From 1cb3a4913182592088c3a62d5a46241e87b1633c Mon Sep 17 00:00:00 2001 From: tchughesiv Date: Fri, 29 Mar 2019 09:32:09 -0500 Subject: [PATCH 1/2] [KIECLOUD-174] new password fields for configuring DBs and AMQ Signed-off-by: tchughesiv --- config/dbs/h2.yaml | 2 +- config/dbs/mysql.yaml | 20 +++++++++---------- config/dbs/postgresql.yaml | 16 +++++++-------- config/envs/rhdm-authoring-ha.yaml | 20 +++++++++---------- config/envs/rhpam-authoring-ha.yaml | 20 +++++++++---------- .../redhat/catalog-source.yaml | 9 +++++++++ deploy/crds/kieapp.crd.yaml | 9 +++++++++ pkg/apis/app/v1/kieapp_types.go | 3 +++ pkg/controller/kieapp/defaults/defaults.go | 3 +++ .../kieapp/defaults/defaults_test.go | 15 ++++++++++++++ 10 files changed, 78 insertions(+), 39 deletions(-) diff --git a/config/dbs/h2.yaml b/config/dbs/h2.yaml index a46b4c597..456050566 100644 --- a/config/dbs/h2.yaml +++ b/config/dbs/h2.yaml @@ -30,7 +30,7 @@ servers: - name: RHPAM_USERNAME value: "rhpam" - name: RHPAM_PASSWORD - value: "[[$.AdminPassword]]" + value: "[[$.DBPassword]]" - name: RHPAM_SERVICE_HOST value: "dummy_ignored" - name: RHPAM_SERVICE_PORT diff --git a/config/dbs/mysql.yaml b/config/dbs/mysql.yaml index 508ac8287..26ca002a1 100644 --- a/config/dbs/mysql.yaml +++ b/config/dbs/mysql.yaml @@ -41,7 +41,7 @@ servers: - name: RHPAM_USERNAME value: "rhpam" - name: RHPAM_PASSWORD - value: "[[$.AdminPassword]]" + value: "[[$.DBPassword]]" - name: RHPAM_SERVICE_HOST value: "[[.KieName]]-mysql" - name: RHPAM_SERVICE_PORT @@ -49,8 +49,8 @@ servers: - name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL value: "60000" ## MySQL driver settings END - ## KIE server deployment config END - ## MySQL deployment BEGIN + ## KIE server deployment config END + ## MySQL deployment BEGIN - metadata: name: "[[.KieName]]-mysql" labels: @@ -110,18 +110,18 @@ servers: - name: MYSQL_USER value: "rhpam" - name: MYSQL_PASSWORD - value: "[[$.AdminPassword]]" + value: "[[$.DBPassword]]" - name: MYSQL_DATABASE value: "rhpam7" volumeMounts: - mountPath: "/var/lib/mysql/data" name: "[[.KieName]]-mysql-[[$.Constants.DatabaseVolumeSuffix]]" -## [[ if ne .Database.Size "" ]] + ## [[ if ne .Database.Size "" ]] volumes: - name: "[[.KieName]]-mysql-[[$.Constants.DatabaseVolumeSuffix]]" persistentVolumeClaim: claimName: "[[.KieName]]-mysql-claim" - ## MySQL persistent volume claim BEGIN + ## MySQL persistent volume claim BEGIN persistentVolumeClaims: - metadata: name: "[[.KieName]]-mysql-claim" @@ -135,13 +135,13 @@ servers: resources: requests: storage: "[[.Database.Size]]" - ## MySQL persistent volume claim END -## [[ else ]] + ## MySQL persistent volume claim END + ## [[ else ]] volumes: - name: "[[.KieName]]-mysql-[[$.Constants.DatabaseVolumeSuffix]]" emptyDir: {} -## [[ end ]] -## MySQL deployment END + ## [[ end ]] + ## MySQL deployment END services: - spec: ports: diff --git a/config/dbs/postgresql.yaml b/config/dbs/postgresql.yaml index 54d6ada9f..87ddd0c91 100644 --- a/config/dbs/postgresql.yaml +++ b/config/dbs/postgresql.yaml @@ -2,7 +2,7 @@ servers: ## RANGE BEGINS #[[ range $index, $Map := .Servers ]] - ## KIE server deployment config BEGIN + ## KIE server deployment config BEGIN - deploymentConfigs: - metadata: name: "[[.KieName]]" @@ -41,7 +41,7 @@ servers: - name: RHPAM_USERNAME value: "rhpam" - name: RHPAM_PASSWORD - value: "[[$.AdminPassword]]" + value: "[[$.DBPassword]]" - name: RHPAM_SERVICE_HOST value: "[[.KieName]]-postgresql" - name: RHPAM_SERVICE_PORT @@ -107,7 +107,7 @@ servers: - name: POSTGRESQL_USER value: "rhpam" - name: POSTGRESQL_PASSWORD - value: "[[$.AdminPassword]]" + value: "[[$.DBPassword]]" - name: POSTGRESQL_DATABASE value: "rhpam7" - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS @@ -115,13 +115,13 @@ servers: volumeMounts: - mountPath: "/var/lib/pgsql/data" name: "[[.KieName]]-postgresql-[[$.Constants.DatabaseVolumeSuffix]]" -## [[ if ne .Database.Size "" ]] + ## [[ if ne .Database.Size "" ]] volumes: - name: "[[.KieName]]-postgresql-[[$.Constants.DatabaseVolumeSuffix]]" persistentVolumeClaim: claimName: "[[.KieName]]-postgresql-claim" ## PostgreSQL deployment config END - ## PostgreSQL persistent volume claim BEGIN + ## PostgreSQL persistent volume claim BEGIN persistentVolumeClaims: - metadata: name: "[[.KieName]]-postgresql-claim" @@ -135,12 +135,12 @@ servers: resources: requests: storage: "[[.Database.Size]]" - ## PostgreSQL persistent volume claim END -## [[ else ]] + ## PostgreSQL persistent volume claim END + ## [[ else ]] volumes: - name: "[[.KieName]]-postgresql-[[$.Constants.DatabaseVolumeSuffix]]" emptyDir: {} -## [[ end ]] + ## [[ end ]] services: ## PostgreSQL service BEGIN - metadata: diff --git a/config/envs/rhdm-authoring-ha.yaml b/config/envs/rhdm-authoring-ha.yaml index 100664bd0..a05bb29ec 100644 --- a/config/envs/rhdm-authoring-ha.yaml +++ b/config/envs/rhdm-authoring-ha.yaml @@ -35,9 +35,9 @@ console: - name: APPFORMER_JMS_BROKER_ADDRESS value: "[[.ApplicationName]]-amq-tcp" - name: APPFORMER_JMS_BROKER_USER - value: "jmsBrokserUser" + value: "jmsBrokerUser" - name: APPFORMER_JMS_BROKER_PASSWORD - value: "[[.AdminPassword]]" + value: "[[.AMQClusterPassword]]" volumes: - name: "[[.ApplicationName]]-[[.Console.Name]]-pvol" persistentVolumeClaim: @@ -320,11 +320,11 @@ others: }, { "name": "AMQ_USER", - "value": "jmsBrokserUser" + "value": "jmsBrokerUser" }, { "name": "AMQ_PASSWORD", - "value": "[[.AdminPassword]]" + "value": "[[.AMQPassword]]" }, { "name": "AMQ_ROLE", @@ -368,11 +368,11 @@ others: }, { "name": "AMQ_CLUSTER_USER", - "value": "jmsBrokserUser" + "value": "jmsBrokerUser" }, { "name": "AMQ_CLUSTER_PASSWORD", - "value": "[[.AdminPassword]]" + "value": "[[.AMQClusterPassword]]" }, { "name": "POD_NAMESPACE", @@ -426,9 +426,9 @@ others: containers: - env: - name: AMQ_USER - value: "jmsBrokserUser" + value: "jmsBrokerUser" - name: AMQ_PASSWORD - value: "[[.AdminPassword]]" + value: "[[.AMQPassword]]" - name: AMQ_ROLE value: admin - name: AMQ_NAME @@ -447,9 +447,9 @@ others: - name: AMQ_REPLICAS value: "0" - name: AMQ_CLUSTER_USER - value: "jmsBrokserUser" + value: "jmsBrokerUser" - name: AMQ_CLUSTER_PASSWORD - value: "[[.AdminPassword]]" + value: "[[.AMQClusterPassword]]" - name: OPENSHIFT_DNS_PING_SERVICE_NAME value: "[[.ApplicationName]]-amq-ping" - name: AMQ_EXTRA_ARGS diff --git a/config/envs/rhpam-authoring-ha.yaml b/config/envs/rhpam-authoring-ha.yaml index 0aaefaee5..6662a799f 100644 --- a/config/envs/rhpam-authoring-ha.yaml +++ b/config/envs/rhpam-authoring-ha.yaml @@ -35,9 +35,9 @@ console: - name: APPFORMER_JMS_BROKER_ADDRESS value: "[[.ApplicationName]]-amq-tcp" - name: APPFORMER_JMS_BROKER_USER - value: "jmsBrokserUser" + value: "jmsBrokerUser" - name: APPFORMER_JMS_BROKER_PASSWORD - value: "[[.AdminPassword]]" + value: "[[.AMQClusterPassword]]" volumes: - name: "[[.ApplicationName]]-[[.Console.Name]]-pvol" persistentVolumeClaim: @@ -319,11 +319,11 @@ others: }, { "name": "AMQ_USER", - "value": "jmsBrokserUser" + "value": "jmsBrokerUser" }, { "name": "AMQ_PASSWORD", - "value": "[[.AdminPassword]]" + "value": "[[.AMQPassword]]" }, { "name": "AMQ_ROLE", @@ -367,11 +367,11 @@ others: }, { "name": "AMQ_CLUSTER_USER", - "value": "jmsBrokserUser" + "value": "jmsBrokerUser" }, { "name": "AMQ_CLUSTER_PASSWORD", - "value": "[[.AdminPassword]]" + "value": "[[.AMQClusterPassword]]" }, { "name": "POD_NAMESPACE", @@ -425,9 +425,9 @@ others: containers: - env: - name: AMQ_USER - value: "jmsBrokserUser" + value: "jmsBrokerUser" - name: AMQ_PASSWORD - value: "[[.AdminPassword]]" + value: "[[.AMQPassword]]" - name: AMQ_ROLE value: admin - name: AMQ_NAME @@ -446,9 +446,9 @@ others: - name: AMQ_REPLICAS value: "0" - name: AMQ_CLUSTER_USER - value: "jmsBrokserUser" + value: "jmsBrokerUser" - name: AMQ_CLUSTER_PASSWORD - value: "[[.AdminPassword]]" + value: "[[.AMQClusterPassword]]" - name: OPENSHIFT_DNS_PING_SERVICE_NAME value: "[[.ApplicationName]]-amq-ping" - name: AMQ_EXTRA_ARGS diff --git a/deploy/catalog_resources/redhat/catalog-source.yaml b/deploy/catalog_resources/redhat/catalog-source.yaml index ebb830f5a..971100a16 100644 --- a/deploy/catalog_resources/redhat/catalog-source.yaml +++ b/deploy/catalog_resources/redhat/catalog-source.yaml @@ -248,6 +248,15 @@ items: adminPassword: type: string description: The password to use for the adminUser. + dbPassword: + type: string + description: The password to use for databases. + amqPassword: + type: string + description: The password to use for amq user. + amqClusterPassword: + type: string + description: The password to use for amq cluster user. controllerPassword: type: string description: The password to use for the controllerUser. diff --git a/deploy/crds/kieapp.crd.yaml b/deploy/crds/kieapp.crd.yaml index 9d10aa6cb..14471471a 100644 --- a/deploy/crds/kieapp.crd.yaml +++ b/deploy/crds/kieapp.crd.yaml @@ -53,6 +53,15 @@ spec: adminPassword: type: string description: The password to use for the adminUser. + dbPassword: + type: string + description: The password to use for databases. + amqPassword: + type: string + description: The password to use for amq user. + amqClusterPassword: + type: string + description: The password to use for amq cluster user. controllerPassword: type: string description: The password to use for the controllerUser. diff --git a/pkg/apis/app/v1/kieapp_types.go b/pkg/apis/app/v1/kieapp_types.go index 1c574b442..8d4c91d1b 100644 --- a/pkg/apis/app/v1/kieapp_types.go +++ b/pkg/apis/app/v1/kieapp_types.go @@ -376,6 +376,9 @@ type CommonConfig struct { ImageTag string `json:"imageTag,omitempty"` KeyStorePassword string `json:"keyStorePassword,omitempty"` AdminPassword string `json:"adminPassword,omitempty"` + DBPassword string `json:"dbPassword,omitempty"` + AMQPassword string `json:"amqPassword,omitempty"` + AMQClusterPassword string `json:"amqClusterPassword,omitempty"` ControllerPassword string `json:"controllerPassword,omitempty"` ServerPassword string `json:"serverPassword,omitempty"` MavenPassword string `json:"mavenPassword,omitempty"` diff --git a/pkg/controller/kieapp/defaults/defaults.go b/pkg/controller/kieapp/defaults/defaults.go index dcc665a5d..699a8cdcc 100644 --- a/pkg/controller/kieapp/defaults/defaults.go +++ b/pkg/controller/kieapp/defaults/defaults.go @@ -446,6 +446,9 @@ func setPasswords(config *v1.CommonConfig, isTrialEnv bool) { passwords := []*string{ &config.KeyStorePassword, &config.AdminPassword, + &config.DBPassword, + &config.AMQPassword, + &config.AMQClusterPassword, &config.ControllerPassword, &config.MavenPassword, &config.ServerPassword} diff --git a/pkg/controller/kieapp/defaults/defaults_test.go b/pkg/controller/kieapp/defaults/defaults_test.go index 0ed54faf4..02607ed3c 100644 --- a/pkg/controller/kieapp/defaults/defaults_test.go +++ b/pkg/controller/kieapp/defaults/defaults_test.go @@ -223,6 +223,10 @@ func TestRhpamAuthoringHAEnvironment(t *testing.T) { }, Spec: v1.KieAppSpec{ Environment: v1.RhpamAuthoringHA, + CommonConfig: v1.CommonConfig{ + AMQPassword: "amq", + AMQClusterPassword: "cluster", + }, }, } env, err := GetEnvironment(cr, test.MockService()) @@ -232,6 +236,12 @@ func TestRhpamAuthoringHAEnvironment(t *testing.T) { assert.Equal(t, "test-rhpamcentr", env.Console.DeploymentConfigs[0].ObjectMeta.Name) assert.Equal(t, "test-amq", env.Others[0].StatefulSets[0].ObjectMeta.Name) assert.Equal(t, fmt.Sprintf("rhpam%s-businesscentral-openshift", cr.Spec.CommonConfig.Version), env.Console.DeploymentConfigs[0].Spec.Template.Spec.Containers[0].Image) + amqClusterPassword := getEnvVariable(env.Console.DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "APPFORMER_JMS_BROKER_PASSWORD") + assert.Equal(t, "cluster", amqClusterPassword, "Expected provided password to take effect, but found %v", amqClusterPassword) + amqPassword := getEnvVariable(env.Others[0].StatefulSets[0].Spec.Template.Spec.Containers[0], "AMQ_PASSWORD") + assert.Equal(t, "amq", amqPassword, "Expected provided password to take effect, but found %v", amqPassword) + amqClusterPassword = getEnvVariable(env.Others[0].StatefulSets[0].Spec.Template.Spec.Containers[0], "AMQ_CLUSTER_PASSWORD") + assert.Equal(t, "cluster", amqClusterPassword, "Expected provided password to take effect, but found %v", amqClusterPassword) pingService := getService(env.Console.Services, "test-rhpamcentr-ping") assert.Len(t, pingService.Spec.Ports, 1, "The ping service should have only one port") assert.True(t, hasPort(pingService, 8888), "The ping service should listen on port 8888") @@ -402,10 +412,15 @@ func TestAuthoringEnvironment(t *testing.T) { }, Spec: v1.KieAppSpec{ Environment: v1.RhpamAuthoring, + CommonConfig: v1.CommonConfig{ + DBPassword: "Database", + }, }, } env, err := GetEnvironment(cr, test.MockService()) assert.Nil(t, err, "Error getting authoring environment") + dbPassword := getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_PASSWORD") + assert.Equal(t, "Database", dbPassword, "Expected provided password to take effect, but found %v", dbPassword) assert.Equal(t, fmt.Sprintf("%s-kieserver", cr.Spec.CommonConfig.ApplicationName), env.Servers[len(env.Servers)-1].DeploymentConfigs[0].Spec.Template.Spec.Containers[0].Name, "the container name should have incremented") assert.NotEqual(t, v1.Environment{}, env, "Environment should not be empty") } From b1da13d72bca3fec18051ad7198b6bee55860eaf Mon Sep 17 00:00:00 2001 From: tchughesiv Date: Mon, 1 Apr 2019 13:04:28 -0500 Subject: [PATCH 2/2] [RHPAM-1952] resolve an intermittent issue may occur during the KIE server DC rollout due to sticky session Signed-off-by: tchughesiv --- config/common.yaml | 1 + config/dbs/h2.yaml | 2 ++ config/envs/rhdm-trial.yaml | 1 + config/envs/rhpam-trial.yaml | 1 + pkg/controller/kieapp/defaults/defaults_test.go | 2 ++ 5 files changed, 7 insertions(+) diff --git a/config/common.yaml b/config/common.yaml index cd8cd3399..699e00ef5 100644 --- a/config/common.yaml +++ b/config/common.yaml @@ -434,6 +434,7 @@ servers: spec: strategy: rollingParams: + maxSurge: 100% maxUnavailable: 0 type: Rolling triggers: diff --git a/config/dbs/h2.yaml b/config/dbs/h2.yaml index 456050566..d37103318 100644 --- a/config/dbs/h2.yaml +++ b/config/dbs/h2.yaml @@ -7,6 +7,8 @@ servers: - metadata: name: "[[.KieName]]" spec: + strategy: + type: Recreate template: metadata: name: "[[.KieName]]" diff --git a/config/envs/rhdm-trial.yaml b/config/envs/rhdm-trial.yaml index 9278ea6bd..5ae81d40c 100644 --- a/config/envs/rhdm-trial.yaml +++ b/config/envs/rhdm-trial.yaml @@ -104,6 +104,7 @@ servers: service: "[[.KieName]]" annotations: description: Route for KIE server's http service. + haproxy.router.openshift.io/balance: source haproxy.router.openshift.io/timeout: 60s spec: to: diff --git a/config/envs/rhpam-trial.yaml b/config/envs/rhpam-trial.yaml index 9278ea6bd..5ae81d40c 100644 --- a/config/envs/rhpam-trial.yaml +++ b/config/envs/rhpam-trial.yaml @@ -104,6 +104,7 @@ servers: service: "[[.KieName]]" annotations: description: Route for KIE server's http service. + haproxy.router.openshift.io/balance: source haproxy.router.openshift.io/timeout: 60s spec: to: diff --git a/pkg/controller/kieapp/defaults/defaults_test.go b/pkg/controller/kieapp/defaults/defaults_test.go index 02607ed3c..571547745 100644 --- a/pkg/controller/kieapp/defaults/defaults_test.go +++ b/pkg/controller/kieapp/defaults/defaults_test.go @@ -13,6 +13,7 @@ import ( v1 "github.com/kiegroup/kie-cloud-operator/pkg/apis/app/v1" "github.com/kiegroup/kie-cloud-operator/pkg/controller/kieapp/constants" "github.com/kiegroup/kie-cloud-operator/pkg/controller/kieapp/test" + appsv1 "github.com/openshift/api/apps/v1" buildv1 "github.com/openshift/api/build/v1" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" @@ -422,6 +423,7 @@ func TestAuthoringEnvironment(t *testing.T) { dbPassword := getEnvVariable(env.Servers[0].DeploymentConfigs[0].Spec.Template.Spec.Containers[0], "RHPAM_PASSWORD") assert.Equal(t, "Database", dbPassword, "Expected provided password to take effect, but found %v", dbPassword) assert.Equal(t, fmt.Sprintf("%s-kieserver", cr.Spec.CommonConfig.ApplicationName), env.Servers[len(env.Servers)-1].DeploymentConfigs[0].Spec.Template.Spec.Containers[0].Name, "the container name should have incremented") + assert.Equal(t, string(appsv1.DeploymentStrategyTypeRecreate), string(env.Servers[len(env.Servers)-1].DeploymentConfigs[0].Spec.Strategy.Type), "The DC should use a Recreate strategy when using the H2 DB") assert.NotEqual(t, v1.Environment{}, env, "Environment should not be empty") }