From 5889913bc2e1f30e09d7ee1472424ad56852005a Mon Sep 17 00:00:00 2001 From: Ricardo Jun <jtaniguc@redhat.com> Date: Fri, 05 Oct 2018 14:47:30 +0200 Subject: [PATCH] Included persistent volume to deploy postgresql version of the KieServerAdded template with postgresql version of KieServer supportUpdated script to create the lab environment --- extras/backup/execution.sh | 63 ++++ extras/backup/vol04-pv.yaml | 13 + extras/backup/rhpam70-kieserver-postgresql.yaml | 640 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 705 insertions(+), 11 deletions(-) diff --git a/extras/backup/execution.sh b/extras/backup/execution.sh index 42612d7..6d5497a 100644 --- a/extras/backup/execution.sh +++ b/extras/backup/execution.sh @@ -1,6 +1,7 @@ ssh root@services mkdir -p /var/exports/vol01 ssh root@services mkdir -p /var/exports/vol02 ssh root@services mkdir -p /var/exports/vol03 +ssh root@services mkdir -p /var/exports/vol04 ssh root@services chown nfsnobody:nfsnobody /var/exports/vol* ssh root@services chmod a+rwx /var/exports/vol* @@ -10,6 +11,7 @@ /var/exports/vol01 *(rw,root_squash) /var/exports/vol02 *(rw,root_squash) /var/exports/vol03 *(rw,root_squash) +/var/exports/vol04 *(rw,root_squash) exportfs -a @@ -19,18 +21,21 @@ ssh root@master oc create -f vol01-pv.yaml ssh root@master oc create -f vol02-pv.yaml ssh root@master oc create -f vol03-pv.yaml +ssh root@master oc create -f vol03-pv.yaml + +# Create PAM without database ssh root@master oc new-project bxms-pam-dc39 ssh root@master oc label namespace bxms-pam-dc39 AAD='dc39' ssh root@master oc project default ssh root@master mkdir /tmp/dc39 -ssh root@master oc process -f https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/7.0.2.GA/templates/rhpam70-authoring.yaml \ - -p IMAGE_STREAM_NAMESPACE=bxms-pam-dc39 \ - -p KIE_ADMIN_PWD=test1234! \ - -p APPLICATION_NAME=rht \ - -p BUSINESS_CENTRAL_HTTPS_SECRET=businesscentral-app-secret \ - -p MAVEN_REPO_URL=http://services.lab.example.com:8081/nexus/content/groups/training-java \ - -p KIE_SERVER_HTTPS_SECRET=businesscentral-app-secret > /tmp/dc39/rhpam70-authoring.json +#ssh root@master oc process -f https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/7.0.2.GA/templates/rhpam70-authoring.yaml \ +# -p IMAGE_STREAM_NAMESPACE=bxms-pam-dc39 \ +# -p KIE_ADMIN_PWD=test1234! \ +# -p APPLICATION_NAME=rht \ +# -p BUSINESS_CENTRAL_HTTPS_SECRET=businesscentral-app-secret \ +# -p MAVEN_REPO_URL=http://services.lab.example.com:8081/nexus/content/groups/training-java \ +# -p KIE_SERVER_HTTPS_SECRET=businesscentral-app-secret > /tmp/dc39/rhpam70-authoring.json #- name: Modify template with pause build configs #replace: @@ -45,10 +50,6 @@ -n bxms-pam-dc39 oc create -f /tmp/dc39/rhpam70-authoring.json -n bxms-pam-dc39 oc rollout resume dc/rht-rhpamcentr -n bxms-pam-dc39 -# get_url: -# url: 'https://raw.githubusercontent.com/gpe-mw-training/rhpam-order-fulfillment/master/src/main/resources/products.txt' -# dest: /tmp/dc39/products.txt - oc create configmap products-cm --from-file=/tmp/dc39/products.txt -n bxms-pam-dc39 oc volume dc/rht-kieserver -n bxms-pam-dc39 \ @@ -65,3 +66,43 @@ oc annotate namespace bxms-pam-dc39 openshift.io/requester=developer --overwrite oc policy add-role-to-user admin developer -n bxms-pam-dc39 + +# Create PAM with Postgresql + +ssh root@master oc new-project bxms-pamdb-dc39 +ssh root@master oc label namespace bxms-pamdb-dc39 AAD='dc39' +ssh root@master oc project default +ssh root@master mkdir /tmp/dc39 +#ssh root@master oc process -f https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/7.0.2.GA/templates/rhpam70-authoring.yaml \ +# -p IMAGE_STREAM_NAMESPACE=bxms-pam-dc39 \ +# -p KIE_ADMIN_PWD=test1234! \ +# -p APPLICATION_NAME=rht \ +# -p BUSINESS_CENTRAL_HTTPS_SECRET=businesscentral-app-secret \ +# -p MAVEN_REPO_URL=http://services.lab.example.com:8081/nexus/content/groups/training-java \ +# -p KIE_SERVER_HTTPS_SECRET=businesscentral-app-secret > /tmp/dc39/rhpam70-authoring.json + + +oc create -f https://raw.githubusercontent.com/jboss-container-images/rhpam-7-openshift-image/7.0.2.GA/example-app-secret-template.yaml -n bxms-pamdb-dc39 +oc create -f /tmp/dc39/rhpam70-image-streams.yaml -n bxms-pamdb-dc39 +oc new-app --template=example-app-secret \ + -p SECRET_NAME=businesscentral-app-secret \ + -n bxms-pamdb-dc39 +oc create -f /tmp/dc39/rhpam70-authoring.json -n bxms-pamdb-dc39 +oc rollout resume dc/rht-rhpamcentr -n bxms-pamdb-dc39 +oc create configmap products-cm --from-file=/tmp/dc39/products.txt -n bxms-pamdb-dc39 + +oc volume dc/rht-kieserver -n bxms-pam-dc39 \ + --overwrite --add -t configmap -m /data --name=products-volume --configmap-name=products-cm + +oc rollout resume dc/rht-kieserver -n bxms-pamdb-dc39 + +#- include_tasks: ./wait_for_deploy.yml +#static: no +# vars: +# pod_to_wait: +# - "rht-kieserver" + +oc annotate namespace bxms-pamdb-dc39 openshift.io/requester=developer --overwrite + +oc policy add-role-to-user admin developer -n bxms-pamdb-dc39 + diff --git a/extras/backup/rhpam70-kieserver-postgresql.yaml b/extras/backup/rhpam70-kieserver-postgresql.yaml new file mode 100644 index 0000000..f2fb600 --- /dev/null +++ b/extras/backup/rhpam70-kieserver-postgresql.yaml @@ -0,0 +1,640 @@ +--- +kind: Template +apiVersion: v1 +metadata: + annotations: + description: Application template for a managed KIE server with a PostgreSQL database, for Red Hat Process Automation Manager 7.0 + iconClass: icon-jboss + tags: rhpam,jboss,kieserver,postgresql + version: "1.2" + openshift.io/display-name: Red Hat Process Automation Manager 7.0 managed KIE server with a PostgreSQL database + template.openshift.io/bindable: "false" + name: rhpam70-kieserver-postgresql +labels: + template: rhpam70-kieserver-postgresql + rhpam: "1.2" +message: A new environment has been set up for Red Hat Process Automation Manager 7. The username/password for accessing the KIE server is ${KIE_SERVER_USER}/${KIE_SERVER_PWD}. +parameters: +- displayName: Application Name + description: The name for the application. + name: APPLICATION_NAME + value: myapp + required: true +- displayName: Maven repository URL + description: Fully qualified URL to a Maven repository or service. + name: MAVEN_REPO_URL + example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/ + required: true +- displayName: Maven repository username + description: Username to access the Maven repository, if required. + name: MAVEN_REPO_USERNAME + required: false +- displayName: Maven repository password + description: Password to access the Maven repository, if required. + name: MAVEN_REPO_PASSWORD + required: false +- displayName: Name of the Maven service hosted by Business Central + description: The service name for the optional business central, where it can be reached, to allow service lookups (for maven repo usage), if required + name: BUSINESS_CENTRAL_MAVEN_SERVICE + example: "myapp-rhpamcentr" + required: false +- displayName: Username for the Maven service hosted by Business Central + description: Username to access the Maven service hosted by Business Central inside EAP. + name: BUSINESS_CENTRAL_MAVEN_USERNAME + example: "mavenUser" + required: false +- displayName: Password for the Maven service hosted by Business Central + description: Password to access the Maven service hosted by Business Central inside EAP. + name: BUSINESS_CENTRAL_MAVEN_PASSWORD + example: "maven1!" + required: false +- displayName: KIE Admin User + description: KIE administrator username + name: KIE_ADMIN_USER + value: adminUser + required: false +- displayName: KIE Admin Password + description: KIE administrator password + name: KIE_ADMIN_PWD + from: "[a-zA-Z]{6}[0-9]{1}!" + generate: expression + required: false +- displayName: KIE Server ID + description: The KIE server ID to use, which defaults to ${APPLICATION_NAME}-kieserver if not specified (Sets the org.kie.server.id system property). + name: KIE_SERVER_ID + required: false +- displayName: KIE Server User + description: KIE execution server username (Sets the org.kie.server.user system property) + name: KIE_SERVER_USER + value: executionUser + required: false +- displayName: KIE Server Password + description: KIE execution server password (Sets the org.kie.server.pwd system property) + name: KIE_SERVER_PWD + from: "[a-zA-Z]{6}[0-9]{1}!" + generate: expression + required: false +- displayName: ImageStream Namespace + description: Namespace in which the ImageStreams for Red Hat Middleware images are + installed. These ImageStreams are normally installed in the openshift namespace. + You should only need to modify this if you've installed the ImageStreams in a + different namespace/project. + name: IMAGE_STREAM_NAMESPACE + value: openshift + required: true +- displayName: KIE Server ImageStream Name + description: The name of the image stream to use for KIE Execution Server. Default is "rhpam70-kieserver-openshift". + name: KIE_SERVER_IMAGE_STREAM_NAME + value: "rhpam70-kieserver-openshift" + required: true +- displayName: ImageStream Tag + description: A named pointer to an image in an image stream. Default is "1.2". + name: IMAGE_STREAM_TAG + value: "1.2" + required: true +- displayName: Smart Router Service + description: The service name for the optional smart router, where it can be reached, to allow smart routing + name: KIE_SERVER_ROUTER_SERVICE + required: false +- displayName: Smart Router Host + description: "The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name" + name: KIE_SERVER_ROUTER_HOST + example: "myapp-smartrouter" + required: false +- displayName: Smart Router listening port + description: Port in which the smart router server listens (router property org.kie.server.router.port) + name: KIE_SERVER_ROUTER_PORT + example: "9000" + required: false +- displayName: Smart Router protocol + description: KIE server router protocol (Used to build the org.kie.server.router.url.external property) + name: KIE_SERVER_ROUTER_PROTOCOL + example: "http" + required: false +- displayName: KIE Server Controller Service + description: The service name for the optional business-central-monitor, where it can be reached and registered with, to allow monitoring console functionality + name: KIE_SERVER_CONTROLLER_SERVICE + required: false +- displayName: KIE Server Controller User + description: KIE server controller username (Sets the org.kie.server.controller.user system property) + name: KIE_SERVER_CONTROLLER_USER + value: controllerUser + required: false +- displayName: KIE Server Controller Password + description: KIE server controller password (Sets the org.kie.server.controller.pwd system property) + name: KIE_SERVER_CONTROLLER_PWD + required: false +- displayName: KIE server controller host + description: KIE server controller host (Used to set the org.kie.server.controller system property) + name: KIE_SERVER_CONTROLLER_HOST + example: my-app-controller-ocpuser.os.example.com + required: false +- displayName: KIE server controller port + description: KIE server controller port (Used to set the org.kie.server.controller system property) + name: KIE_SERVER_CONTROLLER_PORT + example: '8080' + required: false +- displayName: KIE server controller protocol + description: KIE server controller protocol (Used to set the org.kie.server.controller system property) + name: KIE_SERVER_CONTROLLER_PROTOCOL + example: http + required: false +- displayName: KIE Server controller token + description: KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property) + name: KIE_SERVER_CONTROLLER_TOKEN + required: false +- displayName: KIE Server Persistence DS + description: KIE execution server persistence datasource (Sets the org.kie.server.persistence.ds system property) + name: KIE_SERVER_PERSISTENCE_DS + value: java:/jboss/datasources/rhpam + required: false +## PostgreSQL database parameters BEGIN +- displayName: KIE Server PostgreSQL Database User + description: KIE execution server PostgreSQL database username + name: KIE_SERVER_POSTGRESQL_USER + value: rhpam + required: false +- displayName: KIE Server PostgreSQL Database Password + description: KIE execution server PostgreSQL database password + name: KIE_SERVER_POSTGRESQL_PWD + from: "[a-zA-Z]{6}[0-9]{1}!" + generate: expression + required: false +- displayName: KIE Server PostgreSQL Database Name + description: KIE execution server PostgreSQL database name + name: KIE_SERVER_POSTGRESQL_DB + value: rhpam7 + required: false +- displayName: PostgreSQL ImageStream Tag + description: The PostgreSQL image version, which is intended to correspond to the PostgreSQL version. Default is "9.6". + name: POSTGRESQL_IMAGE_STREAM_TAG + value: "9.6" +- displayName: PostgreSQL Database max prepared connections + description: Allows the PostgreSQL to handle XA transactions. + name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS + value: '100' + required: true +- displayName: Database Volume Capacity + description: Size of persistent storage for database volume. + name: DB_VOLUME_CAPACITY + value: 1Gi +## PostgreSQL database parameters END +- displayName: Drools Server Filter Classes + description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property) + name: DROOLS_SERVER_FILTER_CLASSES + value: 'true' + required: false +- displayName: KIE MBeans + description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties) + name: KIE_MBEANS + value: enabled + required: false +- displayName: Execution Server Custom http Route Hostname + description: 'Custom hostname for http service route, if set will also configure the KIE_SERVER_HOST. Leave blank for default hostname, + e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>' + name: EXECUTION_SERVER_HOSTNAME_HTTP + value: '' + required: false +- displayName: Execution Server Custom https Route Hostname + description: 'Custom hostname for https service route. Leave blank for default + hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>' + name: EXECUTION_SERVER_HOSTNAME_HTTPS + value: '' + required: false +- displayName: Use the secure route name to set KIE_SERVER_HOST. + description: Use https for the KIE_SERVER_HOST when it is not explicit configured to a custom value. + name: EXECUTION_SERVER_USE_SECURE_ROUTE_NAME + value: 'false' + required: false +- displayName: KIE Server Keystore Secret Name + description: The name of the secret containing the keystore file + name: KIE_SERVER_HTTPS_SECRET + example: kieserver-app-secret + required: true +- displayName: KIE Server Keystore Filename + description: The name of the keystore file within the secret + name: KIE_SERVER_HTTPS_KEYSTORE + value: keystore.jks + required: false +- displayName: KIE Server Certificate Name + description: The name associated with the server certificate + name: KIE_SERVER_HTTPS_NAME + value: jboss + required: false +- displayName: KIE Server Keystore Password + description: The password for the keystore and certificate + name: KIE_SERVER_HTTPS_PASSWORD + value: mykeystorepass + required: false +- displayName: KIE Server Bypass Auth User + description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property) + name: KIE_SERVER_BYPASS_AUTH_USER + value: 'false' + required: false +- displayName: "Timer service data store refresh interval (in milliseconds)" + description: "Sets refresh-interval for the EJB timer database data-store service." + name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL + value: '30000' + required: false +- displayName: Execution Server Container Memory Limit + description: Execution Server Container memory limit + name: EXECUTION_SERVER_MEMORY_LIMIT + value: 1Gi + required: false +- displayName: KIE Server Container Deployment + description: 'KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2' + name: KIE_SERVER_CONTAINER_DEPLOYMENT + example: rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.4.0-SNAPSHOT + required: false +- displayName: Disable KIE Server Management + description: "When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable" + name: KIE_SERVER_MGMT_DISABLED + example: "true" + required: false +- displayName: KIE Server Startup Strategy + description: "When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable." + name: KIE_SERVER_STARTUP_STRATEGY + example: "LocalContainersStartupStrategy" + required: false +objects: +- kind: ServiceAccount + apiVersion: v1 + metadata: + name: "${APPLICATION_NAME}-kieserver" + labels: + application: "${APPLICATION_NAME}" +- kind: RoleBinding + apiVersion: v1 + metadata: + name: "${APPLICATION_NAME}-kieserver-view" + subjects: + - kind: ServiceAccount + name: "${APPLICATION_NAME}-kieserver" + roleRef: + name: view +- kind: Service + apiVersion: v1 + spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + - name: https + port: 8443 + targetPort: 8443 + selector: + deploymentConfig: "${APPLICATION_NAME}-kieserver" + metadata: + name: "${APPLICATION_NAME}-kieserver" + labels: + application: "${APPLICATION_NAME}" + service: "${APPLICATION_NAME}-kieserver" + annotations: + description: All the KIE server web server's ports. +- kind: Service + apiVersion: v1 + spec: + clusterIP: "None" + ports: + - name: "ping" + port: 8888 + selector: + deploymentConfig: "${APPLICATION_NAME}-kieserver" + metadata: + name: "${APPLICATION_NAME}-kieserver-ping" + labels: + application: "${APPLICATION_NAME}" + service: "${APPLICATION_NAME}-kieserver" + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + description: "The JGroups ping port for clustering." +## PostgreSQL service BEGIN +- apiVersion: v1 + kind: Service + metadata: + annotations: + description: The database server's port. + labels: + application: ${APPLICATION_NAME} + service: "${APPLICATION_NAME}-postgresql" + name: ${APPLICATION_NAME}-postgresql + spec: + ports: + - port: 5432 + targetPort: 5432 + selector: + deploymentConfig: ${APPLICATION_NAME}-postgresql +## PostgreSQL service END +- kind: Route + apiVersion: v1 + id: "${APPLICATION_NAME}-kieserver-http" + metadata: + name: "${APPLICATION_NAME}-kieserver" + labels: + application: "${APPLICATION_NAME}" + service: "${APPLICATION_NAME}-kieserver" + annotations: + description: Route for KIE server's http service. + spec: + host: "${EXECUTION_SERVER_HOSTNAME_HTTP}" + to: + name: "${APPLICATION_NAME}-kieserver" + port: + targetPort: http +- kind: Route + apiVersion: v1 + id: "${APPLICATION_NAME}-kieserver-https" + metadata: + name: "secure-${APPLICATION_NAME}-kieserver" + labels: + application: "${APPLICATION_NAME}" + service: "${APPLICATION_NAME}-kieserver" + annotations: + description: Route for KIE server's https service. + spec: + host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}" + to: + name: "${APPLICATION_NAME}-kieserver" + port: + targetPort: https + tls: + termination: passthrough +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "${APPLICATION_NAME}-kieserver" + labels: + application: "${APPLICATION_NAME}" + service: "${APPLICATION_NAME}-kieserver" + spec: + strategy: + type: Recreate + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - "${APPLICATION_NAME}-kieserver" + from: + kind: ImageStreamTag + namespace: "${IMAGE_STREAM_NAMESPACE}" + name: "${KIE_SERVER_IMAGE_STREAM_NAME}:${IMAGE_STREAM_TAG}" + - type: ConfigChange + replicas: 1 + selector: + deploymentConfig: "${APPLICATION_NAME}-kieserver" + template: + metadata: + name: "${APPLICATION_NAME}-kieserver" + labels: + deploymentConfig: "${APPLICATION_NAME}-kieserver" + application: "${APPLICATION_NAME}" + service: "${APPLICATION_NAME}-kieserver" + spec: + serviceAccountName: "${APPLICATION_NAME}-kieserver" + terminationGracePeriodSeconds: 60 + containers: + - name: "${APPLICATION_NAME}-kieserver" + image: "${KIE_SERVER_IMAGE_STREAM_NAME}" + imagePullPolicy: Always + resources: + limits: + memory: "${EXECUTION_SERVER_MEMORY_LIMIT}" + volumeMounts: + - name: kieserver-keystore-volume + mountPath: "/etc/kieserver-secret-volume" + readOnly: true + livenessProbe: + exec: + command: + - "/bin/bash" + - "-c" + - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/healthcheck" + initialDelaySeconds: 180 + timeoutSeconds: 2 + periodSeconds: 15 + failureThreshold: 3 + readinessProbe: + exec: + command: + - "/bin/bash" + - "-c" + - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck" + initialDelaySeconds: 60 + timeoutSeconds: 2 + periodSeconds: 30 + failureThreshold: 6 + ports: + - name: jolokia + containerPort: 8778 + protocol: TCP + - name: http + containerPort: 8080 + protocol: TCP + - name: https + containerPort: 8443 + protocol: TCP + - name: ping + containerPort: 8888 + protocol: TCP + env: + - name: DROOLS_SERVER_FILTER_CLASSES + value: "${DROOLS_SERVER_FILTER_CLASSES}" + - name: KIE_ADMIN_USER + value: "${KIE_ADMIN_USER}" + - name: KIE_ADMIN_PWD + value: "${KIE_ADMIN_PWD}" + - name: KIE_MBEANS + value: "${KIE_MBEANS}" + - name: KIE_SERVER_BYPASS_AUTH_USER + value: "${KIE_SERVER_BYPASS_AUTH_USER}" + - name: KIE_SERVER_CONTROLLER_USER + value: "${KIE_SERVER_CONTROLLER_USER}" + - name: KIE_SERVER_CONTROLLER_PWD + value: "${KIE_SERVER_CONTROLLER_PWD}" + - name: KIE_SERVER_CONTROLLER_SERVICE + value: "${KIE_SERVER_CONTROLLER_SERVICE}" + - name: KIE_SERVER_CONTROLLER_HOST + value: "${KIE_SERVER_CONTROLLER_HOST}" + - name: KIE_SERVER_CONTROLLER_PORT + value: "${KIE_SERVER_CONTROLLER_PORT}" + - name: KIE_SERVER_CONTROLLER_PROTOCOL + value: "${KIE_SERVER_CONTROLLER_PROTOCOL}" + - name: KIE_SERVER_CONTROLLER_TOKEN + value: "${KIE_SERVER_CONTROLLER_TOKEN}" + - name: KIE_SERVER_CONTROLLER_PROTOCOL + value: "ws" + - name: KIE_SERVER_ID + value: "${KIE_SERVER_ID}" + - name: KIE_SERVER_HOST + value: "${EXECUTION_SERVER_HOSTNAME_HTTP}" + - name: EXECUTION_SERVER_ROUTE_NAME + value: "${APPLICATION_NAME}-kieserver" + - name: EXECUTION_SERVER_USE_SECURE_ROUTE_NAME + value: "${EXECUTION_SERVER_USE_SECURE_ROUTE_NAME}" + - name: KIE_SERVER_USER + value: "${KIE_SERVER_USER}" + - name: KIE_SERVER_PWD + value: "${KIE_SERVER_PWD}" + - name: KIE_SERVER_CONTAINER_DEPLOYMENT + value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}" + - name: MAVEN_REPOS + value: "RHPAMCENTR,EXTERNAL" + - name: RHPAMCENTR_MAVEN_REPO_SERVICE + value: "${BUSINESS_CENTRAL_MAVEN_SERVICE}" + - name: RHPAMCENTR_MAVEN_REPO_PATH + value: "/maven2/" + - name: RHPAMCENTR_MAVEN_REPO_USERNAME + value: "${BUSINESS_CENTRAL_MAVEN_USERNAME}" + - name: RHPAMCENTR_MAVEN_REPO_PASSWORD + value: "${BUSINESS_CENTRAL_MAVEN_PASSWORD}" + - name: EXTERNAL_MAVEN_REPO_URL + value: "${MAVEN_REPO_URL}" + - name: EXTERNAL_MAVEN_REPO_USERNAME + value: "${MAVEN_REPO_USERNAME}" + - name: EXTERNAL_MAVEN_REPO_PASSWORD + value: "${MAVEN_REPO_PASSWORD}" + - name: KIE_SERVER_ROUTER_SERVICE + value: "${KIE_SERVER_ROUTER_SERVICE}" + - name: KIE_SERVER_ROUTER_HOST + value: "${KIE_SERVER_ROUTER_HOST}" + - name: KIE_SERVER_ROUTER_PORT + value: "${KIE_SERVER_ROUTER_PORT}" + - name: KIE_SERVER_ROUTER_PROTOCOL + value: "${KIE_SERVER_ROUTER_PROTOCOL}" + - name: KIE_SERVER_MGMT_DISABLED + value: "${KIE_SERVER_MGMT_DISABLED}" + - name: KIE_SERVER_STARTUP_STRATEGY + value: "${KIE_SERVER_STARTUP_STRATEGY}" + - name: KIE_SERVER_PERSISTENCE_DS + value: "${KIE_SERVER_PERSISTENCE_DS}" + - name: DATASOURCES + value: "RHPAM" +## PostgreSQL driver settings BEGIN + - name: RHPAM_DATABASE + value: "${KIE_SERVER_POSTGRESQL_DB}" + - name: RHPAM_DRIVER + value: "postgresql" + - name: RHPAM_USERNAME + value: "${KIE_SERVER_POSTGRESQL_USER}" + - name: RHPAM_PASSWORD + value: "${KIE_SERVER_POSTGRESQL_PWD}" + - name: RHPAM_SERVICE_HOST + value: "${APPLICATION_NAME}-postgresql" + - name: RHPAM_SERVICE_PORT + value: "5432" + - name: TIMER_SERVICE_DATA_STORE + value: "${APPLICATION_NAME}-postgresql" + - name: KIE_SERVER_PERSISTENCE_DIALECT + value: "org.hibernate.dialect.PostgreSQLDialect" +## PostgreSQL driver settings END + - name: RHPAM_JTA + value: "true" + - name: RHPAM_JNDI + value: "${KIE_SERVER_PERSISTENCE_DS}" + - name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL + value: "${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}" + - name: HTTPS_KEYSTORE_DIR + value: "/etc/kieserver-secret-volume" + - name: HTTPS_KEYSTORE + value: "${KIE_SERVER_HTTPS_KEYSTORE}" + - name: HTTPS_NAME + value: "${KIE_SERVER_HTTPS_NAME}" + - name: HTTPS_PASSWORD + value: "${KIE_SERVER_HTTPS_PASSWORD}" + - name: JGROUPS_PING_PROTOCOL + value: "openshift.DNS_PING" + - name: OPENSHIFT_DNS_PING_SERVICE_NAME + value: "${APPLICATION_NAME}-kieserver-ping" + - name: OPENSHIFT_DNS_PING_SERVICE_PORT + value: "8888" + volumes: + - name: kieserver-keystore-volume + secret: + secretName: "${KIE_SERVER_HTTPS_SECRET}" +## PostgreSQL deployment config BEGIN +- kind: DeploymentConfig + apiVersion: v1 + metadata: + name: "${APPLICATION_NAME}-postgresql" + labels: + application: "${APPLICATION_NAME}" + service: "${APPLICATION_NAME}-postgresql" + spec: + strategy: + type: Recreate + triggers: + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - "${APPLICATION_NAME}-postgresql" + from: + kind: ImageStreamTag + namespace: "${IMAGE_STREAM_NAMESPACE}" + name: "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}" + - type: ConfigChange + replicas: 1 + selector: + deploymentConfig: "${APPLICATION_NAME}-postgresql" + template: + metadata: + name: "${APPLICATION_NAME}-postgresql" + labels: + deploymentConfig: "${APPLICATION_NAME}-postgresql" + application: "${APPLICATION_NAME}" + service: "${APPLICATION_NAME}-postgresql" + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: "${APPLICATION_NAME}-postgresql" + image: postgresql + imagePullPolicy: Always + livenessProbe: + exec: + command: + - "/usr/libexec/check-container" + - "--live" + initialDelaySeconds: 120 + timeoutSeconds: 10 + readinessProbe: + exec: + command: + - "/usr/libexec/check-container" + initialDelaySeconds: 5 + timeoutSeconds: 1 + ports: + - containerPort: 5432 + protocol: TCP + volumeMounts: + - mountPath: "/var/lib/pgsql/data" + name: "${APPLICATION_NAME}-postgresql-pvol" + env: + - name: POSTGRESQL_USER + value: "${KIE_SERVER_POSTGRESQL_USER}" + - name: POSTGRESQL_PASSWORD + value: "${KIE_SERVER_POSTGRESQL_PWD}" + - name: POSTGRESQL_DATABASE + value: "${KIE_SERVER_POSTGRESQL_DB}" + - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS + value: "${POSTGRESQL_MAX_PREPARED_TRANSACTIONS}" + volumes: + - name: "${APPLICATION_NAME}-postgresql-pvol" + persistentVolumeClaim: + claimName: "${APPLICATION_NAME}-postgresql-claim" +## PostgreSQL deployment config END +## PostgreSQL persistent volume claim BEGIN +- apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: "${APPLICATION_NAME}-postgresql-claim" + labels: + application: "${APPLICATION_NAME}" + service: "${APPLICATION_NAME}-postgresql" + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "${DB_VOLUME_CAPACITY}" +## PostgreSQL persistent volume claim END diff --git a/extras/backup/vol04-pv.yaml b/extras/backup/vol04-pv.yaml new file mode 100644 index 0000000..06a8d46 --- /dev/null +++ b/extras/backup/vol04-pv.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: vol04 +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + path: /var/exports/vol04 + server: services.lab.example.com -- Gitblit v1.9.3