: The web server's https port. service.alpha.openshift.io/dependencies: '[{"name": "${APPLICATION_NAME}-postgresql", "kind": "Service"}]' service.alpha.openshift.io/serving-cert-secret-name: sso-x509-https-secret labels: application: ${APPLICATION_NAME} name: secure-${APPLICATION_NAME} spec: ports: - port: 8443 targetPort: 8443 selector: deploymentConfig: ${APPLICATION_NAME} - apiVersion: v1 kind: Service metadata: annotations: description: The database server's port. labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME}-postgresql spec: ports: - port: 5432 targetPort: 5432 selector: deploymentConfig: ${APPLICATION_NAME}-postgresql - apiVersion: v1 kind: Service metadata: annotations: description: The JGroups ping port for clustering. service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME}-ping spec: clusterIP: None ports: - name: ping port: 8888 selector: deploymentConfig: ${APPLICATION_NAME} - apiVersion: v1 id: ${APPLICATION_NAME}-http kind: Route metadata: annotations: description: Route for application's http service. labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: host: ${HOSTNAME_HTTP} to: name: ${APPLICATION_NAME} - apiVersion: v1 id: ${APPLICATION_NAME}-https kind: Route metadata: annotations: description: Route for application's https service. labels: application: ${APPLICATION_NAME} name: secure-${APPLICATION_NAME} spec: host: ${HOSTNAME_HTTPS} tls: termination: reencrypt to: name: secure-${APPLICATION_NAME} - apiVersion: v1 kind: DeploymentConfig metadata: labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: replicas: 1 selector: deploymentConfig: ${APPLICATION_NAME} strategy: type: Recreate template: metadata: labels: application: ${APPLICATION_NAME} deploymentConfig: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: containers: - env: - name: DB_SERVICE_PREFIX_MAPPING value: ${APPLICATION_NAME}-postgresql=DB - name: DB_JNDI value: ${DB_JNDI} - name: DB_USERNAME value: ${DB_USERNAME} - name: DB_PASSWORD value: ${DB_PASSWORD} - name: DB_DATABASE value: ${DB_DATABASE} - name: TX_DATABASE_PREFIX_MAPPING value: ${APPLICATION_NAME}-postgresql=DB - name: DB_MIN_POOL_SIZE value: ${DB_MIN_POOL_SIZE} - name: DB_MAX_POOL_SIZE value: ${DB_MAX_POOL_SIZE} - name: DB_TX_ISOLATION value: ${DB_TX_ISOLATION} - name: JGROUPS_PING_PROTOCOL value: openshift.DNS_PING - name: OPENSHIFT_DNS_PING_SERVICE_NAME value: ${APPLICATION_NAME}-ping - name: OPENSHIFT_DNS_PING_SERVICE_PORT value: "8888" - name: X509_CA_BUNDLE value: /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt - name: JGROUPS_CLUSTER_PASSWORD value: ${JGROUPS_CLUSTER_PASSWORD} - name: JGROUPS_ENCRYPT_PROTOCOL value: ASYM_ENCRYPT - name: SSO_ADMIN_USERNAME value: ${SSO_ADMIN_USERNAME} - name: SSO_ADMIN_PASSWORD value: ${SSO_ADMIN_PASSWORD} - name: SSO_REALM value: ${SSO_REALM} - name: SSO_SERVICE_USERNAME value: ${SSO_SERVICE_USERNAME} - name: SSO_SERVICE_PASSWORD value: ${SSO_SERVICE_PASSWORD} image: ${APPLICATION_NAME} imagePullPolicy: Always livenessProbe: exec: command: - /bin/bash - -c - /opt/eap/bin/livenessProbe.sh initialDelaySeconds: 60 name: ${APPLICATION_NAME} ports: - containerPort: 8778 name: jolokia protocol: TCP - containerPort: 8080 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP - containerPort: 8888 name: ping protocol: TCP readinessProbe: exec: command: - /bin/bash - -c - /opt/eap/bin/readinessProbe.sh resources: limits: memory: ${MEMORY_LIMIT} volumeMounts: - mountPath: /etc/x509/https name: sso-x509-https-volume readOnly: true terminationGracePeriodSeconds: 75 volumes: - name: sso-x509-https-volume secret: secretName: sso-x509-https-secret triggers: - imageChangeParams: automatic: true containerNames: - ${APPLICATION_NAME} from: kind: ImageStreamTag name: redhat-sso72-openshift:1.2 namespace: ${IMAGE_STREAM_NAMESPACE} type: ImageChange - type: ConfigChange - apiVersion: v1 kind: DeploymentConfig metadata: labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME}-postgresql spec: replicas: 1 selector: deploymentConfig: ${APPLICATION_NAME}-postgresql strategy: type: Recreate template: metadata: labels: application: ${APPLICATION_NAME} deploymentConfig: ${APPLICATION_NAME}-postgresql name: ${APPLICATION_NAME}-postgresql spec: containers: - env: - name: POSTGRESQL_USER value: ${DB_USERNAME} - name: POSTGRESQL_PASSWORD value: ${DB_PASSWORD} - name: POSTGRESQL_DATABASE value: ${DB_DATABASE} - name: POSTGRESQL_MAX_CONNECTIONS value: ${POSTGRESQL_MAX_CONNECTIONS} - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS value: ${POSTGRESQL_MAX_CONNECTIONS} - name: POSTGRESQL_SHARED_BUFFERS value: ${POSTGRESQL_SHARED_BUFFERS} image: postgresql:10 imagePullPolicy: Always livenessProbe: initialDelaySeconds: 30 tcpSocket: port: 5432 timeoutSeconds: 1 name: ${APPLICATION_NAME}-postgresql ports: - containerPort: 5432 protocol: TCP readinessProbe: exec: command: - /bin/sh - -i - -c - psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1' initialDelaySeconds: 5 timeoutSeconds: 1 volumeMounts: - mountPath: /var/lib/pgsql/data name: ${APPLICATION_NAME}-postgresql-1 terminationGracePeriodSeconds: 60 volumes: - 'emptyDir:': {} name: ${APPLICATION_NAME}-postgresql-1 triggers: - imageChangeParams: automatic: true containerNames: - ${APPLICATION_NAME}-postgresql from: kind: ImageStreamTag name: postgresql:${POSTGRESQL_IMAGE_STREAM_TAG} namespace: ${IMAGE_STREAM_NAMESPACE} type: ImageChange - type: ConfigChange parameters: - description: The name for the application. displayName: Application Name name: APPLICATION_NAME required: true value: sso - description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>' displayName: Custom http Route Hostname name: HOSTNAME_HTTP - description: 'Custom hostname for https service route. Leave blank for default hostname, e.g.: <application-name>.<project>.<default-domain-suffix>' displayName: Custom https Route Hostname name: HOSTNAME_HTTPS - description: The password for the JGroups cluster. displayName: JGroups Cluster Password from: '[a-zA-Z0-9]{32}' generate: expression name: JGROUPS_CLUSTER_PASSWORD required: true - description: Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql displayName: Database JNDI Name name: DB_JNDI value: java:jboss/datasources/KeycloakDS - description: Database name displayName: Database Name name: DB_DATABASE required: true value: root - description: Sets xa-pool/min-pool-size for the configured datasource. displayName: Datasource Minimum Pool Size name: DB_MIN_POOL_SIZE - description: Sets xa-pool/max-pool-size for the configured datasource. displayName: Datasource Maximum Pool Size name: DB_MAX_POOL_SIZE - description: Sets transaction-isolation for the configured datasource. displayName: Datasource Transaction Isolation name: DB_TX_ISOLATION - description: The maximum number of client connections allowed. This also sets the maximum number of prepared transactions. displayName: PostgreSQL Maximum number of connections name: POSTGRESQL_MAX_CONNECTIONS - description: Configures how much memory is dedicated to PostgreSQL for caching data. displayName: PostgreSQL Shared Buffers name: POSTGRESQL_SHARED_BUFFERS - description: Database user name displayName: Database Username from: user[a-zA-Z0-9]{3} generate: expression name: DB_USERNAME required: true - description: Database user password displayName: Database Password from: '[a-zA-Z0-9]{32}' generate: expression name: DB_PASSWORD required: true - description: Size of persistent storage for database volume. displayName: Database Volume Capacity name: VOLUME_CAPACITY required: true value: 1Gi - description: Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project. displayName: ImageStream Namespace name: IMAGE_STREAM_NAMESPACE required: true value: openshift - description: RH-SSO Server administrator username displayName: RH-SSO Administrator Username from: '[a-zA-Z0-9]{8}' generate: expression name: SSO_ADMIN_USERNAME required: true - description: RH-SSO Server administrator password displayName: RH-SSO Administrator Password from: '[a-zA-Z0-9]{32}' generate: expression name: SSO_ADMIN_PASSWORD required: true - description: Realm to be created in the RH-SSO server (e.g. demorealm). displayName: RH-SSO Realm name: SSO_REALM - description: The username used to access the RH-SSO service. This is used by clients to create the appliction client(s) within the specified RH-SSO realm. displayName: RH-SSO Service Username name: SSO_SERVICE_USERNAME - description: The password for the RH-SSO service user. displayName: RH-SSO Service Password name: SSO_SERVICE_PASSWORD - description: The tag to use for the "postgresql" image stream. Typically, this aligns with the major.minor version of PostgreSQL. displayName: PostgreSQL Image Stream Tag name: POSTGRESQL_IMAGE_STREAM_TAG required: true value: "10" - description: Container memory limit. displayName: Container Memory Limit name: MEMORY_LIMIT value: 1Gi ansible/roles/ocp4-workload-ccnrd/files/ccnrd_keycloak_realm.json
New file @@ -0,0 +1,1619 @@ { "id" : "11d78bf6-6d10-4484-baba-a1388379d68b", "realm" : "ccnrd", "notBefore" : 0, "revokeRefreshToken" : false, "refreshTokenMaxReuse" : 0, "accessTokenLifespan" : 3000, "accessTokenLifespanForImplicitFlow" : 9000, "ssoSessionIdleTimeout" : 1800, "ssoSessionMaxLifespan" : 36000, "ssoSessionIdleTimeoutRememberMe" : 0, "ssoSessionMaxLifespanRememberMe" : 0, "offlineSessionIdleTimeout" : 2592000, "offlineSessionMaxLifespanEnabled" : false, "offlineSessionMaxLifespan" : 5184000, "accessCodeLifespan" : 60, "accessCodeLifespanUserAction" : 300, "accessCodeLifespanLogin" : 1800, "actionTokenGeneratedByAdminLifespan" : 43200, "actionTokenGeneratedByUserLifespan" : 300, "enabled" : true, "sslRequired" : "none", "registrationAllowed" : false, "registrationEmailAsUsername" : false, "rememberMe" : false, "verifyEmail" : false, "loginWithEmailAllowed" : true, "duplicateEmailsAllowed" : false, "resetPasswordAllowed" : false, "editUsernameAllowed" : false, "bruteForceProtected" : false, "permanentLockout" : false, "maxFailureWaitSeconds" : 900, "minimumQuickLoginWaitSeconds" : 60, "waitIncrementSeconds" : 60, "quickLoginCheckMilliSeconds" : 1000, "maxDeltaTimeSeconds" : 43200, "failureFactor" : 30, "roles" : { "realm" : [ { "id" : "3fc80564-13ac-4e7b-9986-322f571e82bc", "name" : "confidential", "composite" : false, "clientRole" : false, "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", "attributes" : { } }, { "id" : "39eb64c8-66a9-4983-9c81-27ea7e2f6273", "name" : "uma_authorization", "description" : "${role_uma_authorization}", "composite" : false, "clientRole" : false, "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", "attributes" : { } }, { "id" : "8c1abe12-62fe-4a06-ae0d-f5fb67dddbb0", "name" : "admin", "composite" : false, "clientRole" : false, "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", "attributes" : { } }, { "id" : "5afce544-6a3c-495f-b805-fd737cf5081e", "name" : "user", "composite" : false, "clientRole" : false, "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", "attributes" : { } }, { "id" : "bc431d62-a80a-425b-961a-0fb3fc59006d", "name" : "offline_access", "description" : "${role_offline-access}", "composite" : false, "clientRole" : false, "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b", "attributes" : { } } ], "client" : { "realm-management" : [ { "id" : "7db1f38d-d436-4725-93fd-030a3bbe628e", "name" : "manage-identity-providers", "description" : "${role_manage-identity-providers}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "1163b9bd-7319-4154-a25f-0101b2548d21", "name" : "impersonation", "description" : "${role_impersonation}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "73d0a556-072b-404f-bf8e-10e2544c8c27", "name" : "view-identity-providers", "description" : "${role_view-identity-providers}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "7e727e28-2095-4443-b2da-865e684f2308", "name" : "view-realm", "description" : "${role_view-realm}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "df9e5352-f835-4467-bcaf-cb1b5f55c1ec", "name" : "query-users", "description" : "${role_query-users}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "fa77909a-32a3-41ae-9983-2b92ae03080c", "name" : "manage-clients", "description" : "${role_manage-clients}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "a8780507-dc72-4433-8b95-b8e4f3c37d0e", "name" : "manage-events", "description" : "${role_manage-events}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "f7f4697a-3977-42f6-af86-9bb006cf4d04", "name" : "realm-admin", "description" : "${role_realm-admin}", "composite" : true, "composites" : { "client" : { "realm-management" : [ "impersonation", "manage-identity-providers", "view-identity-providers", "view-realm", "query-users", "manage-clients", "manage-events", "manage-realm", "view-authorization", "manage-authorization", "view-users", "create-client", "query-clients", "query-groups", "manage-users", "view-clients", "view-events", "query-realms" ] } }, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "ca7dc1ce-a981-4efe-b3f0-a7192b6d3943", "name" : "manage-realm", "description" : "${role_manage-realm}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "a0ab4faa-00a9-4f52-ac9f-8e764b6a8126", "name" : "view-authorization", "description" : "${role_view-authorization}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "0b4ed5e0-eceb-4d81-ba05-fa67022abe59", "name" : "manage-authorization", "description" : "${role_manage-authorization}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "c10336be-06f3-40ef-bef5-28d8c9b8a1e2", "name" : "create-client", "description" : "${role_create-client}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "1a1ffadc-11d5-44ea-bac0-d94372c8ae5c", "name" : "view-users", "description" : "${role_view-users}", "composite" : true, "composites" : { "client" : { "realm-management" : [ "query-groups", "query-users" ] } }, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "5ba9a1a3-9027-4531-8253-b91f6058513c", "name" : "query-clients", "description" : "${role_query-clients}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "b4fba807-7a7e-4e3e-bd31-45703305a9e3", "name" : "query-groups", "description" : "${role_query-groups}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "c9384254-0af3-434c-b4ed-7c94f59a8247", "name" : "manage-users", "description" : "${role_manage-users}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "9a0022f2-bd58-4418-828c-a8e7abe3346b", "name" : "view-clients", "description" : "${role_view-clients}", "composite" : true, "composites" : { "client" : { "realm-management" : [ "query-clients" ] } }, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "83df8311-4366-4d22-9425-eccc343faa3f", "name" : "view-events", "description" : "${role_view-events}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } }, { "id" : "e81bf277-047f-4bdd-afd6-59e2016c5066", "name" : "query-realms", "description" : "${role_query-realms}", "composite" : false, "clientRole" : true, "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748", "attributes" : { } } ], "security-admin-console" : [ ], "admin-cli" : [ ], "backend-service" : [ { "id" : "df147a91-6da7-4bbc-866c-f30cf99b2637", "name" : "uma_protection", "composite" : false, "clientRole" : true, "containerId" : "0ac5df91-e044-4051-bd03-106a3a5fb9cc", "attributes" : { } } ], "broker" : [ { "id" : "d36865b0-7ade-4bcd-a7dc-1dacbd80f169", "name" : "read-token", "description" : "${role_read-token}", "composite" : false, "clientRole" : true, "containerId" : "53d4fe53-a039-471e-886a-28eddc950e95", "attributes" : { } } ], "account" : [ { "id" : "539325a0-d9b3-4821-97ee-d42999296b62", "name" : "view-profile", "description" : "${role_view-profile}", "composite" : false, "clientRole" : true, "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d", "attributes" : { } }, { "id" : "e4af836c-c884-4a57-8b1d-fb673b0fe3a5", "name" : "manage-account", "description" : "${role_manage-account}", "composite" : true, "composites" : { "client" : { "account" : [ "manage-account-links" ] } }, "clientRole" : true, "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d", "attributes" : { } }, { "id" : "35d1c998-bcae-4ab1-a026-4c67bff49a98", "name" : "manage-account-links", "description" : "${role_manage-account-links}", "composite" : false, "clientRole" : true, "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d", "attributes" : { } } ] } }, "groups" : [ ], "defaultRoles" : [ "uma_authorization", "offline_access" ], "requiredCredentials" : [ "password" ], "otpPolicyType" : "totp", "otpPolicyAlgorithm" : "HmacSHA1", "otpPolicyInitialCounter" : 0, "otpPolicyDigits" : 6, "otpPolicyLookAheadWindow" : 1, "otpPolicyPeriod" : 30, "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], "scopeMappings" : [ { "clientScope" : "offline_access", "roles" : [ "offline_access" ] } ], "clients" : [ { "id" : "e55e1234-38fa-432d-8d90-39f5e024688d", "clientId" : "account", "name" : "${client_account}", "baseUrl" : "/auth/realms/ccnrd/account", "surrogateAuthRequired" : false, "enabled" : true, "clientAuthenticatorType" : "client-secret", "secret" : "0136c3ef-0dfd-4b13-a6d0-2c8b6358edec", "defaultRoles" : [ "view-profile", "manage-account" ], "redirectUris" : [ "/auth/realms/ccnrd/account/*" ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : false, "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "e9cc41a2-8e35-4d5e-949e-4879880c2ddb", "clientId" : "admin-cli", "name" : "${client_admin-cli}", "surrogateAuthRequired" : false, "enabled" : true, "clientAuthenticatorType" : "client-secret", "secret" : "a951803a-79c7-46a6-8197-e32835286971", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : false, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : true, "serviceAccountsEnabled" : false, "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "53d4fe53-a039-471e-886a-28eddc950e95", "clientId" : "broker", "name" : "${client_broker}", "surrogateAuthRequired" : false, "enabled" : true, "clientAuthenticatorType" : "client-secret", "secret" : "e1f7edd7-e15c-43b4-8736-ff8204d16836", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : false, "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "0ac5df91-e044-4051-bd03-106a3a5fb9cc", "clientId" : "backend-service", "surrogateAuthRequired" : false, "enabled" : true, "clientAuthenticatorType" : "client-secret", "secret" : "secret", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : true, "serviceAccountsEnabled" : true, "authorizationServicesEnabled" : true, "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : true, "nodeReRegistrationTimeout" : -1, "protocolMappers" : [ { "id" : "3eac903f-c16b-4a78-a7e8-eb8f4d402b71", "name" : "Client ID", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientId", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientId", "jsonType.label" : "String" } }, { "id" : "8422cefe-7f42-4f3b-abad-5f06f7d4b748", "name" : "Client IP Address", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientAddress", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientAddress", "jsonType.label" : "String" } }, { "id" : "988e47d6-2055-45eb-82d6-0b8b25c629fc", "name" : "Client Host", "protocol" : "openid-connect", "protocolMapper" : "oidc-usersessionmodel-note-mapper", "consentRequired" : false, "config" : { "user.session.note" : "clientHost", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "clientHost", "jsonType.label" : "String" } } ], "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], "authorizationSettings" : { "allowRemoteResourceManagement" : true, "policyEnforcementMode" : "ENFORCING", "resources" : [ { "name" : "Confidential Resource", "ownerManagedAccess" : false, "attributes" : { }, "_id" : "99856673-24fa-431b-9e26-93e2113f69db", "uris" : [ "/secured/confidential" ] } ], "policies" : [ { "id" : "c72b05ee-ee80-4a97-acf2-ca329a44aae1", "name" : "Confidential Policy", "type" : "js", "logic" : "POSITIVE", "decisionStrategy" : "UNANIMOUS", "config" : { "code" : "var identity = $evaluation.context.identity;\n\nif (identity.hasRealmRole(\"confidential\")) {\n$evaluation.grant();\n}" } }, { "id" : "976c6965-9684-42ac-a928-fcad639e5deb", "name" : "Confidential Permission", "type" : "resource", "logic" : "POSITIVE", "decisionStrategy" : "UNANIMOUS", "config" : { "resources" : "[\"Confidential Resource\"]", "applyPolicies" : "[\"Confidential Policy\"]" } } ], "scopes" : [ ] } }, { "id" : "376bd940-e50a-4495-80fc-9c6c07312748", "clientId" : "realm-management", "name" : "${client_realm-management}", "surrogateAuthRequired" : false, "enabled" : true, "clientAuthenticatorType" : "client-secret", "secret" : "c41b709a-a012-4c69-89d7-4f926dba0619", "redirectUris" : [ ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : true, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : false, "publicClient" : false, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { "id" : "a8732cac-ae0f-44ec-b7f3-bd2c41eff13c", "clientId" : "security-admin-console", "name" : "${client_security-admin-console}", "baseUrl" : "/auth/admin/ccnrd/console/index.html", "surrogateAuthRequired" : false, "enabled" : true, "clientAuthenticatorType" : "client-secret", "secret" : "e571b211-2550-475d-b87f-116ff54091ee", "redirectUris" : [ "/auth/admin/ccnrd/console/*" ], "webOrigins" : [ ], "notBefore" : 0, "bearerOnly" : false, "consentRequired" : false, "standardFlowEnabled" : true, "implicitFlowEnabled" : false, "directAccessGrantsEnabled" : false, "serviceAccountsEnabled" : false, "publicClient" : true, "frontchannelLogout" : false, "protocol" : "openid-connect", "attributes" : { }, "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "protocolMappers" : [ { "id" : "280528ca-5e96-4bb9-9fc0-20311caac32d", "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "locale", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "locale", "jsonType.label" : "String" } } ], "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "clientScopes" : [ { "id" : "520cc3ef-2c6b-4d84-bcde-8c063241f4bd", "name" : "address", "description" : "OpenID Connect built-in scope: address", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", "consent.screen.text" : "${addressScopeConsentText}" }, "protocolMappers" : [ { "id" : "c1d3bd07-0a5f-4f4f-b381-c58a7b723029", "name" : "address", "protocol" : "openid-connect", "protocolMapper" : "oidc-address-mapper", "consentRequired" : false, "config" : { "user.attribute.formatted" : "formatted", "user.attribute.country" : "country", "user.attribute.postal_code" : "postal_code", "userinfo.token.claim" : "true", "user.attribute.street" : "street", "id.token.claim" : "true", "user.attribute.region" : "region", "access.token.claim" : "true", "user.attribute.locality" : "locality" } } ] }, { "id" : "19920c96-a383-4f35-8ee9-27833263cf03", "name" : "email", "description" : "OpenID Connect built-in scope: email", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", "consent.screen.text" : "${emailScopeConsentText}" }, "protocolMappers" : [ { "id" : "36a0adf0-6c25-419f-98d7-cdeada8661aa", "name" : "email", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "email", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "email", "jsonType.label" : "String" } }, { "id" : "b0c39901-5e5d-4436-b685-908bb90ea1d9", "name" : "email verified", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "emailVerified", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "email_verified", "jsonType.label" : "boolean" } } ] }, { "id" : "55b3ee1c-cbf9-4526-93d7-aa56a9c5f1cb", "name" : "microprofile-jwt", "description" : "Microprofile - JWT built-in scope", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "false" }, "protocolMappers" : [ { "id" : "59128144-a21a-4744-bb55-e66ff0503b18", "name" : "upn", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "username", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "upn", "jsonType.label" : "String" } }, { "id" : "69351a63-7d6e-45d0-be47-088c83b20fdb", "name" : "groups", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { "multivalued" : "true", "user.attribute" : "foo", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "groups", "jsonType.label" : "String" } } ] }, { "id" : "3f190f54-8e3a-4c82-a799-bd12ddc475b2", "name" : "offline_access", "description" : "OpenID Connect built-in scope: offline_access", "protocol" : "openid-connect", "attributes" : { "consent.screen.text" : "${offlineAccessScopeConsentText}", "display.on.consent.screen" : "true" } }, { "id" : "defa3480-5368-4f34-8075-49fb982b71b3", "name" : "phone", "description" : "OpenID Connect built-in scope: phone", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", "consent.screen.text" : "${phoneScopeConsentText}" }, "protocolMappers" : [ { "id" : "069ae414-9e98-4612-a3d6-e8b5a1fa841d", "name" : "phone number verified", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "phoneNumberVerified", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "phone_number_verified", "jsonType.label" : "boolean" } }, { "id" : "cea58e24-d0e0-4cc6-9e34-7b3bf7d6d85b", "name" : "phone number", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "phoneNumber", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "phone_number", "jsonType.label" : "String" } } ] }, { "id" : "b7321e2e-dd8e-41cf-a527-c765155c3f78", "name" : "profile", "description" : "OpenID Connect built-in scope: profile", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", "consent.screen.text" : "${profileScopeConsentText}" }, "protocolMappers" : [ { "id" : "1d4d3df5-7af5-488e-8477-0ad7cb74d50a", "name" : "nickname", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "nickname", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "nickname", "jsonType.label" : "String" } }, { "id" : "1a5e26d6-211e-4f8a-b696-0ea9577db25a", "name" : "zoneinfo", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "zoneinfo", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "zoneinfo", "jsonType.label" : "String" } }, { "id" : "18971685-6dd7-420f-9c09-879c4f2d54d8", "name" : "updated at", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "updatedAt", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "updated_at", "jsonType.label" : "String" } }, { "id" : "b970d96b-0156-4db0-9beb-9c84c173e619", "name" : "birthdate", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "birthdate", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "birthdate", "jsonType.label" : "String" } }, { "id" : "50287033-df21-45c6-aa46-c3060e6f9855", "name" : "given name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "firstName", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "given_name", "jsonType.label" : "String" } }, { "id" : "3dc6b97e-7063-4077-98d1-0cacf9029c7b", "name" : "full name", "protocol" : "openid-connect", "protocolMapper" : "oidc-full-name-mapper", "consentRequired" : false, "config" : { "id.token.claim" : "true", "access.token.claim" : "true", "userinfo.token.claim" : "true" } }, { "id" : "3fb9391b-376c-42ef-b012-4df461c617cc", "name" : "middle name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "middleName", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "middle_name", "jsonType.label" : "String" } }, { "id" : "83f7fc4a-5386-4f86-a103-6585e138b61d", "name" : "username", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "username", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "preferred_username", "jsonType.label" : "String" } }, { "id" : "8ef177b3-f485-44b1-afee-1901393b00c7", "name" : "family name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "lastName", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "family_name", "jsonType.label" : "String" } }, { "id" : "e994cbc7-2a1a-4465-b7b7-12b35b4fe49e", "name" : "gender", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "gender", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "gender", "jsonType.label" : "String" } }, { "id" : "abaa4c9e-1fa2-4b45-a1bb-b3d650de9aca", "name" : "picture", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "picture", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "picture", "jsonType.label" : "String" } }, { "id" : "bf21b514-81fd-4bbe-9236-bab5fcf54561", "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "locale", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "locale", "jsonType.label" : "String" } }, { "id" : "254f8de4-08e7-4d3d-a87f-4b238f0f922b", "name" : "profile", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "profile", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "profile", "jsonType.label" : "String" } }, { "id" : "7934bf2a-cfc3-4b2d-a5cb-287f3ed2a977", "name" : "website", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", "user.attribute" : "website", "id.token.claim" : "true", "access.token.claim" : "true", "claim.name" : "website", "jsonType.label" : "String" } } ] }, { "id" : "f3dc793d-6011-4861-b538-399dde5434c0", "name" : "role_list", "description" : "SAML role list", "protocol" : "saml", "attributes" : { "consent.screen.text" : "${samlRoleListScopeConsentText}", "display.on.consent.screen" : "true" }, "protocolMappers" : [ { "id" : "22eeabf8-a3c3-4026-a351-367f8ace7927", "name" : "role list", "protocol" : "saml", "protocolMapper" : "saml-role-list-mapper", "consentRequired" : false, "config" : { "single" : "false", "attribute.nameformat" : "Basic", "attribute.name" : "Role" } } ] }, { "id" : "f72c1acd-c367-41b1-8646-b6bd5fff3e3f", "name" : "roles", "description" : "OpenID Connect scope for add user roles to the access token", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", "display.on.consent.screen" : "true", "consent.screen.text" : "${rolesScopeConsentText}" }, "protocolMappers" : [ { "id" : "cd8e589e-5fa7-4dae-bf6e-e8f6a3fd3cff", "name" : "realm roles", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { "user.attribute" : "foo", "access.token.claim" : "true", "claim.name" : "realm_access.roles", "jsonType.label" : "String", "multivalued" : "true" } }, { "id" : "708b19d1-0709-4278-b5a1-bcbeec11f51a", "name" : "audience resolve", "protocol" : "openid-connect", "protocolMapper" : "oidc-audience-resolve-mapper", "consentRequired" : false, "config" : { } }, { "id" : "25e97210-30c7-4f35-be11-407f1fa674cb", "name" : "client roles", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-client-role-mapper", "consentRequired" : false, "config" : { "user.attribute" : "foo", "access.token.claim" : "true", "claim.name" : "resource_access.${client_id}.roles", "jsonType.label" : "String", "multivalued" : "true" } } ] }, { "id" : "52618957-a4e8-4c6f-a902-217f2c41a2fd", "name" : "web-origins", "description" : "OpenID Connect scope for add allowed web origins to the access token", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", "display.on.consent.screen" : "false", "consent.screen.text" : "" }, "protocolMappers" : [ { "id" : "a66ddadf-312f-491f-993c-fa58685815c6", "name" : "allowed web origins", "protocol" : "openid-connect", "protocolMapper" : "oidc-allowed-origins-mapper", "consentRequired" : false, "config" : { } } ] } ], "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ], "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], "browserSecurityHeaders" : { "contentSecurityPolicyReportOnly" : "", "xContentTypeOptions" : "nosniff", "xRobotsTag" : "none", "xFrameOptions" : "SAMEORIGIN", "xXSSProtection" : "1; mode=block", "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "strictTransportSecurity" : "max-age=31536000; includeSubDomains" }, "smtpServer" : { }, "eventsEnabled" : false, "eventsListeners" : [ "jboss-logging" ], "enabledEventTypes" : [ ], "adminEventsEnabled" : false, "adminEventsDetailsEnabled" : false, "components" : { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { "id" : "a7679218-373d-48ca-88f8-429985faeae3", "name" : "Allowed Protocol Mapper Types", "providerId" : "allowed-protocol-mappers", "subType" : "anonymous", "subComponents" : { }, "config" : { "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ] } }, { "id" : "2ebf6f9f-4bfc-44b9-ad7c-282f2274d35b", "name" : "Allowed Client Scopes", "providerId" : "allowed-client-templates", "subType" : "authenticated", "subComponents" : { }, "config" : { "allow-default-scopes" : [ "true" ] } }, { "id" : "552093c3-0a0a-4234-ad7c-ae660f0f0db1", "name" : "Allowed Client Scopes", "providerId" : "allowed-client-templates", "subType" : "anonymous", "subComponents" : { }, "config" : { "allow-default-scopes" : [ "true" ] } }, { "id" : "8f27cf74-cee7-4a73-851f-982ee45157ca", "name" : "Trusted Hosts", "providerId" : "trusted-hosts", "subType" : "anonymous", "subComponents" : { }, "config" : { "host-sending-registration-request-must-match" : [ "true" ], "client-uris-must-match" : [ "true" ] } }, { "id" : "ff570525-6c96-4500-9d73-c02e708b39de", "name" : "Full Scope Disabled", "providerId" : "scope", "subType" : "anonymous", "subComponents" : { }, "config" : { } }, { "id" : "b52284eb-123a-4718-aac9-857530a24a9b", "name" : "Max Clients Limit", "providerId" : "max-clients", "subType" : "anonymous", "subComponents" : { }, "config" : { "max-clients" : [ "200" ] } }, { "id" : "2b8c0a6d-d5c0-4ea2-8a9c-4843d3e04ec6", "name" : "Consent Required", "providerId" : "consent-required", "subType" : "anonymous", "subComponents" : { }, "config" : { } }, { "id" : "bf59de5a-2c93-43cc-a9aa-03be0129fe53", "name" : "Allowed Protocol Mapper Types", "providerId" : "allowed-protocol-mappers", "subType" : "authenticated", "subComponents" : { }, "config" : { "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ] } } ], "org.keycloak.keys.KeyProvider" : [ { "id" : "b3efd9cc-28b6-4404-82af-8a48a966b8ff", "name" : "rsa-generated", "providerId" : "rsa-generated", "subComponents" : { }, "config" : { "privateKey" : [ "MIIEowIBAAKCAQEAn5T13suF8mlS+pJXp0U1bto41nW55wpcs+Rps8ZVCRyJKWqzwSCYnI7lm0rB2wBpAAO4OPoj1zlmVoFmBPsDU9Xf7rjsJb5LIzIQDCZY44aSDZt6RR+gakPiQvlzHyW/RozYpngDJF7TsTD7rdRF1xQ4RprfBF8fwK/xsU7pxbeom5xDHZhz3fiw8s+7UdbmnazDHfAjU58aUrLGgVRfUsuoHjtsptYlOIXEifaeMetXZE+HhqLYRHQPDap5fbBJl773Trosn7N9nmzN4x1xxGj9So21WC5UboQs9sAIVgizc4omjZ5Y4RN9HLH7G4YwJctNntzmnJhDui9zAO+zSQIDAQABAoIBADi+F7rTtVoft0Cfnok8o6Y58/HVxHdxiMryUd95iy0FN4RBi48FTx6D9QKFz25Ws/8sU2n3D51srIXf1u24b1N0/f39RQKaqk7mcyxOylaEuBQcj5pah4ihgKd92UBfBKdKV5LBo6RgD3e2yhbiHr8+UlBQqzH7vOef6Bm6zIbfmi3N88swAJhP0YizRZFklsbmLsK6nkwyro00CHJvPVKSBbM+ad+/zIBsLw56MvNngB5TuFguUgoljd6M1T2z4utmZGlTUqrfE1onAVLJZoGnRohyIr7dJEg6YxWR70PxsgmkDKyeRvet9P1trO0n+OSprusfrC3cHJStabap1V0CgYEA1A/CtsqTnjdYYsB19eumZgdpzUgNc/YEAzZ/OWb8yTLoB2ncci+63A1rXHUXAqJFY7vtjn5mxv7SuASNbUrzq+6KfZvC1x9XEtnczqT/ypunNfxmIZuj8Nuu6vtURguZ8kPPwdkI8toTizRFeRE5ZDBvoQryiEVYugfHaHT5vzsCgYEAwKWODwquI0Lv9BuwdNVrBXQpkKh3ZfYOA7i9xvhxlM7xUu8OMCwwCPn3r7vrW5APjTqX4h330mJ44SLEs+7gbCUs4BbJBLA6g0ChlHa9PTkxp6tk2nDF/B34fxiZSRkE85L+d+at0Dc3hnlzLCJCzJawGpoPniPU9e4w0p4dN0sCgYAsGnMGjS8SUrRhJWHjGXVr9tK8TOXvXhULjgP7rj2Yoqu7Dvs4DFEyft/7RKbad2EzEtyfLA64CDtO5jN7rYDsGxpWcVSeZPg5BXJ0z8AbJTArfCjJiJMZ/rZsTIUEZFlKF2xYBolj6JLz+pUQTtK+0YwF1D8ItFN1rTR9twZSDQKBgQC6sPXNX+VH6LuPTjIf1x8CxwLs3EXxOpV0R9kp9GRl+HJnk6GlT30xhcThufQo5KAdllXQXIhoiuNoEoCbevhj9Vbax1oBQCNERSMRNEzKAx46xd9TzYwgeo7x5E3QR/3DaoVOfu+cY5ZcrF/PulgP2kxJS1mtQD5GIpGP2oinpwKBgGqiqTFPqRcelx76vBvTU+Jp1zM62T4AotbMrSQR/oUvqHe5Ytj/SbZx+wbbHAiyGgV700Mosyviik83YEAbR3kdOPjgYvAJJW2Y3jEMdQ7MwriXz8XLh5BGmYfVjkSOJXed9ua9WlYLKOJeXXv191BbDvrx5NXuJyVVU4vJx3YZ" ], "certificate" : [ "MIICnTCCAYUCBgFp4EYIrjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwcm90ZWFuMB4XDTE5MDQwMjIyNTYxOVoXDTI5MDQwMjIyNTc1OVowEjEQMA4GA1UEAwwHcHJvdGVhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+U9d7LhfJpUvqSV6dFNW7aONZ1uecKXLPkabPGVQkciSlqs8EgmJyO5ZtKwdsAaQADuDj6I9c5ZlaBZgT7A1PV3+647CW+SyMyEAwmWOOGkg2bekUfoGpD4kL5cx8lv0aM2KZ4AyRe07Ew+63URdcUOEaa3wRfH8Cv8bFO6cW3qJucQx2Yc934sPLPu1HW5p2swx3wI1OfGlKyxoFUX1LLqB47bKbWJTiFxIn2njHrV2RPh4ai2ER0Dw2qeX2wSZe+9066LJ+zfZ5szeMdccRo/UqNtVguVG6ELPbACFYIs3OKJo2eWOETfRyx+xuGMCXLTZ7c5pyYQ7ovcwDvs0kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAVtmRKDb4OK5iSA46tagMBkp6L7WuPpCWuHGWwobEP+BecYsShW7zP3s12oA8SNSwbhvu0CRqgzxhuypgf3hKQFVU153Erv4hzkj+8S0s5LR/ZE7tDNY2lzJ3yQKXy3Md7EkuzzvOZ50MTrcSKAanWq/ZW1OTnrtGymj5zGJnTg7mMnJzEIGePxkvPu/QdchiPBLqxfZYm1jsFGY25djOC3N/KmVcRVmPRGuu6D8tBFHlKoPfZYPdbMvsvs24aupHKRcZ+ofTCpK+2Qo8c0pSSqeEYHGmuGqC6lC6ozxtxSABPO9Q1R1tZBU7Kg5HvXUwwmoVS3EGub46YbHqbmWMLg==" ], "priority" : [ "100" ] } }, { "id" : "20460ca5-ec24-4a9b-839a-457743d3f841", "name" : "hmac-generated", "providerId" : "hmac-generated", "subComponents" : { }, "config" : { "kid" : [ "96afd00e-85cf-4d35-b18e-061d3813d8b2" ], "secret" : [ "qBFGKdUGf6xDgKphnRfoFzIzaFHJW4bYnZ9MinPFzN38X5_ctq-2u1q5RdZzeJukXvk2biHB8_s3DxWmmLZFsA" ], "priority" : [ "100" ], "algorithm" : [ "HS256" ] } }, { "id" : "4f02d984-7a23-4ce1-8591-848a71390efe", "name" : "aes-generated", "providerId" : "aes-generated", "subComponents" : { }, "config" : { "kid" : [ "b04473d3-8395-4016-b455-19a9e951106b" ], "secret" : [ "x68mMOVdz3qKWzltzReV0g" ], "priority" : [ "100" ] } } ] }, "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { "id" : "d6c3e282-a738-4b8b-98c2-378b9faf8344", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "idp-confirm-link", "requirement" : "REQUIRED", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "idp-email-verification", "requirement" : "ALTERNATIVE", "priority" : 20, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "requirement" : "ALTERNATIVE", "priority" : 30, "flowAlias" : "Verify Existing Account by Re-authentication", "userSetupAllowed" : false, "autheticatorFlow" : true } ] }, { "id" : "4855860b-4009-4f1b-ba6b-60581618ea62", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "idp-username-password-form", "requirement" : "REQUIRED", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "auth-otp-form", "requirement" : "OPTIONAL", "priority" : 20, "userSetupAllowed" : false, "autheticatorFlow" : false } ] }, { "id" : "8a9872b0-65f1-47ff-9565-fa826ac64cd4", "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "auth-cookie", "requirement" : "ALTERNATIVE", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "auth-spnego", "requirement" : "DISABLED", "priority" : 20, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "identity-provider-redirector", "requirement" : "ALTERNATIVE", "priority" : 25, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "requirement" : "ALTERNATIVE", "priority" : 30, "flowAlias" : "forms", "userSetupAllowed" : false, "autheticatorFlow" : true } ] }, { "id" : "51b8ed14-62b6-49b3-b602-0b51508349e0", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "client-secret", "requirement" : "ALTERNATIVE", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "client-jwt", "requirement" : "ALTERNATIVE", "priority" : 20, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "client-secret-jwt", "requirement" : "ALTERNATIVE", "priority" : 30, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "client-x509", "requirement" : "ALTERNATIVE", "priority" : 40, "userSetupAllowed" : false, "autheticatorFlow" : false } ] }, { "id" : "9b65133a-ee71-494a-a659-6804513fc30b", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "direct-grant-validate-username", "requirement" : "REQUIRED", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "direct-grant-validate-password", "requirement" : "REQUIRED", "priority" : 20, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "direct-grant-validate-otp", "requirement" : "OPTIONAL", "priority" : 30, "userSetupAllowed" : false, "autheticatorFlow" : false } ] }, { "id" : "f62bc4ad-25ac-4f83-963b-32820af3a683", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "docker-http-basic-authenticator", "requirement" : "REQUIRED", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false } ] }, { "id" : "1b423fe7-f312-404c-903b-f1260a77259b", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticatorConfig" : "review profile config", "authenticator" : "idp-review-profile", "requirement" : "REQUIRED", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticatorConfig" : "create unique user config", "authenticator" : "idp-create-user-if-unique", "requirement" : "ALTERNATIVE", "priority" : 20, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "requirement" : "ALTERNATIVE", "priority" : 30, "flowAlias" : "Handle Existing Account", "userSetupAllowed" : false, "autheticatorFlow" : true } ] }, { "id" : "9c9530b3-e3c6-481b-99e8-1461a9752e8e", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "auth-username-password-form", "requirement" : "REQUIRED", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "auth-otp-form", "requirement" : "OPTIONAL", "priority" : 20, "userSetupAllowed" : false, "autheticatorFlow" : false } ] }, { "id" : "70fb94ac-354c-4629-a5fe-5135d0137964", "alias" : "http challenge", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "no-cookie-redirect", "requirement" : "REQUIRED", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "basic-auth", "requirement" : "REQUIRED", "priority" : 20, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "basic-auth-otp", "requirement" : "DISABLED", "priority" : 30, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "auth-spnego", "requirement" : "DISABLED", "priority" : 40, "userSetupAllowed" : false, "autheticatorFlow" : false } ] }, { "id" : "08292a4a-6722-4e33-a5d9-354c2628f567", "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "registration-page-form", "requirement" : "REQUIRED", "priority" : 10, "flowAlias" : "registration form", "userSetupAllowed" : false, "autheticatorFlow" : true } ] }, { "id" : "668dc4b6-fe1a-4d24-ab5b-bc76e20ac390", "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", "topLevel" : false, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "registration-user-creation", "requirement" : "REQUIRED", "priority" : 20, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "registration-profile-action", "requirement" : "REQUIRED", "priority" : 40, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "registration-password-action", "requirement" : "REQUIRED", "priority" : 50, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "registration-recaptcha-action", "requirement" : "DISABLED", "priority" : 60, "userSetupAllowed" : false, "autheticatorFlow" : false } ] }, { "id" : "a0e191f0-ce9a-4a75-b6e4-97332b05f7e5", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "reset-credentials-choose-user", "requirement" : "REQUIRED", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "reset-credential-email", "requirement" : "REQUIRED", "priority" : 20, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "reset-password", "requirement" : "REQUIRED", "priority" : 30, "userSetupAllowed" : false, "autheticatorFlow" : false }, { "authenticator" : "reset-otp", "requirement" : "OPTIONAL", "priority" : 40, "userSetupAllowed" : false, "autheticatorFlow" : false } ] }, { "id" : "ad4beb21-8e9a-4fca-af41-0f757169f26c", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", "topLevel" : true, "builtIn" : true, "authenticationExecutions" : [ { "authenticator" : "http-basic-authenticator", "requirement" : "REQUIRED", "priority" : 10, "userSetupAllowed" : false, "autheticatorFlow" : false } ] } ], "authenticatorConfig" : [ { "id" : "25632f91-6071-423a-8e9c-7322cdc1b011", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { "id" : "02d7f70b-1ebc-4e72-a65c-d94a600895ac", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" } } ], "requiredActions" : [ { "alias" : "CONFIGURE_TOTP", "name" : "Configure OTP", "providerId" : "CONFIGURE_TOTP", "enabled" : true, "defaultAction" : false, "priority" : 10, "config" : { } }, { "alias" : "terms_and_conditions", "name" : "Terms and Conditions", "providerId" : "terms_and_conditions", "enabled" : false, "defaultAction" : false, "priority" : 20, "config" : { } }, { "alias" : "UPDATE_PASSWORD", "name" : "Update Password", "providerId" : "UPDATE_PASSWORD", "enabled" : true, "defaultAction" : false, "priority" : 30, "config" : { } }, { "alias" : "UPDATE_PROFILE", "name" : "Update Profile", "providerId" : "UPDATE_PROFILE", "enabled" : true, "defaultAction" : false, "priority" : 40, "config" : { } }, { "alias" : "VERIFY_EMAIL", "name" : "Verify Email", "providerId" : "VERIFY_EMAIL", "enabled" : true, "defaultAction" : false, "priority" : 50, "config" : { } } ], "browserFlow" : "browser", "registrationFlow" : "registration", "directGrantFlow" : "direct grant", "resetCredentialsFlow" : "reset credentials", "clientAuthenticationFlow" : "clients", "dockerAuthenticationFlow" : "docker auth", "attributes" : { "_browser_header.xXSSProtection" : "1; mode=block", "_browser_header.xFrameOptions" : "SAMEORIGIN", "_browser_header.strictTransportSecurity" : "max-age=31536000; includeSubDomains", "permanentLockout" : "false", "quickLoginCheckMilliSeconds" : "1000", "_browser_header.xRobotsTag" : "none", "maxFailureWaitSeconds" : "900", "minimumQuickLoginWaitSeconds" : "60", "failureFactor" : "30", "actionTokenGeneratedByUserLifespan" : "300", "maxDeltaTimeSeconds" : "43200", "_browser_header.xContentTypeOptions" : "nosniff", "offlineSessionMaxLifespan" : "5184000", "actionTokenGeneratedByAdminLifespan" : "43200", "_browser_header.contentSecurityPolicyReportOnly" : "", "bruteForceProtected" : "false", "_browser_header.contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "waitIncrementSeconds" : "60", "offlineSessionMaxLifespanEnabled" : "false" }, "users" : [ { "id" : "af134cab-f41c-4675-b141-205f975db679", "username" : "admin", "enabled" : true, "totp" : false, "emailVerified" : false, "credentials" : [ { "type" : "password", "hashedSaltedValue" : "NICTtwsvSxJ5hL8hLAuleDUv9jwZcuXgxviMXvR++cciyPtiIEStEaJUyfA9DOir59awjPrHOumsclPVjNBplA==", "salt" : "T/2P5o5oxFJUEk68BRURRg==", "hashIterations" : 27500, "counter" : 0, "algorithm" : "pbkdf2-sha256", "digits" : 0, "period" : 0, "createdDate" : 1554245879354, "config" : { } } ], "disableableCredentialTypes" : [ "password" ], "requiredActions" : [ ], "realmRoles" : [ "admin", "user" ], "notBefore" : 0, "groups" : [ ] }, { "id" : "eb4123a3-b722-4798-9af5-8957f823657a", "username" : "alice", "enabled" : true, "totp" : false, "emailVerified" : false, "credentials" : [ { "type" : "password", "hashedSaltedValue" : "A3okqV2T/ybXTVEgKfosoSjP8Yc9IZbFP/SY4cEd6hag7TABQrQ6nUSuwagGt96l8cw1DTijO75PqX6uiTXMzw==", "salt" : "sl4mXx6T9FypPH/s9TngfQ==", "hashIterations" : 27500, "counter" : 0, "algorithm" : "pbkdf2-sha256", "digits" : 0, "period" : 0, "createdDate" : 1554245879116, "config" : { } } ], "disableableCredentialTypes" : [ "password" ], "requiredActions" : [ ], "realmRoles" : [ "user" ], "notBefore" : 0, "groups" : [ ] }, { "id" : "1eed6a8e-a853-4597-b4c6-c4c2533546a0", "username" : "jdoe", "enabled" : true, "totp" : false, "emailVerified" : false, "credentials" : [ { "type" : "password", "hashedSaltedValue" : "JV3DUNLjqOadjbBOtC4rvacQI553CGaDGAzBS8MR5ReCr7SwF3E6CsW3T7/XO8ITZAsch8+A/6loeuCoVLLJrg==", "salt" : "uCbOH7HZtyDtMd0E9DG/nw==", "hashIterations" : 27500, "counter" : 0, "algorithm" : "pbkdf2-sha256", "digits" : 0, "period" : 0, "createdDate" : 1554245879227, "config" : { } } ], "disableableCredentialTypes" : [ "password" ], "requiredActions" : [ ], "realmRoles" : [ "confidential", "user" ], "notBefore" : 0, "groups" : [ ] }, { "id" : "948c59ec-46ed-4d99-aa43-02900029b930", "createdTimestamp" : 1554245880023, "username" : "service-account-backend-service", "enabled" : true, "totp" : false, "emailVerified" : false, "email" : "service-account-backend-service@placeholder.org", "serviceAccountClientId" : "backend-service", "credentials" : [ ], "disableableCredentialTypes" : [ ], "requiredActions" : [ ], "realmRoles" : [ "offline_access" ], "clientRoles" : { "backend-service" : [ "uma_protection" ], "account" : [ "view-profile", "manage-account" ] }, "notBefore" : 0, "groups" : [ ] } ], "keycloakVersion" : "6.0.0", "userManagedAccessAllowed" : false } ansible/roles/ocp4-workload-ccnrd/files/codeready_cr.yaml
New file @@ -0,0 +1,36 @@ --- apiVersion: org.eclipse.che/v1 kind: CheCluster metadata: name: codeready-workspaces namespace: labs-infra spec: server: cheImageTag: '' cheFlavor: codeready devfileRegistryImage: '' pluginRegistryImage: '' tlsSupport: false selfSignedCert: false serverMemoryRequest: '2Gi' serverMemoryLimit: '6Gi' customCheProperties: CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT: "0" database: externalDb: false chePostgresHostName: '' chePostgresPort: '' chePostgresUser: '' chePostgresPassword: '' chePostgresDb: '' auth: openShiftoAuth: false identityProviderImage: '' externalIdentityProvider: false identityProviderURL: '' identityProviderRealm: '' identityProviderClientId: '' storage: pvcStrategy: per-workspace pvcClaimSize: 1Gi preCreateSubPaths: true ansible/roles/ocp4-workload-ccnrd/files/codeready_operatorgroup.yaml
New file @@ -0,0 +1,12 @@ --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: generateName: labs-infra- annotations: olm.providedAPIs: CheCluster.v1.org.eclipse.che name: labs-infra-operator-group namespace: labs-infra spec: targetNamespaces: - labs-infra ansible/roles/ocp4-workload-ccnrd/files/codeready_subscription.yaml
New file @@ -0,0 +1,13 @@ --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: codeready-workspaces namespace: labs-infra spec: channel: latest installPlanApproval: Automatic name: codeready-workspaces source: redhat-operators sourceNamespace: openshift-marketplace startingCSV: crwoperator.v2.0.0 ansible/roles/ocp4-workload-ccnrd/files/coolstore-monolith-binary-build-template.yaml
New file @@ -0,0 +1,351 @@ apiVersion: template.openshift.io/v1 kind: Template labels: template: coolstore-monolith-binary-build message: The resources (build config, deploy config, service, imagestreams, etc) for running the Coolstore Monolith demo has been created in your project. To deploy the application go to your source directoy and build that code using mvn -Popenshift package and then start the build using oc start-build coolstore --from-file=deployments/ROOT.war. metadata: annotations: description: Application template Coolstore Monolith using binary build. iconClass: icon-jboss openshift.io/display-name: Coolstore Monolith using binary build tags: eap,postgresql,javaee,java,database,jboss,xpaas version: 1.0.0 creationTimestamp: "2020-02-08T04:25:43Z" name: coolstore-monolith-binary-build namespace: openshift resourceVersion: "42535" selfLink: /apis/template.openshift.io/v1/namespaces/openshift/templates/coolstore-monolith-binary-build uid: 2fc74cea-c4fc-4f0a-a373-7a48219ba96d objects: - apiVersion: v1 kind: Service metadata: annotations: description: The web server's http port. service.alpha.openshift.io/dependencies: '[{"name":"coolstore-postgresql","namespace":"","kind":"Service"}]' labels: application: coolstore name: coolstore spec: ports: - port: 8080 targetPort: 8080 selector: deploymentConfig: coolstore - apiVersion: v1 kind: Service metadata: annotations: description: The database server's port. labels: application: coolstore name: coolstore-postgresql spec: ports: - port: 5432 targetPort: 5432 selector: deploymentConfig: coolstore-postgresql - apiVersion: v1 id: coolstore-http kind: Route metadata: annotations: description: Route for application's http service. labels: application: coolstore name: www spec: to: name: coolstore - apiVersion: v1 kind: ImageStream metadata: labels: application: coolstore build: coolstore name: coolstore - apiVersion: v1 kind: BuildConfig metadata: labels: application: coolstore name: coolstore spec: output: to: kind: ImageStreamTag name: coolstore:latest source: binary: {} type: Binary strategy: sourceStrategy: from: kind: ImageStreamTag name: jboss-eap72-openshift:1.0 namespace: ${IMAGE_STREAM_NAMESPACE} type: Source - apiVersion: v1 kind: DeploymentConfig metadata: labels: application: coolstore name: coolstore spec: replicas: 1 selector: deploymentConfig: coolstore strategy: resources: {} type: Recreate template: metadata: labels: application: coolstore deploymentConfig: coolstore name: coolstore spec: containers: - env: - name: DB_SERVICE_PREFIX_MAPPING value: coolstore-postgresql=DB - name: DB_JNDI value: java:jboss/datasources/CoolstoreDS - name: DB_USERNAME value: coolstore - name: DB_PASSWORD value: coolstore123 - name: DB_DATABASE value: monolith - name: TX_DATABASE_PREFIX_MAPPING value: coolstore-postgresql=DB - name: MQ_TOPICS value: orders - name: OPENSHIFT_KUBE_PING_LABELS value: application=coolstore - name: OPENSHIFT_KUBE_PING_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: HTTPS_KEYSTORE_DIR value: /etc/eap-secret-volume - name: HTTPS_KEYSTORE value: keystore.jks - name: HTTPS_KEYSTORE_TYPE value: JKS - name: HTTPS_NAME value: jboss - name: HTTPS_PASSWORD value: mykeystorepass - name: MQ_CLUSTER_PASSWORD value: coolstore123 - name: JGROUPS_ENCRYPT_SECRET value: coolstore-secret - name: JGROUPS_ENCRYPT_KEYSTORE_DIR value: /etc/jgroups-encrypt-secret-volume - name: JGROUPS_ENCRYPT_KEYSTORE value: jgroups.jceks - name: JGROUPS_ENCRYPT_NAME value: secret-key - name: JGROUPS_ENCRYPT_PASSWORD value: password - name: JGROUPS_CLUSTER_PASSWORD value: openshift123 - name: DEFAULT_JOB_REPOSITORY value: coolstore-postgresql - name: TIMER_SERVICE_DATA_STORE value: coolstore-postgresql image: coolstore imagePullPolicy: Always lifecycle: preStop: exec: command: - /opt/eap/bin/jboss-cli.sh - -c - :shutdown(timeout=60) readinessProbe: httpGet: path: /health.jsp port: 8080 scheme: HTTP timeoutSeconds: 5 periodSeconds: 30 successThreshold: 1 failureThreshold: 20 initialDelaySeconds: 20 livenessProbe: httpGet: path: /health.jsp port: 8080 scheme: HTTP timeoutSeconds: 5 periodSeconds: 30 successThreshold: 1 failureThreshold: 20 initialDelaySeconds: 20 name: coolstore ports: - containerPort: 8778 name: jolokia protocol: TCP - containerPort: 8080 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP - containerPort: 8888 name: ping protocol: TCP volumeMounts: - mountPath: /etc/eap-secret-volume name: eap-keystore-volume readOnly: true - mountPath: /etc/jgroups-encrypt-secret-volume name: eap-jgroups-keystore-volume readOnly: true serviceAccountName: coolstore-serviceaccount terminationGracePeriodSeconds: 75 volumes: - name: eap-keystore-volume secret: secretName: coolstore-secret - name: eap-jgroups-keystore-volume secret: secretName: coolstore-secret triggers: - imageChangeParams: automatic: true containerNames: - coolstore from: kind: ImageStreamTag name: coolstore:latest type: ImageChange - type: ConfigChange - apiVersion: v1 kind: DeploymentConfig metadata: labels: application: coolstore name: coolstore-postgresql spec: replicas: 1 selector: deploymentConfig: coolstore-postgresql strategy: type: Recreate template: metadata: labels: application: coolstore deploymentConfig: coolstore-postgresql name: coolstore-postgresql spec: containers: - env: - name: POSTGRESQL_USER value: coolstore - name: POSTGRESQL_PASSWORD value: coolstore123 - name: POSTGRESQL_DATABASE value: monolith - name: POSTGRESQL_MAX_CONNECTIONS value: "100" - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS value: "100" image: postgresql:10 imagePullPolicy: Always livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 5432 timeoutSeconds: 1 name: coolstore-postgresql ports: - containerPort: 5432 protocol: TCP readinessProbe: exec: command: - /bin/sh - -i - -c - psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1' failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 terminationGracePeriodSeconds: 60 triggers: - imageChangeParams: automatic: true containerNames: - coolstore-postgresql from: kind: ImageStreamTag name: postgresql:10 namespace: ${IMAGE_STREAM_NAMESPACE} type: ImageChange - type: ConfigChange - apiVersion: v1 kind: ServiceAccount metadata: name: coolstore-serviceaccount secrets: - name: coolstore-secret - apiVersion: v1 groupNames: null kind: RoleBinding metadata: name: coolstore-serviceaccount_view roleRef: name: view subjects: - kind: ServiceAccount name: coolstore-serviceaccount - apiVersion: v1 groupNames: - system:serviceaccounts:${USER_ID}-coolstore-prod kind: RoleBinding metadata: name: ci_admin roleRef: name: admin subjects: - kind: Group name: system:serviceaccounts:${USER_ID}-coolstore-prod - apiVersion: v1 data: jgroups.jceks: zs7OzgAAAAIAAAABAAAAAwAKc2VjcmV0LWtleQAAAVDQhuHmrO0ABXNyADNjb20uc3VuLmNyeXB0by5wcm92aWRlci5TZWFsZWRPYmplY3RGb3JLZXlQcm90ZWN0b3LNV8pZ5zC7UwIAAHhyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAJMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAN4cHVyAAJbQqzzF/gGCFTgAgAAeHAAAAAPMA0ECHcwLGK6EDyLAgEUdXEAfgAFAAAAmCu9wRKf1aYYUOEWe406ncPtIdm3147G7MJyWUu2kJVY15a2QxeZi9w5J3AF6T64CvylUuQjpcC4DWXwVn9BefntkBR8CzTiH7VxEqVOQ/OkFS29Inoq8t7/NBaTgTdmMkb4ETV1gIsy/+W6kk7QTqxItCkdKKGFE90Be/7yL3tG16TCy/ABKl7CO6PHa44CqK2PUE1oaJ+WdAAWUEJFV2l0aE1ENUFuZFRyaXBsZURFU3QAFlBCRVdpdGhNRDVBbmRUcmlwbGVERVMN658veJP01V2j9y8bQCYIzViutw== keystore.jks: /u3+7QAAAAIAAAABAAAAAQAFamJvc3MAAAFVFbYp5AAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOqe/lTeehnds9ffJp/EYKY2K7o9CvvyvgiqvdaGqiZxwWjmoYBEuBxJBUkr7uyYr2g3Viui18djJh9paWdBfPRCEWsLxbMBmig+5OXe1U536PTNZlzkdrwSJpusiwwWLiog/kQ+Gp82VzHxsueNVkewKZ6LvdAq+5Pw7148cxgfnm+2j0La1YnX4/TAtY6A33HjU3HxPxpkLCBP66THxjJvm+n5xg+6eAPu6n/c3mWShhudf0k7FAHLgqMqZt22GMlIv73azdz5kf+opcF8nHN/SDnrgmBbX+GBFvMQ64a3zfLGMnCH8R7L2v5K0uH4AvOHHU9+g7KGk/obPOFyqjloPGIGwzyX4UhxsxP9+wU45RVg02SdoOsqsKYeF7JV1t+uj1+WXDkEaxGYx9u5bFIpkQOuuh6kyf6P6MK8gP6u8cRJeLU/LZCkNMSHq6afbgu/Uu0ZlPFKMLBiX6aKYO0nhp/h3QBzLOVCrWB5nnj90WnZ6Ug8bUjozTTKcdOu8oU47cOesSxPsZzs/KXEuqNP+T34fb4iOKjDXpTZDhIDYanfXb+GMHi/XdY5Q5Xu5w+6ES4ue9grlqfXtMa3G/FgUuJ6dLIXCDAHtS6nxvN3VBd3+pkQKG3iiBMbmBSg03bau5stsD8ol6NGQkoqIhvr1cxFHz+wVzh3UE6FOF+T96rqSuK17UNWnNTSFntHpMYUq+CbD1sTsAmaZ1tIbWBVYEw9G0hpzfFgIqndnEOJ2hD1Z30cStVvSamTlY1hYwxw9/qVUGxzRyQF1a4U8wuYyJNSLZmLwF4jmtkP/kvzhOJ9nr9ZHpuZcW8v5OuHpeTGb+bq+23T+1w0uK3x+O0TnZAFKN4UyZN6JWH2LI+jS+95sTt1fgV1gpY7/qtgX26BWPGQw6+ynRT68EREneUH7c8z3W8mkyfeOl+ffi3n4BYmkki6feSJNbkNdRncpFO83qIk3EtE9RNOMjU1ih8w+KrzZXm2LIINYqc6FkR+tACeGcJwPRkv7paGE3fI7JacYPrJsIf8C055NqbW1HFhplhY/zTbSuGH0SaseZ2lzkGVaVG8pzsNBlBX8eR4oL7LWAXhos1uJdg9cVIC2UZ+bBkBlUpEeWi7LryLL+Glg//iMp3W93nm+S6UJVUipVMgCMgHrXZjWQN0tGvPOxBUIM5IrxcrWsjEA0OJDsa0KCbI8R397FP3QZqB9hJPDs6Lb+64XGmkmAixLYLP2LczlmmoJ6pnGTdzqGjf/au1FzTq/Pikundn47Lt0ZsA9D5Wq958zr0U8Zc3X2OewAd/MKh7u5TOAJs870wHZPIjZss9lTwYJ1VfCP9/x4c8wfoas1mLrxoaTx4axIiTn8bMK60fq5s2DLpnDNgGS0g2tsyqw6+BPCKuwNj1dc5dl0fupIZxLB4+FeTcr7WaDslBl5QIyrM6ljknzd+r3U5ndtBiTBnFutD4+YFOcGPXm1qE7R/1Olmt+ZwnB8O7CtOGldTv/Imoa+en8YFT0TH9gPstso6ERJIP4UbIxxxJF+soqNVkK5fY0qRSksosJJJTKdD8BNl9skcPo8S9J7TRtcBsbPytU/1DhnL19D+bp0o5NRLAWse2sTOv3dSZiBPIAeL5oSaSBkJ9GbZcVc95d7ga3cNgbZuvcNPLov+F1WsEYYZcM/zjhvevAAAAAQAFWC41MDkAAAOBMIIDfTCCAmWgAwIBAgIEHPuEUDANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTXlTdGF0ZTEPMA0GA1UEBxMGTXlDaXR5MRcwFQYDVQQKEw5NeU9yZ2FuaXphdGlvbjESMBAGA1UECxMJTXlPcmdVbml0MRAwDgYDVQQDEwdFeGFtcGxlMB4XDTE2MDYwMzEwMDE0NVoXDTI2MDYwMTEwMDE0NVowbzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB015U3RhdGUxDzANBgNVBAcTBk15Q2l0eTEXMBUGA1UEChMOTXlPcmdhbml6YXRpb24xEjAQBgNVBAsTCU15T3JnVW5pdDEQMA4GA1UEAxMHRXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL12YRIsnxFfnXSOLn8GtCWf0pJr/NzSFDV7M1I0nLlytu7dD/XAwvRTV6CFEvZJ8a4Q5NmKDkB1XofN7uebEhIANcizwtu61JXyic26kQB3IhK4nb5BChIgJbvfXg4IiazbWIHR6cAyRWT/M6rXVVUNDIPRZ84O7rng2vKvZezGHS9BbsoewyhF71fWTmvu2s7Dcm1sI6bRxJnF4BCQdMEc8dfPqjWCQUqkvkPN4wyHUzVlQE0/pbOW4YN668dBSmTGHTWaUvEXgX333gAlG07YcbJtjqJznurkCKLrGssX2ozGQg84GKg9+Sq+nwN5a09Rfhn4UBRGrJ4MpZDpKAkCAwEAAaMhMB8wHQYDVR0OBBYEFJMKA17Zl2R5M8pqpmdUWFEERulHMA0GCSqGSIb3DQEBCwUAA4IBAQCFJQeVl+7XD9Is6lGHPgOr8Ep8pSHwCBY+95C4I7KPYapXB+U9gi9bKvVElfDD+IMPfqg2hRuFCnW3MQId/6QU+/c7+fwOnqE0oi6xo8nl7qx48Y/Ih3jXo3q7JON6CfrJHMSw47+gYi8c66S6EOePi2aGySQNBwqop85kEUhDEl6eGAAEo66+BrCUjwPNK3R5mGtx38FM54OibLkmDMS8pFfBN7qQ1C35JUdFDDJcNEBZ1WGIbkLxyIFsogJa1x6j235Fst9MASxeu5+xO3/WVHcLHQAZqJ/xZadEJAg2+YkPEhsrIEoFhRr3Hg13ECqD1W6aSW5kE5wPoWjru1gNUXYHaE8+iikx9yyc8V8V4CG63qk= kind: Secret metadata: annotations: description: Default HTTPS keystore (keystore.jks) with name 'jboss' and password 'mykeystorepass' and JGoups keystore (jgroups.jceks) with name 'secret-key' and password 'password' name: coolstore-secret parameters: - description: User ID for Dev/Prod namespaces displayName: User ID required: true name: USER_ID - description: Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project. displayName: ImageStream Namespace name: IMAGE_STREAM_NAMESPACE required: true value: openshift ansible/roles/ocp4-workload-ccnrd/files/coolstore-monolith-pipeline-build-template.yaml
New file @@ -0,0 +1,420 @@ apiVersion: template.openshift.io/v1 kind: Template labels: template: coolstore-monolith-pipeline-build message: The resources (build config, deploy config, service, imagestreams, etc) for running the Coolstore Monolith demo has been created in your project. To deploy the application go to your source directoy and build that code using mvn -Popenshift package and then start the build using oc start-build coolstore --from-file=deployments/ROOT.war. metadata: annotations: description: Application template Coolstore Monolith using pipeline build. iconClass: icon-jboss openshift.io/display-name: Coolstore Monolith using pipelines tags: eap,postgresql,javaee,java,database,jboss,xpaas version: 1.0.0 creationTimestamp: "2020-02-08T04:25:45Z" name: coolstore-monolith-pipeline-build namespace: openshift resourceVersion: "42541" selfLink: /apis/template.openshift.io/v1/namespaces/openshift/templates/coolstore-monolith-pipeline-build uid: 87c77677-f7f1-4bed-854e-73ab9150cae9 objects: - apiVersion: v1 kind: ImageStream metadata: labels: application: coolstore name: coolstore - apiVersion: v1 kind: Service metadata: annotations: description: The web server's http port. service.alpha.openshift.io/dependencies: '[{"name":"coolstore-prod-postgresql","namespace":"","kind":"Service"}]' labels: application: coolstore-prod name: coolstore-prod spec: ports: - port: 8080 targetPort: 8080 selector: deploymentConfig: coolstore-prod - apiVersion: v1 kind: Service metadata: annotations: description: The database server's port. labels: application: coolstore-prod name: coolstore-prod-postgresql spec: ports: - port: 5432 targetPort: 5432 selector: deploymentConfig: coolstore-prod-postgresql - apiVersion: v1 kind: Route metadata: annotations: description: Route for application's http service. labels: application: coolstore-prod name: www spec: to: name: coolstore-prod - apiVersion: v1 kind: DeploymentConfig metadata: labels: application: coolstore-prod name: coolstore-prod spec: replicas: 1 selector: deploymentConfig: coolstore-prod strategy: resources: {} type: Recreate template: metadata: labels: application: coolstore-prod deploymentConfig: coolstore-prod name: coolstore-prod spec: containers: - env: - name: DB_SERVICE_PREFIX_MAPPING value: coolstore-prod-postgresql=DB - name: DB_JNDI value: ${DB_JNDI} - name: DB_USERNAME value: ${DB_USERNAME} - name: DB_PASSWORD value: ${DB_PASSWORD} - name: DB_DATABASE value: ${DB_DATABASE} - name: TX_DATABASE_PREFIX_MAPPING value: coolstore-prod-postgresql=DB - name: DB_MIN_POOL_SIZE value: ${DB_MIN_POOL_SIZE} - name: DB_MAX_POOL_SIZE value: ${DB_MAX_POOL_SIZE} - name: DB_TX_ISOLATION value: ${DB_TX_ISOLATION} - name: OPENSHIFT_KUBE_PING_LABELS value: application=coolstore-prod - name: OPENSHIFT_KUBE_PING_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: HTTPS_KEYSTORE_DIR value: /etc/eap-secret-volume - name: HTTPS_KEYSTORE value: keystore.jks - name: HTTPS_KEYSTORE_TYPE value: JKS - name: HTTPS_NAME value: jboss - name: HTTPS_PASSWORD value: mykeystorepass - name: MQ_TOPICS value: orders - name: MQ_CLUSTER_PASSWORD value: ${MQ_CLUSTER_PASSWORD} - name: JGROUPS_ENCRYPT_SECRET value: coolstore-prod-secret - name: JGROUPS_ENCRYPT_KEYSTORE_DIR value: /etc/jgroups-encrypt-secret-volume - name: JGROUPS_ENCRYPT_KEYSTORE value: jgroups.jceks - name: JGROUPS_ENCRYPT_NAME value: secret-key - name: JGROUPS_ENCRYPT_PASSWORD value: password - name: JGROUPS_CLUSTER_PASSWORD value: ${JGROUPS_CLUSTER_PASSWORD} - name: AUTO_DEPLOY_EXPLODED value: ${AUTO_DEPLOY_EXPLODED} - name: DEFAULT_JOB_REPOSITORY value: coolstore-prod-postgresql - name: TIMER_SERVICE_DATA_STORE value: coolstore-prod-postgresql image: coolstore imagePullPolicy: Always lifecycle: preStop: exec: command: - /opt/eap/bin/jboss-cli.sh - -c - :shutdown(timeout=60) readinessProbe: httpGet: path: /health.jsp port: 8080 scheme: HTTP timeoutSeconds: 5 periodSeconds: 30 successThreshold: 1 failureThreshold: 20 initialDelaySeconds: 20 livenessProbe: httpGet: path: /health.jsp port: 8080 scheme: HTTP timeoutSeconds: 5 periodSeconds: 30 successThreshold: 1 failureThreshold: 20 initialDelaySeconds: 20 name: coolstore-prod ports: - containerPort: 8778 name: jolokia protocol: TCP - containerPort: 8080 name: http protocol: TCP - containerPort: 8443 name: https protocol: TCP - containerPort: 8888 name: ping protocol: TCP volumeMounts: - mountPath: /etc/eap-secret-volume name: eap-keystore-volume readOnly: true - mountPath: /etc/jgroups-encrypt-secret-volume name: eap-jgroups-keystore-volume readOnly: true serviceAccountName: coolstore-prod-serviceaccount terminationGracePeriodSeconds: 75 volumes: - name: eap-keystore-volume secret: secretName: coolstore-prod-secret - name: eap-jgroups-keystore-volume secret: secretName: coolstore-prod-secret triggers: - imageChangeParams: automatic: true containerNames: - coolstore-prod from: kind: ImageStreamTag name: coolstore:prod type: ImageChange - type: ConfigChange - apiVersion: v1 kind: DeploymentConfig metadata: labels: application: coolstore-prod name: coolstore-prod-postgresql spec: replicas: 1 selector: deploymentConfig: coolstore-prod-postgresql strategy: type: Recreate template: metadata: labels: application: coolstore-prod deploymentConfig: coolstore-prod-postgresql name: coolstore-prod-postgresql spec: containers: - env: - name: POSTGRESQL_USER value: ${DB_USERNAME} - name: POSTGRESQL_PASSWORD value: ${DB_PASSWORD} - name: POSTGRESQL_DATABASE value: ${DB_DATABASE} - name: POSTGRESQL_MAX_CONNECTIONS value: "100" - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS value: "100" image: postgresql imagePullPolicy: Always livenessProbe: failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 1 tcpSocket: port: 5432 timeoutSeconds: 1 name: coolstore-prod-postgresql ports: - containerPort: 5432 protocol: TCP readinessProbe: exec: command: - /bin/sh - -i - -c - psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c 'SELECT 1' failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 terminationGracePeriodSeconds: 60 triggers: - imageChangeParams: automatic: true containerNames: - coolstore-prod-postgresql from: kind: ImageStreamTag name: postgresql:10 namespace: ${IMAGE_STREAM_NAMESPACE} type: ImageChange - type: ConfigChange - apiVersion: v1 kind: BuildConfig metadata: labels: build: monolith-pipeline template: coolstore-monolith-prod-demo name: monolith-pipeline spec: nodeSelector: null output: {} postCommit: {} resources: {} runPolicy: Serial source: type: None strategy: jenkinsPipelineStrategy: jenkinsfile: "pipeline { \n agent {\n label 'maven'\n }\n stages {\n \ stage ('Build') {\n steps {\n sleep 5\n }\n }\n \ stage ('Run Tests in DEV') {\n steps {\n sleep 10\n }\n \ }\n stage ('Deploy to PROD') {\n steps {\n script {\n \ openshift.withCluster() {\n openshift.tag(\"${USER_ID}-coolstore-dev/coolstore:latest\", \"${USER_ID}-coolstore-prod/coolstore:prod\")\n }\n }\n }\n \ }\n stage ('Run Tests in PROD') {\n steps {\n sleep 30\n \ }\n }\n }\n}" type: JenkinsPipeline triggers: - github: secret: ${GITHUB_WEBHOOK_SECRET} type: GitHub - generic: secret: ${GENERIC_WEBHOOK_SECRET} type: Generic status: lastVersion: 0 - apiVersion: v1 kind: ServiceAccount metadata: name: coolstore-prod-serviceaccount secrets: - name: coolstore-prod-secret - apiVersion: v1 groupNames: null kind: RoleBinding metadata: name: coolstore-prod-serviceaccount_view roleRef: name: view subjects: - kind: ServiceAccount name: coolstore-prod-serviceaccount - apiVersion: v1 data: jgroups.jceks: zs7OzgAAAAIAAAABAAAAAwAKc2VjcmV0LWtleQAAAVDQhuHmrO0ABXNyADNjb20uc3VuLmNyeXB0by5wcm92aWRlci5TZWFsZWRPYmplY3RGb3JLZXlQcm90ZWN0b3LNV8pZ5zC7UwIAAHhyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNvZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAJMAAlwYXJhbXNBbGd0ABJMamF2YS9sYW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAN4cHVyAAJbQqzzF/gGCFTgAgAAeHAAAAAPMA0ECHcwLGK6EDyLAgEUdXEAfgAFAAAAmCu9wRKf1aYYUOEWe406ncPtIdm3147G7MJyWUu2kJVY15a2QxeZi9w5J3AF6T64CvylUuQjpcC4DWXwVn9BefntkBR8CzTiH7VxEqVOQ/OkFS29Inoq8t7/NBaTgTdmMkb4ETV1gIsy/+W6kk7QTqxItCkdKKGFE90Be/7yL3tG16TCy/ABKl7CO6PHa44CqK2PUE1oaJ+WdAAWUEJFV2l0aE1ENUFuZFRyaXBsZURFU3QAFlBCRVdpdGhNRDVBbmRUcmlwbGVERVMN658veJP01V2j9y8bQCYIzViutw== keystore.jks: /u3+7QAAAAIAAAABAAAAAQAFamJvc3MAAAFVFbYp5AAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOqe/lTeehnds9ffJp/EYKY2K7o9CvvyvgiqvdaGqiZxwWjmoYBEuBxJBUkr7uyYr2g3Viui18djJh9paWdBfPRCEWsLxbMBmig+5OXe1U536PTNZlzkdrwSJpusiwwWLiog/kQ+Gp82VzHxsueNVkewKZ6LvdAq+5Pw7148cxgfnm+2j0La1YnX4/TAtY6A33HjU3HxPxpkLCBP66THxjJvm+n5xg+6eAPu6n/c3mWShhudf0k7FAHLgqMqZt22GMlIv73azdz5kf+opcF8nHN/SDnrgmBbX+GBFvMQ64a3zfLGMnCH8R7L2v5K0uH4AvOHHU9+g7KGk/obPOFyqjloPGIGwzyX4UhxsxP9+wU45RVg02SdoOsqsKYeF7JV1t+uj1+WXDkEaxGYx9u5bFIpkQOuuh6kyf6P6MK8gP6u8cRJeLU/LZCkNMSHq6afbgu/Uu0ZlPFKMLBiX6aKYO0nhp/h3QBzLOVCrWB5nnj90WnZ6Ug8bUjozTTKcdOu8oU47cOesSxPsZzs/KXEuqNP+T34fb4iOKjDXpTZDhIDYanfXb+GMHi/XdY5Q5Xu5w+6ES4ue9grlqfXtMa3G/FgUuJ6dLIXCDAHtS6nxvN3VBd3+pkQKG3iiBMbmBSg03bau5stsD8ol6NGQkoqIhvr1cxFHz+wVzh3UE6FOF+T96rqSuK17UNWnNTSFntHpMYUq+CbD1sTsAmaZ1tIbWBVYEw9G0hpzfFgIqndnEOJ2hD1Z30cStVvSamTlY1hYwxw9/qVUGxzRyQF1a4U8wuYyJNSLZmLwF4jmtkP/kvzhOJ9nr9ZHpuZcW8v5OuHpeTGb+bq+23T+1w0uK3x+O0TnZAFKN4UyZN6JWH2LI+jS+95sTt1fgV1gpY7/qtgX26BWPGQw6+ynRT68EREneUH7c8z3W8mkyfeOl+ffi3n4BYmkki6feSJNbkNdRncpFO83qIk3EtE9RNOMjU1ih8w+KrzZXm2LIINYqc6FkR+tACeGcJwPRkv7paGE3fI7JacYPrJsIf8C055NqbW1HFhplhY/zTbSuGH0SaseZ2lzkGVaVG8pzsNBlBX8eR4oL7LWAXhos1uJdg9cVIC2UZ+bBkBlUpEeWi7LryLL+Glg//iMp3W93nm+S6UJVUipVMgCMgHrXZjWQN0tGvPOxBUIM5IrxcrWsjEA0OJDsa0KCbI8R397FP3QZqB9hJPDs6Lb+64XGmkmAixLYLP2LczlmmoJ6pnGTdzqGjf/au1FzTq/Pikundn47Lt0ZsA9D5Wq958zr0U8Zc3X2OewAd/MKh7u5TOAJs870wHZPIjZss9lTwYJ1VfCP9/x4c8wfoas1mLrxoaTx4axIiTn8bMK60fq5s2DLpnDNgGS0g2tsyqw6+BPCKuwNj1dc5dl0fupIZxLB4+FeTcr7WaDslBl5QIyrM6ljknzd+r3U5ndtBiTBnFutD4+YFOcGPXm1qE7R/1Olmt+ZwnB8O7CtOGldTv/Imoa+en8YFT0TH9gPstso6ERJIP4UbIxxxJF+soqNVkK5fY0qRSksosJJJTKdD8BNl9skcPo8S9J7TRtcBsbPytU/1DhnL19D+bp0o5NRLAWse2sTOv3dSZiBPIAeL5oSaSBkJ9GbZcVc95d7ga3cNgbZuvcNPLov+F1WsEYYZcM/zjhvevAAAAAQAFWC41MDkAAAOBMIIDfTCCAmWgAwIBAgIEHPuEUDANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTXlTdGF0ZTEPMA0GA1UEBxMGTXlDaXR5MRcwFQYDVQQKEw5NeU9yZ2FuaXphdGlvbjESMBAGA1UECxMJTXlPcmdVbml0MRAwDgYDVQQDEwdFeGFtcGxlMB4XDTE2MDYwMzEwMDE0NVoXDTI2MDYwMTEwMDE0NVowbzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB015U3RhdGUxDzANBgNVBAcTBk15Q2l0eTEXMBUGA1UEChMOTXlPcmdhbml6YXRpb24xEjAQBgNVBAsTCU15T3JnVW5pdDEQMA4GA1UEAxMHRXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL12YRIsnxFfnXSOLn8GtCWf0pJr/NzSFDV7M1I0nLlytu7dD/XAwvRTV6CFEvZJ8a4Q5NmKDkB1XofN7uebEhIANcizwtu61JXyic26kQB3IhK4nb5BChIgJbvfXg4IiazbWIHR6cAyRWT/M6rXVVUNDIPRZ84O7rng2vKvZezGHS9BbsoewyhF71fWTmvu2s7Dcm1sI6bRxJnF4BCQdMEc8dfPqjWCQUqkvkPN4wyHUzVlQE0/pbOW4YN668dBSmTGHTWaUvEXgX333gAlG07YcbJtjqJznurkCKLrGssX2ozGQg84GKg9+Sq+nwN5a09Rfhn4UBRGrJ4MpZDpKAkCAwEAAaMhMB8wHQYDVR0OBBYEFJMKA17Zl2R5M8pqpmdUWFEERulHMA0GCSqGSIb3DQEBCwUAA4IBAQCFJQeVl+7XD9Is6lGHPgOr8Ep8pSHwCBY+95C4I7KPYapXB+U9gi9bKvVElfDD+IMPfqg2hRuFCnW3MQId/6QU+/c7+fwOnqE0oi6xo8nl7qx48Y/Ih3jXo3q7JON6CfrJHMSw47+gYi8c66S6EOePi2aGySQNBwqop85kEUhDEl6eGAAEo66+BrCUjwPNK3R5mGtx38FM54OibLkmDMS8pFfBN7qQ1C35JUdFDDJcNEBZ1WGIbkLxyIFsogJa1x6j235Fst9MASxeu5+xO3/WVHcLHQAZqJ/xZadEJAg2+YkPEhsrIEoFhRr3Hg13ECqD1W6aSW5kE5wPoWjru1gNUXYHaE8+iikx9yyc8V8V4CG63qk= kind: Secret metadata: annotations: description: Default HTTPS keystore (keystore.jks) with name 'jboss' and password 'mykeystorepass' and JGoups keystore (jgroups.jceks) with name 'secret-key' and password 'password' name: coolstore-prod-secret parameters: - description: Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql displayName: Database JNDI Name name: DB_JNDI value: java:jboss/datasources/CoolstoreDS - description: User ID for Dev/Prod namespaces displayName: User ID required: true name: USER_ID - description: Database name displayName: Database Name name: DB_DATABASE required: true value: monolith - description: Sets xa-pool/min-pool-size for the configured datasource. displayName: Datasource Minimum Pool Size name: DB_MIN_POOL_SIZE - description: Sets xa-pool/max-pool-size for the configured datasource. displayName: Datasource Maximum Pool Size name: DB_MAX_POOL_SIZE - description: Sets transaction-isolation for the configured datasource. displayName: Datasource Transaction Isolation name: DB_TX_ISOLATION - description: A-MQ cluster admin password displayName: A-MQ cluster password from: '[a-zA-Z0-9]{8}' generate: expression name: MQ_CLUSTER_PASSWORD required: true - description: Database user name displayName: Database Username from: user[a-zA-Z0-9]{3} generate: expression name: DB_USERNAME required: true - description: Database user password displayName: Database Password from: '[a-zA-Z0-9]{8}' generate: expression name: DB_PASSWORD required: true - description: GitHub trigger secret displayName: Github Webhook Secret from: '[a-zA-Z0-9]{8}' generate: expression name: GITHUB_WEBHOOK_SECRET required: true - description: Generic build trigger secret displayName: Generic Webhook Secret from: '[a-zA-Z0-9]{8}' generate: expression name: GENERIC_WEBHOOK_SECRET required: true - description: Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project. displayName: ImageStream Namespace name: IMAGE_STREAM_NAMESPACE required: true value: openshift - description: JGroups cluster password displayName: JGroups Cluster Password from: '[a-zA-Z0-9]{8}' generate: expression name: JGROUPS_CLUSTER_PASSWORD required: true - description: Controls whether exploded deployment content should be automatically deployed displayName: Deploy Exploded Archives name: AUTO_DEPLOY_EXPLODED value: "false" ansible/roles/ocp4-workload-ccnrd/files/gogs-template.yaml
New file @@ -0,0 +1,356 @@ kind: Template apiVersion: v1 metadata: annotations: description: The Gogs git server (https://gogs.io/) tags: instant-app,gogs,go,golang name: gogs objects: - kind: ServiceAccount apiVersion: v1 metadata: creationTimestamp: null labels: app: ${APPLICATION_NAME} name: ${APPLICATION_NAME} - kind: Service apiVersion: v1 metadata: annotations: description: Exposes the database server name: ${APPLICATION_NAME}-postgresql labels: app: ${APPLICATION_NAME} spec: ports: - name: postgresql port: 5432 targetPort: 5432 selector: name: ${APPLICATION_NAME}-postgresql - kind: DeploymentConfig apiVersion: v1 metadata: annotations: description: Defines how to deploy the database name: ${APPLICATION_NAME}-postgresql labels: app: ${APPLICATION_NAME} spec: replicas: 1 selector: name: ${APPLICATION_NAME}-postgresql strategy: type: Recreate template: metadata: labels: name: ${APPLICATION_NAME}-postgresql name: ${APPLICATION_NAME}-postgresql spec: serviceAccountName: ${APPLICATION_NAME} containers: - env: - name: POSTGRESQL_USER value: ${DATABASE_USER} - name: POSTGRESQL_PASSWORD value: ${DATABASE_PASSWORD} - name: POSTGRESQL_DATABASE value: ${DATABASE_NAME} - name: POSTGRESQL_MAX_CONNECTIONS value: ${DATABASE_MAX_CONNECTIONS} - name: POSTGRESQL_SHARED_BUFFERS value: ${DATABASE_SHARED_BUFFERS} - name: POSTGRESQL_ADMIN_PASSWORD value: ${DATABASE_ADMIN_PASSWORD} image: ' ' livenessProbe: initialDelaySeconds: 30 tcpSocket: port: 5432 timeoutSeconds: 1 failureThreshold: 10 periodSeconds: 20 name: postgresql ports: - containerPort: 5432 readinessProbe: exec: command: - /bin/sh - -i - -c - psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1' initialDelaySeconds: 30 timeoutSeconds: 1 failureThreshold: 10 resources: limits: memory: 512Mi volumeMounts: - mountPath: /var/lib/pgsql/data name: gogs-postgres-data volumes: - name: gogs-postgres-data persistentVolumeClaim: claimName: gogs-postgres-data triggers: - imageChangeParams: automatic: true containerNames: - postgresql from: kind: ImageStreamTag name: postgresql:${DATABASE_VERSION} namespace: openshift type: ImageChange - type: ConfigChange - kind: Service apiVersion: v1 metadata: annotations: description: The Gogs server's http port service.alpha.openshift.io/dependencies: '[{"name":"${APPLICATION_NAME}-postgresql","namespace":"","kind":"Service"}]' labels: app: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: ports: - name: 3000-tcp port: 3000 protocol: TCP targetPort: 3000 selector: app: ${APPLICATION_NAME} deploymentconfig: ${APPLICATION_NAME} sessionAffinity: None type: ClusterIP status: loadBalancer: {} - kind: Route apiVersion: v1 id: ${APPLICATION_NAME}-http metadata: annotations: description: Route for application's http service. labels: app: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: host: ${HOSTNAME} to: name: ${APPLICATION_NAME} - kind: DeploymentConfig apiVersion: v1 metadata: labels: app: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: replicas: 1 selector: app: ${APPLICATION_NAME} deploymentconfig: ${APPLICATION_NAME} strategy: resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: creationTimestamp: null labels: app: ${APPLICATION_NAME} deploymentconfig: ${APPLICATION_NAME} spec: serviceAccountName: ${APPLICATION_NAME} containers: - image: " " imagePullPolicy: Always name: ${APPLICATION_NAME} ports: - containerPort: 3000 protocol: TCP resources: {} terminationMessagePath: /dev/termination-log volumeMounts: - name: gogs-data mountPath: /opt/gogs/data - name: gogs-config mountPath: /etc/gogs/conf readinessProbe: httpGet: path: / port: 3000 scheme: HTTP initialDelaySeconds: 40 timeoutSeconds: 1 periodSeconds: 20 successThreshold: 1 failureThreshold: 10 livenessProbe: httpGet: path: / port: 3000 scheme: HTTP initialDelaySeconds: 40 timeoutSeconds: 1 periodSeconds: 10 successThreshold: 1 failureThreshold: 10 dnsPolicy: ClusterFirst restartPolicy: Always securityContext: {} terminationGracePeriodSeconds: 30 volumes: - name: gogs-data persistentVolumeClaim: claimName: gogs-data - name: gogs-config configMap: name: gogs-config items: - key: app.ini path: app.ini test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - ${APPLICATION_NAME} from: kind: ImageStreamTag name: ${APPLICATION_NAME}:${GOGS_VERSION} type: ImageChange - kind: ImageStream apiVersion: v1 metadata: labels: app: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: tags: - name: "${GOGS_VERSION}" from: kind: DockerImage name: docker.io/openshiftdemos/gogs:${GOGS_VERSION} importPolicy: {} annotations: description: The Gogs git server docker image tags: gogs,go,golang version: "${GOGS_VERSION}" - kind: PersistentVolumeClaim apiVersion: v1 metadata: name: gogs-data labels: app: ${APPLICATION_NAME} spec: accessModes: - ReadWriteOnce resources: requests: storage: ${GOGS_VOLUME_CAPACITY} - kind: PersistentVolumeClaim apiVersion: v1 metadata: name: gogs-postgres-data labels: app: ${APPLICATION_NAME} spec: accessModes: - ReadWriteOnce resources: requests: storage: ${DB_VOLUME_CAPACITY} - kind: ConfigMap apiVersion: v1 metadata: name: gogs-config labels: app: ${APPLICATION_NAME} data: app.ini: | RUN_MODE = prod RUN_USER = gogs [database] DB_TYPE = postgres HOST = ${APPLICATION_NAME}-postgresql:5432 NAME = ${DATABASE_NAME} USER = ${DATABASE_USER} PASSWD = ${DATABASE_PASSWORD} [repository] ROOT = /opt/gogs/data/repositories [server] ROOT_URL=http://${HOSTNAME} SSH_DOMAIN=${HOSTNAME} [security] INSTALL_LOCK = ${INSTALL_LOCK} [service] ENABLE_CAPTCHA = false [webhook] SKIP_TLS_VERIFY = ${SKIP_TLS_VERIFY} parameters: - description: The name for the application. name: APPLICATION_NAME required: true value: gogs - description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>' name: HOSTNAME required: true - description: Volume space available for data, e.g. 512Mi, 2Gi name: GOGS_VOLUME_CAPACITY required: true value: 1Gi - description: Volume space available for postregs data, e.g. 512Mi, 2Gi name: DB_VOLUME_CAPACITY required: true value: 1Gi - displayName: Database Username from: gogs value: gogs name: DATABASE_USER - displayName: Database Password from: '[a-zA-Z0-9]{8}' value: gogs name: DATABASE_PASSWORD - displayName: Database Name name: DATABASE_NAME value: gogs - displayName: Database Admin Password from: '[a-zA-Z0-9]{8}' generate: expression name: DATABASE_ADMIN_PASSWORD - displayName: Maximum Database Connections name: DATABASE_MAX_CONNECTIONS value: "100" - displayName: Shared Buffer Amount name: DATABASE_SHARED_BUFFERS value: 12MB - displayName: Database version (PostgreSQL) name: DATABASE_VERSION value: "10" - name: GOGS_VERSION displayName: Gogs Version description: 'Version of the Gogs container image to be used (check the available version https://hub.docker.com/r/openshiftdemos/gogs/tags)' value: "0.9.97" required: true - name: INSTALL_LOCK displayName: Installation lock description: 'If set to true, installation (/install) page will be disabled. Set to false if you want to run the installation wizard via web' value: "true" - name: SKIP_TLS_VERIFY displayName: Skip TLS verification on webhooks description: Skip TLS verification on webhooks. Enable with caution! value: "false" ansible/roles/ocp4-workload-ccnrd/files/jaeger-all-in-one-template.yml
New file @@ -0,0 +1,224 @@ # # Copyright 2017-2019 The Jaeger Authors # # Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except # in compliance with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software distributed under the License # is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express # or implied. See the License for the specific language governing permissions and limitations under # the License. # parameters: - description: The name of the Jaeger Service. displayName: Jaeger Service Name name: JAEGER_SERVICE_NAME required: true value: jaeger - description: The Jaeger image version to use displayName: Image version name: IMAGE_VERSION required: false value: "latest" - description: The name of the Jaeger Zipkin Service. displayName: Jaeger Zipkin Service Name name: JAEGER_ZIPKIN_SERVICE_NAME required: true value: zipkin - description: Limit the number of traces stored in-memory, see https://www.jaegertracing.io/docs/latest/deployment/#memory displayName: Max Traces name: MAX_TRACES required: true value: "50000" # See https://docs.okd.io/latest/dev_guide/compute_resources.html for the CPU/Memory Request/Limit parameters below - description: CPU request represents a minimum amount of CPU that your container may consume, but if there is no contention for CPU, it can use all available CPU on the node. displayName: CPU Request name: CPU_REQUEST required: true value: "100m" - description: CPU limits control the maximum amount of CPU that your container may use independent of contention on the node. displayName: CPU Limit name: CPU_LIMIT required: true value: "500m" - description: In order to improve placement of pods in the cluster, specify the amount of memory required for a container to run. displayName: Memory Request name: MEMORY_REQUEST required: true value: "100Mi" - description: Constrain the amount of memory the container can use. displayName: Memory Limit name: MEMORY_LIMIT required: true value: "2Gi" apiVersion: v1 kind: Template labels: template: jaeger-template-all-in-one jaeger-infra: template-all-in-one metadata: name: jaeger-template-all-in-one annotations: description: Jaeger Distributed Tracing Server (all-in-one) iconClass: icon-go-gopher openshift.io/display-name: Jaeger (all-in-one) tags: instant-app,tracing,opentracing,jaeger labels: name: jaeger-infra jaeger-infra: jaeger-template-all-in-one objects: - apiVersion: extensions/v1beta1 kind: Deployment metadata: name: ${JAEGER_SERVICE_NAME} labels: app: jaeger jaeger-infra: jaeger-deployment spec: replicas: 1 strategy: type: Recreate template: metadata: labels: app: jaeger jaeger-infra: jaeger-pod annotations: prometheus.io/scrape: "true" prometheus.io/port: "16686" spec: containers: - env: - name: COLLECTOR_ZIPKIN_HTTP_PORT value: "9411" image: jaegertracing/all-in-one:${IMAGE_VERSION} name: ${JAEGER_SERVICE_NAME} args: ["--memory.max-traces=${MAX_TRACES}"] ports: - containerPort: 5775 protocol: UDP - containerPort: 6831 protocol: UDP - containerPort: 6832 protocol: UDP - containerPort: 16686 protocol: TCP - containerPort: 9411 protocol: TCP - containerPort: 5778 protocol: TCP readinessProbe: httpGet: path: "/" port: 14269 initialDelaySeconds: 5 resources: requests: cpu: ${CPU_REQUEST} memory: ${MEMORY_REQUEST} limits: cpu: ${CPU_LIMIT} memory: ${MEMORY_LIMIT} - apiVersion: v1 kind: Service metadata: name: ${JAEGER_SERVICE_NAME}-query labels: app: jaeger jaeger-infra: jaeger-service spec: ports: - name: query-http port: 80 protocol: TCP targetPort: 16686 selector: jaeger-infra: jaeger-pod type: LoadBalancer - apiVersion: v1 kind: Service metadata: name: ${JAEGER_SERVICE_NAME}-collector labels: app: jaeger jaeger-infra: collector-service spec: ports: - name: jaeger-collector-tchannel port: 14267 protocol: TCP targetPort: 14267 - name: jaeger-collector-http port: 14268 protocol: TCP targetPort: 14268 - name: jaeger-collector-zipkin port: 9411 protocol: TCP targetPort: 9411 selector: jaeger-infra: jaeger-pod type: ClusterIP - apiVersion: v1 kind: Service metadata: name: ${JAEGER_SERVICE_NAME}-agent labels: app: jaeger jaeger-infra: agent-service spec: ports: - name: agent-zipkin-thrift port: 5775 protocol: UDP targetPort: 5775 - name: agent-compact port: 6831 protocol: UDP targetPort: 6831 - name: agent-binary port: 6832 protocol: UDP targetPort: 6832 - name: agent-sampler-manager port: 5778 protocol: TCP targetPort: 5778 clusterIP: None selector: jaeger-infra: jaeger-pod - apiVersion: v1 kind: Service metadata: name: ${JAEGER_ZIPKIN_SERVICE_NAME} labels: app: jaeger jaeger-infra: zipkin-service spec: ports: - name: jaeger-zipkin-http port: 9411 protocol: TCP targetPort: 9411 selector: jaeger-infra: jaeger-pod type: ClusterIP - apiVersion: v1 kind: Route metadata: name: ${JAEGER_SERVICE_NAME}-query labels: jaeger-infra: query-route spec: to: kind: Service name: ${JAEGER_SERVICE_NAME}-query port: targetPort: query-http tls: termination: edge insecureEdgeTerminationPolicy: Allow ansible/roles/ocp4-workload-ccnrd/files/jenkins-template.yaml
New file @@ -0,0 +1,218 @@ apiVersion: v1 kind: Template labels: app: jenkins-ephemeral template: jenkins-ephemeral-template message: A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template. metadata: annotations: description: |- Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing. iconClass: icon-jenkins openshift.io/display-name: Jenkins (Ephemeral) openshift.io/documentation-url: https://docs.okd.io/latest/using_images/other_images/jenkins.html openshift.io/long-description: This template deploys a Jenkins server capable of managing OpenShift Pipeline builds and supporting OpenShift-based oauth login. The Jenkins configuration is stored in non-persistent storage, so this configuration should be used for experimental purposes only. openshift.io/provider-display-name: Red Hat, Inc. openshift.io/support-url: https://access.redhat.com tags: instant-app,jenkins name: jenkins-ephemeral objects: - apiVersion: v1 kind: Route metadata: annotations: haproxy.router.openshift.io/timeout: 4m template.openshift.io/expose-uri: http://{.spec.host}{.spec.path} name: ${JENKINS_SERVICE_NAME} spec: tls: insecureEdgeTerminationPolicy: Redirect termination: edge to: kind: Service name: ${JENKINS_SERVICE_NAME} - apiVersion: v1 kind: DeploymentConfig metadata: annotations: template.alpha.openshift.io/wait-for-ready: "true" name: ${JENKINS_SERVICE_NAME} spec: replicas: 1 selector: name: ${JENKINS_SERVICE_NAME} strategy: type: Recreate template: metadata: labels: name: ${JENKINS_SERVICE_NAME} spec: containers: - capabilities: {} env: - name: OPENSHIFT_ENABLE_OAUTH value: ${ENABLE_OAUTH} - name: OPENSHIFT_ENABLE_REDIRECT_PROMPT value: "true" - name: DISABLE_ADMINISTRATIVE_MONITORS value: ${DISABLE_ADMINISTRATIVE_MONITORS} - name: KUBERNETES_MASTER value: https://kubernetes.default:443 - name: KUBERNETES_TRUST_CERTIFICATES value: "true" - name: JENKINS_SERVICE_NAME value: ${JENKINS_SERVICE_NAME} - name: JNLP_SERVICE_NAME value: ${JNLP_SERVICE_NAME} image: ' ' imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 2 httpGet: path: /login port: 8080 initialDelaySeconds: 420 periodSeconds: 360 timeoutSeconds: 240 name: jenkins readinessProbe: httpGet: path: /login port: 8080 initialDelaySeconds: 3 timeoutSeconds: 240 resources: requests: cpu: ${CPU_REQUEST} memory: ${MEMORY_REQUEST} limits: cpu: ${CPU_LIMIT} memory: ${MEMORY_LIMIT} securityContext: capabilities: {} privileged: false terminationMessagePath: /dev/termination-log volumeMounts: - mountPath: /var/lib/jenkins name: ${JENKINS_SERVICE_NAME}-data dnsPolicy: ClusterFirst restartPolicy: Always serviceAccountName: ${JENKINS_SERVICE_NAME} volumes: - emptyDir: medium: "" name: ${JENKINS_SERVICE_NAME}-data triggers: - imageChangeParams: automatic: true containerNames: - jenkins from: kind: ImageStreamTag name: ${JENKINS_IMAGE_STREAM_TAG} namespace: ${NAMESPACE} lastTriggeredImage: "" type: ImageChange - type: ConfigChange - apiVersion: v1 kind: ServiceAccount metadata: annotations: serviceaccounts.openshift.io/oauth-redirectreference.jenkins: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"${JENKINS_SERVICE_NAME}"}}' name: ${JENKINS_SERVICE_NAME} - apiVersion: v1 groupNames: null kind: RoleBinding metadata: name: ${JENKINS_SERVICE_NAME}_edit roleRef: name: edit subjects: - kind: ServiceAccount name: ${JENKINS_SERVICE_NAME} - apiVersion: v1 kind: Service metadata: name: ${JNLP_SERVICE_NAME} spec: ports: - name: agent nodePort: 0 port: 50000 protocol: TCP targetPort: 50000 selector: name: ${JENKINS_SERVICE_NAME} sessionAffinity: None type: ClusterIP - apiVersion: v1 kind: Service metadata: annotations: service.alpha.openshift.io/dependencies: '[{"name": "${JNLP_SERVICE_NAME}", "namespace": "", "kind": "Service"}]' service.openshift.io/infrastructure: "true" name: ${JENKINS_SERVICE_NAME} spec: ports: - name: web nodePort: 0 port: 80 protocol: TCP targetPort: 8080 selector: name: ${JENKINS_SERVICE_NAME} sessionAffinity: None type: ClusterIP parameters: - description: The name of the OpenShift Service exposed for the Jenkins container. displayName: Jenkins Service Name name: JENKINS_SERVICE_NAME value: jenkins - description: The name of the service used for master/slave communication. displayName: Jenkins JNLP Service Name name: JNLP_SERVICE_NAME value: jenkins-jnlp - description: Whether to enable OAuth OpenShift integration. If false, the static account 'admin' will be initialized with the password 'password'. displayName: Enable OAuth in Jenkins name: ENABLE_OAUTH value: "true" - description: Requested amount of memory the container can use. displayName: Memory Request name: MEMORY_REQUEST value: "1Gi" - description: Maximum amount of memory the container can use. displayName: Memory Limit name: MEMORY_LIMIT value: "3Gi" - description: Requested amount of cpu the container can use. displayName: Cpu Request name: CPU_REQUEST value: "1" - description: Maximum amount of cpu the container can use. displayName: Cpu Limit name: CPU_LIMIT value: "1" - description: The OpenShift Namespace where the Jenkins ImageStream resides. displayName: Jenkins ImageStream Namespace name: NAMESPACE value: openshift - description: Whether to perform memory intensive, possibly slow, synchronization with the Jenkins Update Center on start. If true, the Jenkins core update monitor and site warnings monitor are disabled. displayName: Disable memory intensive administrative monitors name: DISABLE_ADMINISTRATIVE_MONITORS value: "false" - description: Name of the ImageStreamTag to be used for the Jenkins image. displayName: Jenkins ImageStreamTag name: JENKINS_IMAGE_STREAM_TAG value: jenkins:2 ansible/roles/ocp4-workload-ccnrd/files/kafka_knative_cr.yaml
New file @@ -0,0 +1,27 @@ --- apiVersion: kafka.strimzi.io/v1beta1 kind: Kafka metadata: name: my-cluster namespace: knative-eventing spec: kafka: version: 2.3.0 replicas: 3 listeners: plain: {} tls: {} config: offsets.topic.replication.factor: 3 transaction.state.log.replication.factor: 3 transaction.state.log.min.isr: 2 log.message.format.version: '2.3' storage: type: ephemeral zookeeper: replicas: 3 storage: type: ephemeral entityOperator: topicOperator: {} userOperator: {} ansible/roles/ocp4-workload-ccnrd/files/kafka_knative_eventing_cr.yaml
New file @@ -0,0 +1,9 @@ --- apiVersion: eventing.knative.dev/v1alpha1 kind: KnativeEventingKafka metadata: name: knative-eventing-kafka namespace: knative-eventing spec: bootstrapServers: 'my-cluster-kafka-bootstrap:9092' setAsDefaultChannelProvisioner: true ansible/roles/ocp4-workload-ccnrd/files/kafka_knative_subscription.yaml
New file @@ -0,0 +1,13 @@ --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: knative-kafka-operator namespace: openshift-operators spec: channel: alpha installPlanApproval: Automatic name: knative-kafka-operator source: community-operators sourceNamespace: openshift-marketplace startingCSV: knative-kafka-operator.v0.11.2 ansible/roles/ocp4-workload-ccnrd/files/kiali_cr.yaml
New file @@ -0,0 +1,21 @@ apiVersion: kiali.io/v1alpha1 kind: Kiali metadata: name: kiali namespace: openshift-operators spec: installation_tag: My Kiali istio_namespace: istio-system deployment: namespace: istio-system verbose_mode: '4' view_only_mode: false external_services: grafana: url: '' prometheus: url: '' tracing: url: '' server: web_root: /mykiali ansible/roles/ocp4-workload-ccnrd/files/knative_serving_cr.yaml
New file @@ -0,0 +1,44 @@ --- apiVersion: serving.knative.dev/v1alpha1 kind: KnativeServing metadata: name: knative-serving namespace: knative-serving spec: config: autoscaler: container-concurrency-target-default: '100' container-concurrency-target-percentage: '1.0' enable-scale-to-zero: 'true' max-scale-up-rate: '10' panic-threshold-percentage: '200.0' panic-window: 6s panic-window-percentage: '10.0' scale-to-zero-grace-period: 30s stable-window: 60s tick-interval: 2s defaults: revision-cpu-limit: 1000m revision-cpu-request: 400m revision-memory-limit: 200M revision-memory-request: 100M revision-timeout-seconds: '300' deployment: registriesSkippingTagResolving: 'ko.local,dev.local' gc: stale-revision-create-delay: 24h stale-revision-lastpinned-debounce: 5h stale-revision-minimum-generations: '1' stale-revision-timeout: 15h logging: loglevel.activator: info loglevel.autoscaler: info loglevel.controller: info loglevel.queueproxy: info loglevel.webhook: info observability: logging.enable-var-log-collection: 'false' metrics.backend-destination: prometheus tracing: backend: none sample-rate: '0.1' ansible/roles/ocp4-workload-ccnrd/files/osm_namespace.yaml
New file @@ -0,0 +1,5 @@ --- apiVersion: v1 kind: Namespace metadata: name: istio-system ansible/roles/ocp4-workload-ccnrd/files/osm_subscription.yaml
New file @@ -0,0 +1,13 @@ --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: servicemeshoperator namespace: openshift-operators spec: channel: "1.0" installPlanApproval: Automatic name: servicemeshoperator source: redhat-operators sourceNamespace: openshift-marketplace startingCSV: servicemeshoperator.v1.0.6 ansible/roles/ocp4-workload-ccnrd/files/pipelines_subscription.yaml
New file @@ -0,0 +1,13 @@ --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: openshift-pipelines-operator namespace: openshift-operators spec: channel: dev-preview installPlanApproval: Automatic name: openshift-pipelines-operator source: community-operators sourceNamespace: openshift-marketplace startingCSV: openshift-pipelines-operator.v0.8.2 ansible/roles/ocp4-workload-ccnrd/files/preparelab_ccn.sh
File was deleted ansible/roles/ocp4-workload-ccnrd/files/resetlab_ccn.sh
File was deleted ansible/roles/ocp4-workload-ccnrd/files/rhamt-template.yaml
New file @@ -0,0 +1,646 @@ apiVersion: template.openshift.io/v1 kind: Template labels: app: rhamt-web-console template: rhamt-web-console xpaas: 1.3.2 message: Red Hat Application Migration Toolkit server has been installed. The username/password for accessing the PostgreSQL database "${DB_DATABASE}" is ${DB_USERNAME}/${DB_PASSWORD}. Please be sure to create the "${JGROUPS_ENCRYPT_SECRET}" containing the ${JGROUPS_ENCRYPT_KEYSTORE} file used for securing JGroups communications. metadata: annotations: description: RHAMT Web Console template iconClass: icon-jboss openshift.io/display-name: Red Hat Application Migration Toolkit tags: eap,postgresql,javaee,java,database,jboss,xpaas version: 1.3.2 creationTimestamp: "2020-02-08T19:38:14Z" name: rhamt-web-console namespace: openshift resourceVersion: "508649" selfLink: /apis/template.openshift.io/v1/namespaces/openshift/templates/rhamt-web-console uid: ddf45131-3616-45f0-ac37-33d5b11d76cd objects: - apiVersion: v1 kind: Service metadata: annotations: description: The web server's http port. service.alpha.openshift.io/dependencies: '[{"name": "${APPLICATION_NAME}-postgresql", "kind": "Service"}]' labels: app: ${APPLICATION_NAME}-http application: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: ports: - port: 8080 targetPort: 8080 selector: deploymentConfig: ${APPLICATION_NAME} - apiVersion: v1 id: ${APPLICATION_NAME}-http kind: Route metadata: annotations: description: Route for application's http service. labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: host: ${HOSTNAME_HTTP} to: name: ${APPLICATION_NAME} - apiVersion: v1 id: ${APPLICATION_NAME}-https kind: Route metadata: annotations: description: Route for application's https service. labels: application: ${APPLICATION_NAME} name: secure-${APPLICATION_NAME} spec: host: ${HOSTNAME_HTTP} tls: termination: edge to: name: ${APPLICATION_NAME} - apiVersion: v1 kind: DeploymentConfig metadata: labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: replicas: 1 selector: deploymentConfig: ${APPLICATION_NAME} strategy: type: Recreate template: metadata: labels: application: ${APPLICATION_NAME} deploymentConfig: ${APPLICATION_NAME} name: ${APPLICATION_NAME} spec: containers: - env: - name: IS_MASTER value: "true" - name: MESSAGING_SERIALIZER value: ${MESSAGING_SERIALIZER} - name: DB_SERVICE_PREFIX_MAPPING value: ${APPLICATION_NAME}-postgresql=DB - name: DB_JNDI value: ${DB_JNDI} - name: DB_USERNAME value: ${DB_USERNAME} - name: DB_PASSWORD value: ${DB_PASSWORD} - name: DB_DATABASE value: ${DB_DATABASE} - name: TX_DATABASE_PREFIX_MAPPING value: ${APPLICATION_NAME}-postgresql=DB - name: DB_MIN_POOL_SIZE value: ${DB_MIN_POOL_SIZE} - name: DB_MAX_POOL_SIZE value: ${DB_MAX_POOL_SIZE} - name: DB_TX_ISOLATION value: ${DB_TX_ISOLATION} - name: OPENSHIFT_KUBE_PING_LABELS value: application=${APPLICATION_NAME} - name: OPENSHIFT_KUBE_PING_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: HTTPS_KEYSTORE_DIR value: /etc/eap-secret-volume - name: MQ_CLUSTER_PASSWORD value: ${MQ_CLUSTER_PASSWORD} - name: MQ_QUEUES value: ${MQ_QUEUES} - name: MQ_TOPICS value: ${MQ_TOPICS} - name: JGROUPS_ENCRYPT_SECRET value: ${JGROUPS_ENCRYPT_SECRET} - name: JGROUPS_ENCRYPT_KEYSTORE_DIR value: /etc/jgroups-encrypt-secret-volume - name: JGROUPS_ENCRYPT_KEYSTORE value: ${JGROUPS_ENCRYPT_KEYSTORE} - name: JGROUPS_ENCRYPT_NAME value: ${JGROUPS_ENCRYPT_NAME} - name: JGROUPS_ENCRYPT_PASSWORD value: ${JGROUPS_ENCRYPT_PASSWORD} - name: JGROUPS_CLUSTER_PASSWORD value: ${JGROUPS_CLUSTER_PASSWORD} - name: AUTO_DEPLOY_EXPLODED value: ${AUTO_DEPLOY_EXPLODED} - name: DEFAULT_JOB_REPOSITORY value: ${APPLICATION_NAME}-postgresql - name: TIMER_SERVICE_DATA_STORE value: ${APPLICATION_NAME}-postgresql - name: SSO_URL value: ${SSO_URL} - name: SSO_SERVICE_URL value: ${SSO_SERVICE_URL} - name: SSO_REALM value: ${SSO_REALM} - name: SSO_USERNAME value: ${SSO_USERNAME} - name: SSO_PASSWORD value: ${SSO_PASSWORD} - name: SSO_PUBLIC_KEY value: ${SSO_PUBLIC_KEY} - name: SSO_BEARER_ONLY value: ${SSO_BEARER_ONLY} - name: SSO_SAML_KEYSTORE_SECRET value: ${SSO_SAML_KEYSTORE_SECRET} - name: SSO_SAML_KEYSTORE value: ${SSO_SAML_KEYSTORE} - name: SSO_SAML_KEYSTORE_DIR value: /etc/sso-saml-secret-volume - name: SSO_SAML_CERTIFICATE_NAME value: ${SSO_SAML_CERTIFICATE_NAME} - name: SSO_SAML_KEYSTORE_PASSWORD value: ${SSO_SAML_KEYSTORE_PASSWORD} - name: SSO_SECRET value: ${SSO_SECRET} - name: SSO_ENABLE_CORS value: ${SSO_ENABLE_CORS} - name: SSO_SAML_LOGOUT_PAGE value: ${SSO_SAML_LOGOUT_PAGE} - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION value: ${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION} - name: SSO_TRUSTSTORE value: ${SSO_TRUSTSTORE} - name: SSO_TRUSTSTORE_DIR value: /etc/sso-secret-volume - name: SSO_TRUSTSTORE_PASSWORD value: ${SSO_TRUSTSTORE_PASSWORD} - name: GC_MAX_METASPACE_SIZE value: "512" - name: MAX_POST_SIZE value: ${MAX_POST_SIZE} image: quay.io/openshiftlabs/rhamt-web-openshift:${DOCKER_IMAGES_TAG} imagePullPolicy: Always lifecycle: preStop: exec: command: - /opt/eap/bin/jboss-cli.sh - -c - :shutdown(timeout=60) livenessProbe: exec: command: - /bin/bash - -c - /opt/eap/bin/livenessProbe.sh name: ${APPLICATION_NAME} ports: - containerPort: 8778 name: jolokia protocol: TCP - containerPort: 8080 name: http protocol: TCP - containerPort: 8888 name: ping protocol: TCP readinessProbe: exec: command: - /bin/bash - -c - /opt/eap/bin/readinessProbe.sh resources: limits: cpu: ${WEB_CONSOLE_REQUESTED_CPU} memory: ${WEB_CONSOLE_REQUESTED_MEMORY} requests: cpu: ${WEB_CONSOLE_REQUESTED_CPU} memory: ${WEB_CONSOLE_REQUESTED_MEMORY} volumeMounts: - mountPath: /opt/eap/standalone/data/windup name: ${APPLICATION_NAME}-rhamt-web-pvol readOnly: false - mountPath: /opt/eap/standalone/data name: ${APPLICATION_NAME}-rhamt-web-pvol-data readOnly: false terminationGracePeriodSeconds: 75 volumes: - name: ${APPLICATION_NAME}-rhamt-web-pvol persistentVolumeClaim: claimName: ${APPLICATION_NAME}-rhamt-web-claim - emptyDir: {} name: ${APPLICATION_NAME}-rhamt-web-pvol-data triggers: - type: ConfigChange - apiVersion: v1 kind: DeploymentConfig metadata: labels: application: ${APPLICATION_NAME}-executor name: ${APPLICATION_NAME}-executor spec: replicas: 1 selector: deploymentConfig: ${APPLICATION_NAME}-executor strategy: type: Recreate template: metadata: labels: application: ${APPLICATION_NAME}-executor deploymentConfig: ${APPLICATION_NAME}-executor name: ${APPLICATION_NAME}-executor spec: containers: - env: - name: IS_MASTER value: "false" - name: MESSAGING_SERIALIZER value: ${MESSAGING_SERIALIZER} - name: MESSAGING_USER value: jms-user - name: MESSAGING_PASSWORD value: gthudfal - name: MESSAGING_HOST_VAR value: ${APPLICATION_NAME}_SERVICE_HOST image: quay.io/openshiftlabs/rhamt-web-openshift-messaging-executor:${DOCKER_IMAGES_TAG} imagePullPolicy: Always lifecycle: preStop: exec: command: - /opt/rhamt-cli/bin/stop.sh name: ${APPLICATION_NAME}-executor ports: [] resources: limits: cpu: ${EXECUTOR_REQUESTED_CPU} memory: ${EXECUTOR_REQUESTED_MEMORY} requests: cpu: ${EXECUTOR_REQUESTED_CPU} memory: ${EXECUTOR_REQUESTED_MEMORY} volumeMounts: - mountPath: /opt/eap/standalone/data name: ${APPLICATION_NAME}-rhamt-web-executor-volume readOnly: false terminationGracePeriodSeconds: 75 volumes: - emptyDir: {} name: ${APPLICATION_NAME}-rhamt-web-executor-volume triggers: - type: ConfigChange - apiVersion: v1 kind: DeploymentConfig metadata: labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME}-postgresql spec: replicas: 1 selector: deploymentConfig: ${APPLICATION_NAME}-postgresql strategy: type: Recreate template: metadata: labels: application: ${APPLICATION_NAME} deploymentConfig: ${APPLICATION_NAME}-postgresql name: ${APPLICATION_NAME}-postgresql spec: containers: - env: - name: POSTGRESQL_USER value: ${DB_USERNAME} - name: POSTGRESQL_PASSWORD value: ${DB_PASSWORD} - name: POSTGRESQL_DATABASE value: ${DB_DATABASE} - name: POSTGRESQL_MAX_CONNECTIONS value: ${POSTGRESQL_MAX_CONNECTIONS} - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS value: ${POSTGRESQL_MAX_CONNECTIONS} - name: POSTGRESQL_SHARED_BUFFERS value: ${POSTGRESQL_SHARED_BUFFERS} image: postgresql imagePullPolicy: Always name: ${APPLICATION_NAME}-postgresql ports: - containerPort: 5432 protocol: TCP volumeMounts: - mountPath: /var/lib/pgsql/data name: ${APPLICATION_NAME}-postgresql-pvol terminationGracePeriodSeconds: 60 volumes: - name: ${APPLICATION_NAME}-postgresql-pvol persistentVolumeClaim: claimName: ${APPLICATION_NAME}-postgresql-claim triggers: - imageChangeParams: automatic: true containerNames: - ${APPLICATION_NAME}-postgresql from: kind: ImageStreamTag name: postgresql:latest namespace: ${IMAGE_STREAM_NAMESPACE} type: ImageChange - type: ConfigChange - apiVersion: v1 kind: Service metadata: annotations: description: Rhamt Master AMQ port. labels: application: ${APPLICATION_NAME}-amq name: ${APPLICATION_NAME}-amq spec: ports: - port: 61616 targetPort: 61616 selector: deploymentConfig: ${APPLICATION_NAME} - apiVersion: v1 kind: Service metadata: annotations: description: The database server's port. labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME}-postgresql spec: ports: - port: 5432 targetPort: 5432 selector: deploymentConfig: ${APPLICATION_NAME}-postgresql - apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME}-postgresql-claim spec: accessModes: - ReadWriteOnce resources: requests: storage: ${VOLUME_CAPACITY} - apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: application: ${APPLICATION_NAME} name: ${APPLICATION_NAME}-rhamt-web-claim spec: accessModes: - ReadWriteOnce resources: requests: storage: ${RHAMT_VOLUME_CAPACITY} parameters: - description: The name for the application. displayName: Application Name name: APPLICATION_NAME required: true value: rhamt-web-console - description: The number of CPU cores to request for the Web Console. displayName: Web Console Requested CPU name: WEB_CONSOLE_REQUESTED_CPU required: true value: "2" - description: The amount of memory to request (eg, 4Gi) for the Web Console. displayName: Web Console Requested Memory name: WEB_CONSOLE_REQUESTED_MEMORY required: true value: 4Gi - description: The number of CPU cores to request for the Executor. displayName: Executor Requested CPU name: EXECUTOR_REQUESTED_CPU required: true value: "2" - description: The amount of memory to request (eg, 4Gi) for the Executor. displayName: Executor Requested Memory name: EXECUTOR_REQUESTED_MEMORY required: true value: 4Gi - description: The value determines the approach used for transferring data between the UI components and the analysis engine. displayName: Serialization Method name: MESSAGING_SERIALIZER required: true value: http.post.serializer - description: Size of persistent storage for RHAMT volume. displayName: RHAMT Volume Capacity name: RHAMT_VOLUME_CAPACITY required: true value: 10G - description: 'Custom hostname for http service route. Leave blank for default hostname, e.g.: <application-name>-<project>.<default-domain-suffix>' displayName: Custom http Route Hostname name: HOSTNAME_HTTP - description: Database JNDI name used by application to resolve the datasource, e.g. java:/jboss/datasources/postgresql displayName: Database JNDI Name name: DB_JNDI value: java:jboss/datasources/WindupServicesDS - description: Database name displayName: Database Name name: DB_DATABASE required: true value: rhamt - description: Size of persistent storage for database volume. displayName: Database Volume Capacity name: VOLUME_CAPACITY required: true value: 10G - description: Queue names displayName: Queues name: MQ_QUEUES - description: Topic names displayName: Topics name: MQ_TOPICS - description: Sets xa-pool/min-pool-size for the configured datasource. displayName: Datasource Minimum Pool Size name: DB_MIN_POOL_SIZE - description: Sets xa-pool/max-pool-size for the configured datasource. displayName: Datasource Maximum Pool Size name: DB_MAX_POOL_SIZE - description: Sets transaction-isolation for the configured datasource. displayName: Datasource Transaction Isolation name: DB_TX_ISOLATION - description: The maximum number of client connections allowed. This also sets the maximum number of prepared transactions. displayName: PostgreSQL Maximum number of connections name: POSTGRESQL_MAX_CONNECTIONS value: "200" - description: Configures how much memory is dedicated to PostgreSQL for caching data. displayName: PostgreSQL Shared Buffers name: POSTGRESQL_SHARED_BUFFERS - description: A-MQ cluster admin password displayName: A-MQ cluster password from: '[a-zA-Z0-9]{8}' generate: expression name: MQ_CLUSTER_PASSWORD required: true - description: Database user name displayName: Database Username from: user[a-zA-Z0-9]{3} generate: expression name: DB_USERNAME required: true - description: Database user password displayName: Database Password from: '[a-zA-Z0-9]{8}' generate: expression name: DB_PASSWORD required: true - description: GitHub trigger secret displayName: Github Webhook Secret from: '[a-zA-Z0-9]{8}' generate: expression name: GITHUB_WEBHOOK_SECRET required: true - description: Generic build trigger secret displayName: Generic Webhook Secret from: '[a-zA-Z0-9]{8}' generate: expression name: GENERIC_WEBHOOK_SECRET required: true - description: Namespace in which the ImageStreams for Red Hat Middleware images are installed. These ImageStreams are normally installed in the openshift namespace. You should only need to modify this if you've installed the ImageStreams in a different namespace/project. displayName: ImageStream Namespace name: IMAGE_STREAM_NAMESPACE required: true value: openshift - description: The name of the secret containing the keystore file displayName: JGroups Secret Name name: JGROUPS_ENCRYPT_SECRET value: eap-app-secret - description: The name of the keystore file within the secret displayName: JGroups Keystore Filename name: JGROUPS_ENCRYPT_KEYSTORE value: jgroups.jceks - description: The name associated with the server certificate displayName: JGroups Certificate Name name: JGROUPS_ENCRYPT_NAME - description: The password for the keystore and certificate displayName: JGroups Keystore Password name: JGROUPS_ENCRYPT_PASSWORD - description: JGroups cluster password displayName: JGroups Cluster Password from: '[a-zA-Z0-9]{8}' generate: expression name: JGROUPS_CLUSTER_PASSWORD required: true - description: Controls whether exploded deployment content should be automatically deployed displayName: Deploy Exploded Archives name: AUTO_DEPLOY_EXPLODED value: "false" - description: The URL for the SSO server (e.g. https://secure-sso-myproject.example.com/auth). This is the URL through which the user will be redirected when a login or token is required by the application. displayName: URL for SSO name: SSO_URL required: true value: /auth - description: The URL for the internal SSO service, where secure-sso (the default) is the kubernetes service exposed by the SSO server. This is used to create the application client(s) (see SSO_USERNAME). This can also be the same as SSO_URL. displayName: URL for SSO (internal service) name: SSO_SERVICE_URL value: /auth - description: The SSO realm to which the application client(s) should be associated (e.g. demo). displayName: SSO Realm name: SSO_REALM required: true value: rhamt - description: The username used to access the SSO service. This is used to create the appliction client(s) within the specified SSO realm. This should match the SSO_SERVICE_USERNAME specified through one of the sso70-* templates. displayName: SSO Username name: SSO_USERNAME - description: The password for the SSO service user. displayName: SSO Password name: SSO_PASSWORD - description: SSO Public Key. Public key is recommended to be passed into the template to avoid man-in-the-middle security vulnerability displayName: SSO Public Key name: SSO_PUBLIC_KEY value: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlI4WQ3tbIFE71M0HAO3TfvJFxH0P16wdOSzc/Fr9l8/tOn8cN5sgkGpnyEWcawgv2z4nouUkpV92/vo9fadKr3KVUMVaE3EaR3BmsC0Ct6TY7mYD+sz/yGoSWqwmGYocEJRIXAuMCX3jCu6CKMSV+1qjpcyYqzRaVWTB/EV76Sx+CSh9rEMLl8mE6owxNWQck03KgvWCA70l/LAu1M1bWy1aozoUKiTryX0nTxbHbj4qg3vvHC6igYndJ4zLr30QlCVn1iQ1jXC1MQUJ+Mwc8yZlkhaoAfDS1iM9I8NUcpcQAIn2baD8/aBrS1F9woYYRvo0vFH5N0+Rw4xjgSDlQIDAQAB - description: SSO Client Access Type displayName: SSO Bearer Only? name: SSO_BEARER_ONLY - description: The name of the secret containing the keystore file displayName: SSO SAML Keystore Secret name: SSO_SAML_KEYSTORE_SECRET value: eap7-app-secret - description: The name of the keystore file within the secret displayName: SSO SAML Keystore name: SSO_SAML_KEYSTORE value: keystore.jks - description: The name associated with the server certificate displayName: SSO SAML Certificate Name name: SSO_SAML_CERTIFICATE_NAME value: jboss - description: The password for the keystore and certificate displayName: SSO SAML Keystore Password name: SSO_SAML_KEYSTORE_PASSWORD value: mykeystorepass - description: The SSO Client Secret for Confidential Access displayName: SSO Client Secret from: '[a-zA-Z0-9]{8}' generate: expression name: SSO_SECRET required: true - description: Enable CORS for SSO applications displayName: Enable CORS for SSO? name: SSO_ENABLE_CORS value: "false" - description: SSO logout page for SAML applications displayName: SSO SAML Logout Page name: SSO_SAML_LOGOUT_PAGE value: / - description: If true SSL communication between EAP and the SSO Server will be insecure (i.e. certificate validation is disabled with curl) displayName: Disable SSL Validation in EAP->SSO communication name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION value: "true" - description: The name of the truststore file within the secret (e.g. truststore.jks) displayName: SSO Trust Store name: SSO_TRUSTSTORE - description: The password for the truststore and certificate (e.g. mykeystorepass) displayName: SSO Trust Store Password name: SSO_TRUSTSTORE_PASSWORD - description: The name of the secret containing the truststore file (e.g. truststore-secret). Used for volume secretName displayName: SSO Trust Store Secret name: SSO_TRUSTSTORE_SECRET value: eap7-app-secret - description: The value of the user name for the Docker images to be used displayName: Docker Images User ID name: DOCKER_IMAGES_USER required: true value: windup3 - description: The value of the tag for the Docker imgaes to be used displayName: Docker Images Tag name: DOCKER_IMAGES_TAG required: true value: 4.2.1.Final - description: The maximum value of the size the an HTTP post request displayName: Undertow max post size name: MAX_POST_SIZE required: true value: "4294967296" ansible/roles/ocp4-workload-ccnrd/files/serverless_eventing_subscription.yaml
New file @@ -0,0 +1,13 @@ --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: knative-eventing-operator namespace: openshift-operators spec: channel: alpha installPlanApproval: Automatic name: knative-eventing-operator source: community-operators sourceNamespace: openshift-marketplace startingCSV: knative-eventing-operator.v0.11.0 ansible/roles/ocp4-workload-ccnrd/files/serverless_subscription.yaml
New file @@ -0,0 +1,13 @@ --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: serverless-operator namespace: openshift-operators spec: channel: techpreview installPlanApproval: Automatic name: serverless-operator source: redhat-operators sourceNamespace: openshift-marketplace startingCSV: serverless-operator.v1.3.0 ansible/roles/ocp4-workload-ccnrd/files/stack.Dockerfile
New file @@ -0,0 +1,48 @@ # syntax = docker/dockerfile:experimental # To build this stack: # Put your Red Hat Developer credentials in rhsm.secret.yaml file in this same directory, whose contents should be: # RH_USERNAME=your-username # RH_PASSWORD=your-password # # then: # DOCKER_BUILDKIT=1 docker build --progress=plain --secret id=rhsm,src=rhsm.secret.yaml -t quay.io/username/cloudnative-workspaces-quarkus:VVV -f stack.Dockerfile . # docker push quay.io/username/quay.io/username/cloudnative-workspaces-quarkus:VVVV FROM registry.redhat.io/codeready-workspaces/stacks-java-rhel8:2.0 ENV GRAALVM_VERSION=19.3.1 ENV QUARKUS_VERSION=1.2.0.Final ENV MVN_VERSION=3.6.3 ENV GRAALVM_HOME="/usr/local/graalvm-ce-java8-${GRAALVM_VERSION}" ENV MAVEN_OPTS="-Xmx4G -Xss128M -XX:MetaspaceSize=1G -XX:MaxMetaspaceSize=2G -XX:+CMSClassUnloadingEnabled" ENV PATH="/usr/local/maven/apache-maven-${MVN_VERSION}/bin:${PATH}" USER root RUN wget -O /tmp/oc.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/oc/4.3/linux/oc.tar.gz && cd /usr/bin && tar -xvzf /tmp/oc.tar.gz && chmod a+x /usr/bin/oc && rm -f /tmp/oc.tar.gz RUN wget -O /tmp/kn.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/serverless/0.11.0/kn-linux-amd64-0.11.0.tar.gz && cd /usr/bin && tar -xvzf /tmp/kn.tar.gz ./kn && chmod a+x kn && rm -f /tmp/kn.tar.gz RUN wget -O /tmp/tkn.tar.gz https://github.com/tektoncd/cli/releases/download/v0.7.1/tkn_0.7.1_Linux_x86_64.tar.gz && cd /usr/bin && tar -xvzf /tmp/tkn.tar.gz tkn&& chmod a+x tkn && rm -f /tmp/tkn.tar.gz RUN wget -O /tmp/graalvm.tar.gz https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${GRAALVM_VERSION}/graalvm-ce-java8-linux-amd64-${GRAALVM_VERSION}.tar.gz && cd /usr/local && tar -xvzf /tmp/graalvm.tar.gz && rm -rf /tmp/graalvm.tar.gz && ${GRAALVM_HOME}/bin/gu install native-image RUN wget -O /tmp/mvn.tar.gz https://www-us.apache.org/dist/maven/maven-3/${MVN_VERSION}/binaries/apache-maven-${MVN_VERSION}-bin.tar.gz && tar xzf /tmp/mvn.tar.gz && rm -rf /tmp/mvn.tar.gz && mkdir /usr/local/maven && mv apache-maven-${MVN_VERSION}/ /usr/local/maven/ && alternatives --install /usr/bin/mvn mvn /usr/local/maven/apache-maven-${MVN_VERSION}/bin/mvn 1 RUN --mount=type=secret,id=rhsm username="$(grep RH_USERNAME /run/secrets/rhsm|cut -d= -f2)" && password="$(grep RH_PASSWORD /run/secrets/rhsm|cut -d= -f2)" && subscription-manager register --username $username --password $password --auto-attach && yum install -y gcc zlib-devel && yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && yum install -y siege jq && subscription-manager remove --all && subscription-manager unregister USER jboss RUN cd /tmp && mkdir project && cd project && mvn io.quarkus:quarkus-maven-plugin:${QUARKUS_VERSION}:create -DprojectGroupId=org.acme -DprojectArtifactId=footest -Dextensions="quarkus-agroal,quarkus-arc,quarkus-hibernate-orm,quarkus-hibernate-orm-panache,quarkus-jdbc-h2,quarkus-jdbc-postgresql,quarkus-kubernetes,quarkus-scheduler,quarkus-smallrye-fault-tolerance,quarkus-smallrye-health,quarkus-smallrye-opentracing" && mvn -f footest clean compile package && cd / && rm -rf /tmp/project RUN cd /tmp && mkdir project && cd project && mvn io.quarkus:quarkus-maven-plugin:${QUARKUS_VERSION}:create -DprojectGroupId=org.acme -DprojectArtifactId=footest -Dextensions="quarkus-smallrye-reactive-streams-operators,quarkus-smallrye-reactive-messaging,quarkus-smallrye-reactive-messaging-kafka,quarkus-swagger-ui,quarkus-vertx,quarkus-kafka-client, quarkus-smallrye-metrics,quarkus-smallrye-openapi" && mvn -f footest clean compile package -Pnative && cd / && rm -rf /tmp/project RUN siege && sed -i 's/^connection = close/connection = keep-alive/' $HOME/.siege/siege.conf && sed -i 's/^benchmark = false/benchmark = true/' $HOME/.siege/siege.conf RUN echo '-w "\n"' > $HOME/.curlrc USER root RUN chown -R jboss /home/jboss/.m2 RUN chmod -R a+w /home/jboss/.m2 USER jboss ansible/roles/ocp4-workload-ccnrd/files/stack_imagestream.yaml
New file @@ -0,0 +1,28 @@ --- apiVersion: image.openshift.io/v1 kind: ImageStream metadata: name: quarkus-stack namespace: openshift spec: tags: - annotations: description: Quarkus stack for Java and CodeReady Workspaces iconClass: icon-java supports: java tags: builder,java version: "1.4" from: kind: DockerImage name: quay.io/openshiftlabs/cloudnative-workspaces-quarkus:1.4 name: "1.4" - annotations: description: Quarkus stack for Java and CodeReady Workspaces iconClass: icon-java supports: java tags: builder,java version: "1.5" from: kind: DockerImage name: quay.io/openshiftlabs/cloudnative-workspaces-quarkus:1.5 name: "1.5" ansible/roles/ocp4-workload-ccnrd/tasks/add_che_user.yaml
New file @@ -0,0 +1,34 @@ --- - name: Get codeready SSO admin token uri: url: http://keycloak-labs-infra.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token method: POST body: username: "{{ codeready_sso_admin_username }}" password: "{{ codeready_sso_admin_password }}" grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200,201,204 register: codeready_sso_admin_token - name: Add user {{ user }} to Che uri: url: http://keycloak-labs-infra.{{ route_subdomain }}/auth/admin/realms/codeready/users method: POST headers: Content-Type: application/json Authorization: "Bearer {{ codeready_sso_admin_token.json.access_token }}" body: username: "{{ user }}" enabled: true emailVerified: true firstName: "{{ user }}" lastName: Developer email: "{{ user }}@no-reply.com" credentials: - type: password value: "{{ workshop_che_user_password }}" temporary: false body_format: json status_code: 201,409 ansible/roles/ocp4-workload-ccnrd/tasks/add_gogs_user.yaml
New file @@ -0,0 +1,17 @@ --- - name: Add user {{ user }} to Gogs uri: url: http://gogs-labs-infra.{{ route_subdomain }}/api/v1/admin/users method: POST user: adminuser password: adminpwd force_basic_auth: true headers: Content-Type: application/json body: login_name: "{{ user }}" username: "{{ user }}" email: "{{ user }}@no-reply.com" password: "{{ gogs_pwd }}" body_format: json status_code: 200,201,204 ansible/roles/ocp4-workload-ccnrd/tasks/add_rhamt_user.yaml
New file @@ -0,0 +1,40 @@ --- - name: Get RHAMT SSO admin token uri: url: https://secure-rhamt-web-console-labs-infra.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token method: POST validate_certs: no body: username: "admin" password: "password" grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200,201,204 register: sso_admin_token until: sso_admin_token is succeeded retries: "120" delay: "15" - name: Create RH-SSO user for {{ user }} uri: url: https://secure-rhamt-web-console-labs-infra.{{ route_subdomain }}/auth/admin/realms/rhamt/users method: POST validate_certs: no headers: Content-Type: application/json Accept: application/json Authorization: "Bearer {{ sso_admin_token.json.access_token }}" body: username: "{{ user }}" enabled: true emailVerified: true firstName: "User {{ user }}" lastName: "Migrator" email: "{{ user }}@no-reply.com" credentials: - type: password value: "{{ workshop_rhamt_user_password }}" temporary: false body_format: json status_code: 200, 201, 409 ansible/roles/ocp4-workload-ccnrd/tasks/add_role.yaml
New file @@ -0,0 +1,18 @@ --- - name: assign role {{ role }} for user {{ user }} in namespace {{ namespace }} k8s: state: present kind: RoleBinding api_version: rbac.authorization.k8s.io/v1 definition: metadata: name: "role-{{ role }}" namespace: "{{ namespace }}" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: "{{ role }}" subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: "{{ user }}" ansible/roles/ocp4-workload-ccnrd/tasks/create_che_workspace.yaml
New file @@ -0,0 +1,25 @@ --- - name: "Get Che {{ user }} token" uri: url: http://keycloak-labs-infra.{{ route_subdomain }}/auth/realms/codeready/protocol/openid-connect/token method: POST body: username: "{{ user }}" password: "{{ workshop_che_user_password }}" grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200 register: user_token - name: Create workspace for {{ user }} from devfile uri: url: "http://codeready-labs-infra.{{ route_subdomain }}/api/workspace/devfile?start-after-create=true&namespace={{ user }}" method: POST headers: Content-Type: application/json Authorization: "Bearer {{ user_token.json.access_token }}" body: "{{ lookup('template', './templates/devfile.json.j2') }}" body_format: json status_code: 201,409 register: workspace_def ansible/roles/ocp4-workload-ccnrd/tasks/create_project.yaml
New file @@ -0,0 +1,16 @@ --- - name: create {{ name }} project for user {{ user }} k8s: state: present kind: Project api_version: project.openshift.io/v1 definition: metadata: name: "{{ name }}" - name: add scc and roles in project {{ name }} for user {{ user }} shell: | oc adm policy add-scc-to-user anyuid -z default -n {{ name }} oc adm policy add-scc-to-user privileged -z default -n {{ name }} oc adm policy add-role-to-user admin {{ user }} -n {{ name }} ansible/roles/ocp4-workload-ccnrd/tasks/create_user_service_mesh.yaml
New file @@ -0,0 +1,24 @@ --- - name: Create ServiceMeshControlPlane for {{ user }} in {{ project }} k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('template', './templates/osm_smcp.yaml' ) | from_yaml }}" register: smcp_result_r retries: 120 delay: 10 until: smcp_result_r is succeeded # - name: Create ServiceMeshMemberRole for service mesh for {{ user }} in {{ project }} # k8s: # state: present # merge_type: # - strategic-merge # - merge # definition: "{{ lookup('template', './templates/osm_smmr.j2' ) | from_yaml }}" # register: smmr_result_r # retries: 120 # delay: 10 # until: smmr_result_r is succeeded ansible/roles/ocp4-workload-ccnrd/tasks/install-amqstreams.yaml
New file @@ -0,0 +1,59 @@ --- # Setup AMQ Streams (kafka) via operator - name: Create OpenShift Objects for amq streams k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/amqstreams_subscription.yaml - ./files/kafka_knative_subscription.yaml # wait for amq (kafka) CRDs - name: Wait for Kafka CRD k8s_facts: api_version: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition name: kafkas.kafka.strimzi.io register: r_kafka_crd retries: 200 delay: 10 ignore_errors: yes until: r_kafka_crd.resources | list | length == 1 - name: Notify user if amq deployment failed when: not r_kafka_crd.resources | list | length == 1 debug: msg: "user.info: *** AMQ Streams kafka could not be installed ***" # wait for kafka-knative CRD - name: Wait for Kafka Knative CRD k8s_facts: api_version: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition name: knativeeventingkafkas.eventing.knative.dev register: r_kafkaknative_crd retries: 200 delay: 10 ignore_errors: yes until: r_kafkaknative_crd.resources | list | length == 1 - name: Notify user if knative kafka failed when: not r_kafkaknative_crd.resources | list | length == 1 debug: msg: "user.info: *** Knative bridge for kafka could not be installed ***" - name: Install kafka in knative-eventing namespace k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/kafka_knative_eventing_cr.yaml - ./files/kafka_knative_cr.yaml ansible/roles/ocp4-workload-ccnrd/tasks/install-codeready.yaml
New file @@ -0,0 +1,165 @@ --- # deploy codeready operator - name: Create operator subscription for CodeReady k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/codeready_operatorgroup.yaml - ./files/codeready_subscription.yaml # wait for CRD to be a thing - name: Wait for CodeReady CRD to be ready k8s_facts: api_version: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition name: checlusters.org.eclipse.che register: r_codeready_crd retries: 200 delay: 10 ignore_errors: yes until: r_codeready_crd.resources | list | length == 1 # deploy codeready CR - name: Create CR for CodeReady k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/codeready_cr.yaml # wait for che to be up - name: wait for CRW to be running uri: url: http://codeready-labs-infra.{{ route_subdomain }}/dashboard/ register: result until: result.status == 200 retries: "120" delay: "15" - name: Get codeready keycloak deployment k8s_facts: kind: Deployment namespace: labs-infra name: keycloak register: r_keycloak_deployment - name: show cr debug: msg: "existing keycloak deployment: {{ r_keycloak_deployment }}" - name: set codeready username fact set_fact: codeready_sso_admin_username: "{{ r_keycloak_deployment.resources[0].spec.template.spec.containers[0].env | selectattr('name','equalto','SSO_ADMIN_USERNAME') |map (attribute='value') | list | first }}" - name: set codeready password fact set_fact: codeready_sso_admin_password: "{{ r_keycloak_deployment.resources[0].spec.template.spec.containers[0].env | selectattr('name','equalto','SSO_ADMIN_PASSWORD') |map (attribute='value') | list | first }}" - name: show codeready keycloak admin username debug: msg: "codeready keycloak admin username: {{ codeready_sso_admin_username }}" - name: show codeready keycloak admin password debug: msg: "codeready keycloak admin password: {{ codeready_sso_admin_password }}" - name: enable script upload command: oc set env -n labs-infra deployment/keycloak JAVA_OPTS_APPEND="-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled" - name: wait for keycloak to return command: oc rollout -n labs-infra status --timeout=1m -w deployment/keycloak register: cmd_res retries: 120 delay: 10 until: cmd_res.rc == 0 - name: copy realm to local copy: src: ./files/ccnrd_keycloak_realm.json dest: /tmp/realm.json - name: get keycloak pod k8s_facts: api_version: v1 kind: Pod namespace: labs-infra label_selectors: - app = codeready - component = keycloak register: r_keycloak_pod retries: 120 delay: 10 until: r_keycloak_pod.resources | list | length == 1 - name: add new realm with kcadm shell: > oc cp /tmp/realm.json {{ r_keycloak_pod.resources[0].metadata.name }}:/tmp -n labs-infra && oc exec -n labs-infra deployment/keycloak -c keycloak -- bash -c "/opt/eap/bin/kcadm.sh config credentials --server http://keycloak:8080/auth --realm master --user {{ codeready_sso_admin_username }} --password {{ codeready_sso_admin_password }} && /opt/eap/bin/kcadm.sh create realms -f /tmp/realm.json && rm -f /tmp/realm.json" register: cmd_res retries: 120 delay: 10 until: cmd_res.rc == 0 - name: create codeready users include_tasks: add_che_user.yaml vars: user: "{{ item }}" with_list: "{{ users }}" - name: Get Codeready admin token uri: url: http://keycloak-labs-infra.{{ route_subdomain }}/auth/realms/codeready/protocol/openid-connect/token method: POST body: username: admin password: admin grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200,201,204 register: che_admin_token - name: Import stack imagestream k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/stack_imagestream.yaml - name: wait for stack to be a thing k8s_facts: kind: ImageStream name: quarkus-stack namespace: openshift register: r_stack_is retries: 200 delay: 10 ignore_errors: yes until: r_stack_is.resources | list | length == 1 - name: import stack image shell: | oc import-image --all quarkus-stack -n openshift - name: wait a minute and let the image download and be registered so workspaces start up pause: minutes: 1 - name: Pre-create and warm user workspaces include_tasks: create_che_workspace.yaml vars: user: "{{ item }}" with_list: "{{ users }}" ansible/roles/ocp4-workload-ccnrd/tasks/install-gogs.yaml
New file @@ -0,0 +1,53 @@ --- - name: Deploy Gogs shell: > oc -n labs-infra new-app -f - -p HOSTNAME=gogs-labs-infra.{{ route_subdomain }} -p GOGS_VERSION=0.11.34 -p SKIP_TLS_VERIFY=true -p APPLICATION_NAME=gogs -p DB_VOLUME_CAPACITY=6Gi -p GOGS_VOLUME_CAPACITY=6Gi args: stdin: "{{ lookup('file', './files/gogs-template.yaml') }}" - name: wait for Gogs to be running uri: url: http://gogs-labs-infra.{{ route_subdomain }} register: result until: result.status == 200 retries: "120" delay: "15" - name: create gogs admin user uri: url: http://gogs-labs-infra.{{ route_subdomain }}/user/sign_up method: POST body: user_name: "adminuser" password: "adminpwd" retype: "adminpwd" email: "adminuser@gogs.com" body_format: form-urlencoded status_code: 200,302 - name: create {{ num_users }} Gogs users include_tasks: add_gogs_user.yaml vars: user: "{{ item }}" with_list: "{{ users }}" - name: create private gogs repos uri: url: http://gogs-labs-infra.{{ route_subdomain }}/api/v1/repos/migrate method: POST user: "user{{ item[1]}}" password: "{{ gogs_pwd }}" force_basic_auth: true headers: Content-Type: application/json body: "{\"clone_addr\": \"https://github.com/RedHat-Middleware-Workshops/cloud-native-workshop-v2{{ item[0] }}-labs.git\", \"uid\" : {{ item[1] + 1 | int}}, \"repo_name\": \"cloud-native-workshop-v2{{ item[0] }}-labs\" }" body_format: json status_code: 200,201,204 loop: "{{ modules | product( range(1, ( (num_users|int) + 1) )) | list }}" ansible/roles/ocp4-workload-ccnrd/tasks/install-guides.yaml
New file @@ -0,0 +1,30 @@ --- - name: search for guide {{ guide }} k8s_facts: kind: DeploymentConfig name: guides-{{ guide }} namespace: labs-infra register: r_guide_dc - name: deploy guide {{ guide }} when: r_guide_dc.resources | list | length == 0 shell: > oc -n labs-infra new-app quay.io/jamesfalkner/workshopper --name=guides-{{ guide }} -e MASTER_URL={{ master_url }} -e CONSOLE_URL={{ console_url }} -e ECLIPSE_CHE_URL=http://codeready-labs-infra.{{ route_subdomain }} -e KEYCLOAK_URL=http://keycloak-labs-infra.{{ route_subdomain }} -e GIT_URL=http://gogs-labs-infra.{{ route_subdomain }} -e ROUTE_SUBDOMAIN={{ route_subdomain }} -e CONTENT_URL_PREFIX="https://raw.githubusercontent.com/RedHat-Middleware-Workshops/cloud-native-workshop-v2{{ guide }}-guides/ocp-4.3" -e WORKSHOPS_URLS="https://raw.githubusercontent.com/RedHat-Middleware-Workshops/cloud-native-workshop-v2{{ guide }}-guides/ocp-4.3/_cloud-native-workshop-module{{ guide | regex_search('([0-9])') }}.yml" -e CHE_USER_NAME={{ workshop_che_user_name }} -e CHE_USER_PASSWORD={{ workshop_che_user_password }} -e OPENSHIFT_USER_NAME={{ workshop_openshift_user_name }} -e OPENSHIFT_USER_PASSWORD={{ workshop_openshift_user_password }} -e RHAMT_URL=http://rhamt-web-console-labs-infra.{{ route_subdomain }} -e LOG_TO_STDOUT=true - name: expose guide {{ guide }} when: r_guide_dc.resources | list | length == 0 command: oc expose -n labs-infra svc/guides-{{ guide }} ansible/roles/ocp4-workload-ccnrd/tasks/install-pipelines.yaml
New file @@ -0,0 +1,12 @@ --- # Setup OpenShift Pipelines via operator - name: Create OpenShift Objects for pipelines k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/pipelines_subscription.yaml ansible/roles/ocp4-workload-ccnrd/tasks/install-rhamt.yaml
New file @@ -0,0 +1,74 @@ --- # deploy rhamt - name: Deploy RHAMT shell: > oc process -f - -p WEB_CONSOLE_REQUESTED_CPU=2 -p WEB_CONSOLE_REQUESTED_MEMORY=3Gi -p EXECUTOR_REQUESTED_CPU=1 -p EXECUTOR_REQUESTED_MEMORY=3Gi | oc create -n labs-infra -f - args: stdin: "{{ lookup('file', './files/rhamt-template.yaml') }}" - name: TODO - scale RHAMT executor to quarter the number of users shell: | oc scale dc/rhamt-web-console-executor --replicas={{ ((num_users|int) / 3) | int }} -n labs-infra - name: remove liveness and readiness for RHAMT web console shell: | oc set probe dc/rhamt-web-console -n labs-infra --remove --readiness --liveness # wait for RHAMT to be running - name: wait for RHAMT to be running uri: url: http://rhamt-web-console-labs-infra.{{ route_subdomain }}/rhamt-web/ register: result until: result.status == 200 retries: "120" delay: "15" # Get admin token for rhamt's sso - name: Get SSO admin token uri: url: https://secure-rhamt-web-console-labs-infra.{{ route_subdomain }}/auth/realms/master/protocol/openid-connect/token method: POST validate_certs: no body: username: "admin" password: "password" grant_type: "password" client_id: "admin-cli" body_format: form-urlencoded status_code: 200,201,204 register: sso_admin_token until: sso_admin_token is succeeded retries: "120" delay: "15" # Update master realm with RH-SSO theme - name: Update master realm with RH-SSO theme uri: url: https://secure-rhamt-web-console-labs-infra.{{ route_subdomain }}/auth/admin/realms/master/ method: PUT validate_certs: no headers: Content-Type: application/json Accept: application/json Authorization: "Bearer {{ sso_admin_token.json.access_token }}" body: displayName: "rh-sso" displayNameHtml: "<strong>Red Hat</strong> Single Sign On" loginTheme: "rh-sso" adminTheme: "rh-sso" accountTheme: "rh-sso" emailTheme: "rh-sso" accessTokenLifespan: "6000" body_format: json status_code: 204 - name: Pre-create RHSSO users include_tasks: add_rhamt_user.yaml vars: user: "{{ item }}" with_list: "{{ users }}" ansible/roles/ocp4-workload-ccnrd/tasks/install-serverless.yaml
New file @@ -0,0 +1,103 @@ --- # Setup OpenShift Serverless via operator - name: Create OpenShift Objects for serverless k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/serverless_subscription.yaml - ./files/serverless_eventing_subscription.yaml # wait for serverless CRDs - name: Wait for knative-serving CRD k8s_facts: api_version: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition name: knativeservings.serving.knative.dev register: r_knserving_crd retries: 200 delay: 10 ignore_errors: yes until: r_knserving_crd.resources | list | length == 1 - name: Notify user if serverless deployment failed when: not r_knserving_crd.resources | list | length == 1 debug: msg: "user.info: *** Knative-serving could not be installed ***" - name: create knative projects k8s: state: present kind: Project api_version: project.openshift.io/v1 definition: metadata: name: "{{ item }}" loop: - "knative-serving" - "knative-eventing" - name: wait for serving project to exist k8s_facts: kind: Project api_version: project.openshift.io/v1 name: "knative-serving" register: r_serving_proj retries: 200 delay: 10 ignore_errors: yes until: r_serving_proj.resources | list | length == 1 - name: create knative serving CR k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/knative_serving_cr.yaml - name: Wait for knative-eventing CRD k8s_facts: api_version: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition name: knativeeventings.eventing.knative.dev register: r_kneventing_crd retries: 200 delay: 10 ignore_errors: yes until: r_kneventing_crd.resources | list | length == 1 - name: Notify user if serverless eventing deployment failed when: not r_kneventing_crd.resources | list | length == 1 debug: msg: "user.info: *** Knative-eventing could not be installed ***" - name: Wait for knative-eventing project to exist k8s_facts: api_version: project.openshift.io/v1 kind: Project name: "knative-eventing" register: r_kneventing_project retries: 200 delay: 10 ignore_errors: yes until: r_kneventing_project.resources | list | length == 1 - name: Notify user if serverless eventing project deployment failed when: not r_kneventing_project.resources | list | length == 1 debug: msg: "user.info: *** knative-eventing project not created by operator ***" - name: Add view role for users to knative-serving project include_tasks: add_role.yaml vars: user: "{{ item }}" role: "view" namespace: "knative-serving" with_list: "{{ users }}" ansible/roles/ocp4-workload-ccnrd/tasks/install-servicemesh.yaml
New file @@ -0,0 +1,37 @@ --- # Setup OpenShift Service Mesh via operator - name: Create OpenShift Objects for Service Mesh k8s: state: present merge_type: - strategic-merge - merge definition: "{{ lookup('file', item ) | from_yaml }}" loop: - ./files/osm_subscription.yaml - name: Wait for service mesh control plane CRD k8s_facts: api_version: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition name: servicemeshcontrolplanes.maistra.io register: r_smcp_crd retries: 200 delay: 10 ignore_errors: yes until: r_smcp_crd.resources | list | length == 1 - name: create service mesh user projects include_tasks: create_project.yaml vars: name: "{{ item[0] }}-{{ item[1] }}" user: "{{ item[0] }}" loop: "{{ users|product(['istio-system'])|list }}" - name: create service mesh objects for users include_tasks: create_user_service_mesh.yaml vars: project: "{{ item[0] }}-{{ item[1] }}" user: "{{ item[0] }}" loop: "{{ users|product(['istio-system'])|list }}" ansible/roles/ocp4-workload-ccnrd/tasks/post_workload.yml
@@ -12,7 +12,6 @@ - "user.info: Module 3 (if selected) http://guides-m3-labs-infra.{{ route_subdomain }}" - "user.info: Module 4 (if selected) http://guides-m4-labs-infra.{{ route_subdomain }}" - "user.info: You should share this URL (or a shortlink for it) -- It is all they will need to get started!" - "user.info: It is all they will need to get started!" - "user.info: " - "user.info: OpenShift credentials for attendees: {{ workshop_openshift_user_name }} / {{ workshop_openshift_user_password }}" - "user.info: CodeReady Workspaces credentials for attendees: {{ workshop_che_user_name }} / {{ workshop_che_user_password }}" @@ -23,7 +22,7 @@ - "user.info: CodeReady Console: http://codeready-labs-infra.{{ route_subdomain }}" - "user.info: Admin login with 'admin' / 'admin'" - "user.info: " - "user.info: NOTE: Workspaces in CodeReady are provisioned asynchronously and may not" - "user.info: NOTE: Workspaces in CodeReady AND service mesh are provisioned asynchronously and may not" - "user.info: be accessible until rollout finishes shortly." when: not silent|bool ansible/roles/ocp4-workload-ccnrd/tasks/pre_workload.yml
@@ -10,9 +10,14 @@ debug: msg: "Debugging num_users {{ num_users }}" - name: create usernames set_fact: users: "{{ users | default([]) + ['user'+item | string] }}" loop: "{{ range(1,((num_users | int) + 1)) | list }}" # Figure out paths - name: extract api_url command: oc whoami --show-server shell: oc whoami --show-server register: api_url_r - name: set the master ansible/roles/ocp4-workload-ccnrd/tasks/remove_workload.yml
@@ -1,18 +1,68 @@ --- # Implement your Workload removal tasks here # Implement your Workload deployment tasks here - name: Transfer executable script script copy: src=../files/resetlab_ccn.sh dest=/tmp/resetlab_ccn.sh mode=0777 - name: Setting up workload for user debug: msg: "Setting up workload for user ocp_username = {{ ocp_username }}" - name: Execute the resetlab_ccn.sh shell: /tmp/resetlab_ccn.sh - name: Setting up num_users for workshop debug: msg: "Setting up num_users for workshop num_users = {{ num_users }}" - name: Remove the resetlab_ccn.sh file: path=/tmp/resetlab_ccn.sh state=absent - name: Setting up module_type for workshop debug: msg: "Setting up module_type for workshop module_type = {{ module_type }}" - name: create module list set_fact: modules: "{{ module_type.split(',') | map('trim') | list }}" - name: Selected Modules debug: msg: "selected modules list: {{ modules }}" - name: delete templates from openshift namespace command: oc delete -n openshift -f - args: stdin: "{{ lookup('file', item) }}" loop: - ./files/coolstore-monolith-binary-build-template.yaml - ./files/coolstore-monolith-pipeline-build-template.yaml - ./files/ccn-sso72-template.yaml - name: get user projects k8s_facts: api_version: project.openshift.io/v1 kind: Project register: user_projects - name: delete user projects k8s: state: absent kind: Project api_version: project.openshift.io/v1 definition: metadata: name: "{{ item }}" loop: "{{ user_projects | selectattr('metadata.name', '^user.*') | list }}" - name: delete other projects project k8s: state: absent kind: Project api_version: project.openshift.io/v1 definition: metadata: name: "{{ item }}" loop: - jenkins - labs-infra - knative-serving - knative-eventing - istio-system # Leave this as the last task in the playbook. - name: remove_workload tasks complete - name: Remove workload tasks complete debug: msg: "Remove Workload tasks completed successfully." msg: "Remove Workload Tasks completed successfully." when: not silent|bool ansible/roles/ocp4-workload-ccnrd/tasks/workload.yml
@@ -13,53 +13,201 @@ debug: msg: "Setting up module_type for workshop module_type = {{ module_type }}" - name: Transfer executable script script copy: src=../files/preparelab_ccn.sh dest=/tmp/preparelab_ccn.sh mode=0777 - name: Give access to opentlc-mgr shell: | oc adm policy add-cluster-role-to-user cluster-admin {{ ocp_username }} - name: Execute the preparelab_ccn.sh shell: /tmp/preparelab_ccn.sh -c {{ num_users }} -m {{ module_type }} - name: create module list set_fact: modules: "{{ module_type.split(',') | map('trim') | list }}" - name: Remove the preparelab_ccn.sh file: path=/tmp/preparelab_ccn.sh state=absent - name: Selected Modules debug: msg: "selected modules list: {{ modules }}" # get ingress host - name: Get ingress host - name: deploy templates to openshift namespace command: oc replace --force -n openshift -f - args: stdin: "{{ lookup('file', item) }}" loop: - ./files/coolstore-monolith-binary-build-template.yaml - ./files/coolstore-monolith-pipeline-build-template.yaml - ./files/ccn-sso72-template.yaml - ./files/jaeger-all-in-one-template.yml - name: create inventory and catalog user projects when: ("m1" in modules or "m2" in modules or "m3" in modules) include_tasks: create_project.yaml vars: name: "{{ item[0] }}-{{ item[1] }}" user: "{{ item[0] }}" loop: "{{ users|product(['inventory', 'catalog'])|list }}" - name: create bookinfo user projects when: ("m3" in modules) include_tasks: create_project.yaml vars: name: "{{ item[0] }}-{{ item[1] }}" user: "{{ item[0] }}" loop: "{{ users|product(['bookinfo'])|list }}" - name: create cloudnativeapps user projects when: ("m4" in modules) include_tasks: create_project.yaml vars: name: "{{ item[0] }}-{{ item[1] }}" user: "{{ item[0] }}" loop: "{{ users|product(['cloudnativeapps'])|list }}" - name: create pipelines user projects when: ("m4" in modules) include_tasks: create_project.yaml vars: name: "{{ item[0] }}-{{ item[1] }}" user: "{{ item[0] }}" loop: "{{ users|product(['cloudnative-pipeline'])|list }}" - name: create labs-infra project k8s: state: present kind: Project api_version: project.openshift.io/v1 definition: metadata: name: "labs-infra" annotations: openshift.io/description: "" openshift.io/display-name: "Lab Infrastructure" # Search for rhamt - name: Search for RHAMT when: ("m1" in modules) k8s_facts: api_version: v1 kind: Service name: router-default namespace: openshift-ingress register: r_router_default kind: DeploymentConfig namespace: labs-infra name: rhamt-web-console register: rhamt_dc - name: Show ingress object # deploy RHAMT - name: Deploy RHAMT when: ("m1" in modules) and (rhamt_dc.resources | list | length == 0) include_tasks: install-rhamt.yaml # Skip Gogs for now # # - name: Search for Gogs # k8s_facts: # kind: DeploymentConfig # namespace: labs-infra # name: gogs # register: gogs_dc # - name: Deploy gogs # when: gogs_dc.resources | list | length == 0 # include_tasks: install-gogs.yaml - name: Look for service mesh subscription when: ("m3" in modules or "m4" in modules) k8s_facts: api_version: operators.coreos.com/v1alpha1 kind: Subscription name: servicemeshoperator namespace: openshift-operators register: r_sm_sub - name: show existing service mesh cr when: ("m3" in modules or "m4" in modules) debug: msg: "Ingress object: {{ r_router_default }}" msg: "existing service mesh sub: {{ r_sm_sub }}" - name: Show ingress host name # Setup OpenShift Service Mesh via operator - name: Create OpenShift Objects for Service Mesh when: ("m3" in modules or "m4" in modules) and (r_sm_sub.resources | list | length == 0) include_tasks: install-servicemesh.yaml # Setup OpenShift Serverless via operator - name: Look for serverless subscription when: ("m4" in modules) k8s_facts: api_version: operators.coreos.com/v1alpha1 kind: Subscription name: serverless-operator namespace: openshift-operators register: r_serverless_sub - name: show existing serverless sub when: ("m4" in modules) debug: msg: "Ingress hostname: {{ r_router_default.resources[0].status.loadBalancer.ingress[0].hostname }}" msg: "existing serverless sub: {{ r_serverless_sub }}" # Fix AWS ELB connection timeout - name: Get ELB name become_user: ec2-user shell: | sudo -u ec2-user aws elb describe-load-balancers --region {{ aws_region }} | jq '.LoadBalancerDescriptions | map(select( .DNSName == "{{ r_router_default.resources[0].status.loadBalancer.ingress[0].hostname }}"))' | jq -r '.[0].LoadBalancerName' register: lbname - name: Create OpenShift Objects for Serverless (knative) when: ("m4" in modules) and (r_serverless_sub.resources | list | length == 0) include_tasks: install-serverless.yaml - name: Show load balancer name # Setup AMQ via operator - name: Look for amq subscription when: ("m4" in modules) k8s_facts: api_version: operators.coreos.com/v1alpha1 kind: Subscription name: amq-streams namespace: openshift-operators register: r_amq_sub - name: show existing amq sub when: ("m4" in modules) debug: msg: "Load balancer name: {{ lbname.stdout }}" msg: "existing amq sub: {{ r_amq_sub }}" - name: Fix load balancer become_user: ec2-user shell: | sudo -u ec2-user aws elb modify-load-balancer-attributes --region {{ aws_region }} --load-balancer-name {{ lbname.stdout }} --load-balancer-attributes "{\"ConnectionSettings\":{\"IdleTimeout\":300}}" - name: Create OpenShift Objects for Kafka (amq streams) when: ("m4" in modules) and (r_amq_sub.resources | list | length == 0) include_tasks: install-amqstreams.yaml # setup pipelines - name: Look for pipelines subscription when: ("m4" in modules) k8s_facts: api_version: operators.coreos.com/v1alpha1 kind: Subscription name: openshift-pipelines-operator namespace: openshift-operators register: r_pipelines_sub - name: show existing pipelines sub when: ("m4" in modules) debug: msg: "existing pipelines sub: {{ r_pipelines_sub }}" - name: Create OpenShift Objects for OpenShift Pipelines (tekton) when: ("m4" in modules) and (r_pipelines_sub.resources | list | length == 0) include_tasks: install-pipelines.yaml - name: install guides include_tasks: install-guides.yaml vars: guide: "{{ item }}" loop: "{{ modules }}" # Install CodeReady Workspaces - name: see if codeready is installed k8s_facts: api_version: org.eclipse.che/v1 kind: CheCluster name: codeready-workspaces namespace: labs-infra register: r_codeready_cr - name: show codeready cr debug: msg: "existing codeready project: {{ r_codeready_cr }}" - name: install codeready when: r_codeready_cr.resources | list | length == 0 include_tasks: install-codeready.yaml # Leave this as the last task in the playbook. - name: workload tasks complete debug: msg: "Workload Tasks completed successfully." when: not silent|bool when: not silent|bool ansible/roles/ocp4-workload-ccnrd/templates/devfile.json.j2
New file @@ -0,0 +1,145 @@ { "apiVersion": "1.0.0", "metadata": { "name": "{{ user }}-workspace" }, "components": [ { "id": "redhat/java/latest", "type": "chePlugin" }, { "mountSources": true, "memoryLimit": "4Gi", "type": "dockerimage", "volumes": [ { "name": "m2", "containerPath": "/home/jboss/.m2" } ], "alias": "quarkus-tools", "image": "image-registry.openshift-image-registry.svc:5000/openshift/quarkus-stack:1.5", "env": [ { "value": "/home/jboss/.m2", "name": "MAVEN_CONFIG" }, { "value": "-Xmx4G -Xss128M -XX:MetaspaceSize=1G -XX:MaxMetaspaceSize=2G -XX:+CMSClassUnloadingEnabled", "name": "MAVEN_OPTS" } ], "endpoints": [ { "name": "web-{{ user }}", "port": 8080, "attributes": { "discoverable": "true", "public": "true", "protocol": "http" } }, { "name": "debug-{{ user }}", "port": 5005, "attributes": { "discoverable": "true", "public": "true", "protocol": "jdwp" } } ] }, { "id": "redhat/vscode-yaml/latest", "type": "chePlugin" }, { "id": "redhat/vscode-openshift-connector/latest", "type": "chePlugin" }, { "id": "ms-kubernetes-tools/vscode-kubernetes-tools/latest", "type": "chePlugin" } ], "commands": [ { "name": "Build", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "mvn clean package -f ${current.project.path}", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Test", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "mvn verify -f ${current.project.path}", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Build and Run Locally", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "mvn clean compile quarkus:dev -f ${current.project.path}", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Build Native Quarkus App", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "mvn -f ${current.project.path} clean package -Pnative -DskipTests", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Package for OpenShift", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "mvn -f ${current.project.path} clean package -DskipTests -Dquarkus.profile=prod", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Run Spring Boot App", "actions": [ { "type": "exec", "component": "quarkus-tools", "command": "mvn spring-boot:run -f ${current.project.path}", "workdir": "${CHE_PROJECTS_ROOT}" } ] }, { "name": "Start Debugger on 5005", "actions": [ { "type": "vscode-launch", "referenceContent": "{\n \"version\": \"0.2.0\",\n \"configurations\": [\n {\n \"type\": \"java\",\n \"request\": \"attach\",\n \"name\": \"Attach to App\",\n \"hostName\": \"localhost\",\n \"port\": 5005\n }\n ]\n}\n" } ] } ] } ansible/roles/ocp4-workload-ccnrd/templates/osm_smcp.yaml
New file @@ -0,0 +1,53 @@ --- apiVersion: maistra.io/v1 kind: ServiceMeshControlPlane metadata: name: smcp namespace: "{{ project }}" spec: istio: global: proxy: resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 128Mi gateways: istio-egressgateway: autoscaleEnabled: true istio-ingressgateway: autoscaleEnabled: true mixer: policy: autoscaleEnabled: true telemetry: autoscaleEnabled: true resources: requests: cpu: 100m memory: 1G limits: cpu: 500m memory: 4G pilot: autoscaleEnabled: true traceSampling: 100 kiali: enabled: true grafana: enabled: true tracing: enabled: true jaeger: template: all-in-one ansible/roles/ocp4-workload-ccnrd/templates/osm_smmr.j2
New file @@ -0,0 +1,12 @@ --- apiVersion: maistra.io/v1 kind: ServiceMeshMemberRoll metadata: name: default namespace: "{{ project }}" spec: members: - "{{ user }}-inventory" - "{{ user }}-catalog" - "{{ user }}-bookinfo" - "{{ user }}-cloudnativeapps"