From 5a645b9d795352e6b079474ec58db15591f23e31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Wed, 24 May 2017 15:28:22 +0200 Subject: [PATCH] 3scale deployment: first try --- allinone.yml | 1 + roles/3scale/files/.gitignore | 2 + roles/3scale/files/amp.json | 2889 +++++++++++++++++++ roles/3scale/files/get-default-templates.sh | 9 + roles/3scale/tasks/main.yml | 34 + roles/3scale/vars/main.yml | 7 + 6 files changed, 2942 insertions(+) create mode 100644 roles/3scale/files/.gitignore create mode 100644 roles/3scale/files/amp.json create mode 100755 roles/3scale/files/get-default-templates.sh create mode 100644 roles/3scale/tasks/main.yml create mode 100644 roles/3scale/vars/main.yml diff --git a/allinone.yml b/allinone.yml index ac3a179..f4ad7ee 100644 --- a/allinone.yml +++ b/allinone.yml @@ -18,3 +18,4 @@ become: yes roles: - { name: 'hostpath-provisioner', tags: 'hostpath-provisioner' } + - { name: '3scale', tags: '3scale' } diff --git a/roles/3scale/files/.gitignore b/roles/3scale/files/.gitignore new file mode 100644 index 0000000..c321837 --- /dev/null +++ b/roles/3scale/files/.gitignore @@ -0,0 +1,2 @@ +amp.yml + diff --git a/roles/3scale/files/amp.json b/roles/3scale/files/amp.json new file mode 100644 index 0000000..591a014 --- /dev/null +++ b/roles/3scale/files/amp.json @@ -0,0 +1,2889 @@ +{ + "base_env": [ + { + "name": "RAILS_ENV", + "value": "production" + }, + { + "name": "DATABASE_URL", + "value": "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" + }, + { + "name": "FORCE_SSL", + "value": "true" + }, + { + "name": "THREESCALE_SUPERDOMAIN", + "value": "${WILDCARD_DOMAIN}" + }, + { + "name": "TENANT_NAME", + "value": "${TENANT_NAME}" + }, + { + "name": "APICAST_ACCESS_TOKEN", + "value": "${APICAST_ACCESS_TOKEN}" + }, + { + "name": "ADMIN_ACCESS_TOKEN", + "value": "${ADMIN_ACCESS_TOKEN}" + }, + { + "name": "PROVIDER_PLAN", + "value": "enterprise" + }, + { + "name": "USER_LOGIN", + "value": "${ADMIN_USERNAME}" + }, + { + "name": "USER_PASSWORD", + "value": "${ADMIN_PASSWORD}" + }, + { + "name": "RAILS_LOG_TO_STDOUT", + "value": "true" + }, + { + "name": "RAILS_LOG_LEVEL", + "value": "info" + }, + { + "name": "THINKING_SPHINX_ADDRESS", + "value": "system-sphinx" + }, + { + "name": "THINKING_SPHINX_PORT", + "value": "9306" + }, + { + "name": "THINKING_SPHINX_CONFIGURATION_FILE", + "value": "/tmp/sphinx.conf" + }, + { + "name": "EVENTS_SHARED_SECRET", + "value": "${SYSTEM_BACKEND_SHARED_SECRET}" + }, + { + "name": "THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE", + "value": "VERIFY_NONE" + }, + { + "name": "APICAST_BACKEND_ROOT_ENDPOINT", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + }, + { + "name": "CONFIG_INTERNAL_API_USER", + "value": "${SYSTEM_BACKEND_USERNAME}" + }, + { + "name": "CONFIG_INTERNAL_API_PASSWORD", + "value": "${SYSTEM_BACKEND_PASSWORD}" + }, + { + "name": "SECRET_KEY_BASE", + "value": "${SYSTEM_APP_SECRET_KEY_BASE}" + }, + { + "name": "AMP_RELEASE", + "value": "${AMP_RELEASE}" + }, + { + "name": "SMTP_ADDRESS", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "address" + } + } + }, + { + "name": "SMTP_USER_NAME", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "username" + } + } + }, + { + "name": "SMTP_PASSWORD", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "password" + } + } + }, + { + "name": "SMTP_DOMAIN", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "domain" + } + } + }, + { + "name": "SMTP_PORT", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "port" + } + } + }, + { + "name": "SMTP_AUTHENTICATION", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "authentication" + } + } + }, + { + "name": "SMTP_OPENSSL_VERIFY_MODE", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "openssl.verify.mode" + } + } + }, + { + "name": "BACKEND_ROUTE", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + } + ], + "apiVersion": "v1", + "kind": "Template", + "metadata": { + "name": "system" + }, + "message": "Login on https://${TENANT_NAME}-admin.${WILDCARD_DOMAIN} as ${ADMIN_USERNAME}/${ADMIN_PASSWORD}", + "objects": [ + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "system-storage" + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "100Mi" + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "mysql-storage" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "1Gi" + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "system-redis-storage" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "1Gi" + } + } + } + }, + { + "apiVersion": "v1", + "kind": "PersistentVolumeClaim", + "metadata": { + "name": "backend-redis-storage" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "1Gi" + } + } + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "backend-cron" + }, + "spec": { + "replicas": 0, + "selector": { + "name": "backend-cron" + }, + "strategy": { + "rollingParams": { + "intervalSeconds": 1, + "maxSurge": "25%", + "maxUnavailable": "25%", + "timeoutSeconds": 600, + "updatePeriodSeconds": 1 + }, + "type": "Rolling" + }, + "template": { + "metadata": { + "labels": { + "name": "backend-cron" + } + }, + "spec": { + "containers": [ + { + "args": [ + "backend-cron" + ], + "env": [ + { + "name": "CONFIG_REDIS_PROXY", + "value": "backend-redis:6379" + }, + { + "name": "CONFIG_QUEUES_MASTER_NAME", + "value": "backend-redis:6379/1" + }, + { + "name": "RACK_ENV", + "value": "production" + } + ], + "image": "3scale-amp20/backend:1.0-2", + "imagePullPolicy": "IfNotPresent", + "name": "backend-cron" + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "backend-redis" + }, + "spec": { + "replicas": 0, + "selector": { + "name": "backend-redis" + }, + "strategy": { + "type": "Recreate" + }, + "template": { + "metadata": { + "labels": { + "name": "backend-redis" + } + }, + "spec": { + "containers": [ + { + "image": "${REDIS_IMAGE}", + "imagePullPolicy": "IfNotPresent", + "name": "backend-redis", + "readinessProbe": { + "exec": { + "command": [ + "container-entrypoint", + "bash", + "-c", + "redis-cli set liveness-probe \"`date`\" | grep OK" + ] + }, + "initialDelaySeconds": 10, + "periodSeconds": 30, + "timeoutSeconds": 1 + }, + "livenessProbe": { + "tcpSocket": { + "port": 6379 + }, + "initialDelaySeconds": 10, + "periodSeconds": 10 + }, + "volumeMounts": [ + { + "name": "backend-redis-storage", + "mountPath": "/var/lib/redis/data" + }, + { + "name": "redis-config", + "mountPath": "/etc/redis.conf", + "subPath": "redis.conf" + } + ] + } + ], + "volumes": [ + { + "name": "backend-redis-storage", + "persistentVolumeClaim": { + "claimName": "backend-redis-storage" + } + }, + { + "name": "redis-config", + "configMap": { + "name": "redis-config", + "items": [ + { + "key": "redis.conf", + "path": "redis.conf" + } + ] + } + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "backend-listener" + }, + "spec": { + "replicas": 0, + "selector": { + "name": "backend-listener" + }, + "strategy": { + "rollingParams": { + "intervalSeconds": 1, + "maxSurge": "25%", + "maxUnavailable": "25%", + "timeoutSeconds": 600, + "updatePeriodSeconds": 1 + }, + "type": "Rolling" + }, + "template": { + "metadata": { + "labels": { + "name": "backend-listener" + } + }, + "spec": { + "containers": [ + { + "args": [ + "3scale_backend", + "start", + "-e", + "production", + "-p", + "3000", + "-x", + "/dev/stdout" + ], + "env": [ + { + "name": "CONFIG_REDIS_PROXY", + "value": "backend-redis:6379" + }, + { + "name": "CONFIG_QUEUES_MASTER_NAME", + "value": "backend-redis:6379/1" + }, + { + "name": "RACK_ENV", + "value": "production" + }, + { + "name": "CONFIG_INTERNAL_API_USER", + "value": "${SYSTEM_BACKEND_USERNAME}" + }, + { + "name": "CONFIG_INTERNAL_API_PASSWORD", + "value": "${SYSTEM_BACKEND_PASSWORD}" + } + ], + "image": "3scale-amp20/backend:1.0-2", + "imagePullPolicy": "IfNotPresent", + "name": "backend-listener", + "livenessProbe": { + "initialDelaySeconds": 30, + "periodSeconds": 10, + "tcpSocket": { + "port": 3000 + } + }, + "readinessProbe": { + "httpGet": { + "path": "/status", + "port": 3000 + }, + "initialDelaySeconds": 30, + "timeoutSeconds": 5 + }, + "ports": [ + { + "containerPort": 3000, + "protocol": "TCP" + } + ] + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "backend-redis" + }, + "spec": { + "ports": [ + { + "port": 6379, + "protocol": "TCP", + "targetPort": 6379 + } + ], + "selector": { + "name": "backend-redis" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "backend-listener" + }, + "spec": { + "ports": [ + { + "port": 3000, + "protocol": "TCP", + "targetPort": 3000, + "name": "http" + } + ], + "selector": { + "name": "backend-listener" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "system-provider" + }, + "spec": { + "ports": [ + { + "port": 3000, + "protocol": "TCP", + "targetPort": "provider", + "name": "http" + } + ], + "selector": { + "name": "system-app" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "system-developer" + }, + "spec": { + "ports": [ + { + "port": 3000, + "protocol": "TCP", + "targetPort": "developer", + "name": "http" + } + ], + "selector": { + "name": "system-app" + } + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "backend-worker" + }, + "spec": { + "replicas": 0, + "selector": { + "name": "backend-worker" + }, + "strategy": { + "rollingParams": { + "intervalSeconds": 1, + "maxSurge": "25%", + "maxUnavailable": "25%", + "timeoutSeconds": 600, + "updatePeriodSeconds": 1 + }, + "type": "Rolling" + }, + "template": { + "metadata": { + "labels": { + "name": "backend-worker" + } + }, + "spec": { + "containers": [ + { + "args": [ + "3scale_backend_worker", + "run" + ], + "env": [ + { + "name": "CONFIG_REDIS_PROXY", + "value": "backend-redis:6379" + }, + { + "name": "CONFIG_QUEUES_MASTER_NAME", + "value": "backend-redis:6379/1" + }, + { + "name": "RACK_ENV", + "value": "production" + }, + { + "name": "CONFIG_EVENTS_HOOK", + "value": "http://system-provider:3000/master/events/import" + }, + { + "name": "CONFIG_EVENTS_HOOK_SHARED_SECRET", + "value": "${SYSTEM_BACKEND_SHARED_SECRET}" + } + ], + "image": "3scale-amp20/backend:1.0-2", + "imagePullPolicy": "IfNotPresent", + "name": "backend-worker" + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "system-mysql" + }, + "spec": { + "ports": [ + { + "name": "system-mysql", + "protocol": "TCP", + "port": 3306, + "targetPort": 3306, + "nodePort": 0 + } + ], + "selector": { + "name": "system-mysql" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "system-redis" + }, + "spec": { + "ports": [ + { + "port": 6379, + "protocol": "TCP", + "targetPort": 6379, + "name": "redis" + } + ], + "selector": { + "name": "system-redis" + } + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "system-redis" + }, + "spec": { + "replicas": 0, + "selector": { + "name": "system-redis" + }, + "strategy": { + "type": "Recreate" + }, + "template": { + "metadata": { + "labels": { + "name": "system-redis" + } + }, + "spec": { + "containers": [ + { + "args": null, + "image": "${REDIS_IMAGE}", + "imagePullPolicy": "IfNotPresent", + "name": "system-redis", + "terminationMessagePath": "/dev/termination-log", + "volumeMounts": [ + { + "name": "system-redis-storage", + "mountPath": "/var/lib/redis/data" + }, + { + "name": "redis-config", + "mountPath": "/etc/redis.conf", + "subPath": "redis.conf" + } + ], + "readinessProbe": { + "exec": { + "command": [ + "container-entrypoint", + "bash", + "-c", + "redis-cli set liveness-probe \"`date`\" | grep OK" + ] + }, + "initialDelaySeconds": 30, + "periodSeconds": 10, + "timeoutSeconds": 5 + }, + "livenessProbe": { + "tcpSocket": { + "port": 6379 + }, + "initialDelaySeconds": 10, + "periodSeconds": 5 + } + } + ], + "volumes": [ + { + "name": "system-redis-storage", + "persistentVolumeClaim": { + "claimName": "system-redis-storage" + } + }, + { + "name": "redis-config", + "configMap": { + "name": "redis-config", + "items": [ + { + "key": "redis.conf", + "path": "redis.conf" + } + ] + } + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "system-sphinx" + }, + "spec": { + "ports": [ + { + "port": 9306, + "protocol": "TCP", + "targetPort": 9306, + "name": "sphinx" + } + ], + "selector": { + "name": "system-sphinx" + } + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "system-sphinx" + }, + "spec": { + "replicas": 0, + "selector": { + "name": "system-sphinx" + }, + "strategy": { + "rollingParams": { + "intervalSeconds": 1, + "maxSurge": "25%", + "maxUnavailable": "25%", + "timeoutSeconds": 600, + "updatePeriodSeconds": 1 + }, + "type": "Rolling" + }, + "template": { + "metadata": { + "labels": { + "name": "system-sphinx" + } + }, + "spec": { + "volumes": [ + { + "name": "system-sphinx-database", + "emptyDir": {} + } + ], + "containers": [ + { + "args": [ + "rake", + "openshift:thinking_sphinx:start" + ], + "volumeMounts": [ + { + "name": "system-sphinx-database", + "mountPath": "/opt/system/db/sphinx" + } + ], + "env": [ + { + "name": "RAILS_ENV", + "value": "production" + }, + { + "name": "DATABASE_URL", + "value": "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" + }, + { + "name": "THINKING_SPHINX_ADDRESS", + "value": "0.0.0.0" + }, + { + "name": "THINKING_SPHINX_CONFIGURATION_FILE", + "value": "db/sphinx/production.conf" + }, + { + "name": "THINKING_SPHINX_PID_FILE", + "value": "db/sphinx/searchd.pid" + }, + { + "name": "DELTA_INDEX_INTERVAL", + "value": "5" + }, + { + "name": "FULL_REINDEX_INTERVAL", + "value": "60" + } + ], + "image": "3scale-amp20/system:1.0-2", + "imagePullPolicy": "IfNotPresent", + "name": "system-sphinx", + "livenessProbe": { + "tcpSocket": { + "port": 9306 + }, + "initialDelaySeconds": 60, + "periodSeconds": 10 + } + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "system-memcache" + }, + "spec": { + "ports": [ + { + "port": 11211, + "protocol": "TCP", + "targetPort": 11211, + "name": "memcache" + } + ], + "selector": { + "name": "system-memcache" + } + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "system-memcache" + }, + "spec": { + "replicas": 0, + "selector": { + "name": "system-memcache" + }, + "strategy": { + "rollingParams": { + "intervalSeconds": 1, + "maxSurge": "25%", + "maxUnavailable": "25%", + "timeoutSeconds": 600, + "updatePeriodSeconds": 1 + }, + "type": "Rolling" + }, + "template": { + "metadata": { + "labels": { + "name": "system-memcache" + } + }, + "spec": { + "containers": [ + { + "args": null, + "env": null, + "image": "3scale-amp20/memcached:1.4.15-7", + "imagePullPolicy": "IfNotPresent", + "name": "memcache", + "readinessProbe": { + "exec": { + "command": [ + "sh", + "-c", + "echo version | nc $HOSTNAME 11211 | grep VERSION" + ] + }, + "initialDelaySeconds": 10, + "periodSeconds": 30, + "timeoutSeconds": 5 + }, + "livenessProbe": { + "tcpSocket": { + "port": 11211 + }, + "initialDelaySeconds": 10, + "periodSeconds": 10 + }, + "command": [ + "memcached", + "-m", + "64" + ] + } + ], + "ports": [ + { + "containerPort": 6379, + "protocol": "TCP" + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "name": "system-provider-admin-route", + "labels": { + "app": "system-route" + } + }, + "spec": { + "host": "${TENANT_NAME}-admin.${WILDCARD_DOMAIN}", + "to": { + "kind": "Service", + "name": "system-provider" + }, + "port": { + "targetPort": "http" + }, + "tls": { + "termination": "edge", + "insecureEdgeTerminationPolicy": "Allow" + } + } + }, + { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "name": "backend-route", + "labels": { + "app": "system-route" + } + }, + "spec": { + "host": "backend-${TENANT_NAME}.${WILDCARD_DOMAIN}", + "to": { + "kind": "Service", + "name": "backend-listener" + }, + "port": { + "targetPort": "http" + }, + "tls": { + "termination": "edge", + "insecureEdgeTerminationPolicy": "Allow" + } + } + }, + { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "name": "system-developer-route", + "labels": { + "app": "system-route" + } + }, + "spec": { + "host": "${TENANT_NAME}.${WILDCARD_DOMAIN}", + "to": { + "kind": "Service", + "name": "system-developer" + }, + "port": { + "targetPort": "http" + }, + "tls": { + "termination": "edge", + "insecureEdgeTerminationPolicy": "Allow" + } + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "apicast-staging" + }, + "spec": { + "replicas": 0, + "selector": { + "deploymentconfig": "apicast-staging" + }, + "strategy": { + "rollingParams": { + "intervalSeconds": 1, + "maxSurge": "25%", + "maxUnavailable": "25%", + "timeoutSeconds": 1800, + "updatePeriodSeconds": 1 + }, + "type": "Rolling" + }, + "template": { + "metadata": { + "labels": { + "deploymentconfig": "apicast-staging" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "THREESCALE_PORTAL_ENDPOINT", + "value": "http://${APICAST_ACCESS_TOKEN}@system-provider:3000" + }, + { + "name": "APICAST_CONFIGURATION_LOADER", + "value": "lazy" + }, + { + "name": "APICAST_CONFIGURATION_CACHE", + "value": "0" + }, + { + "name": "THREESCALE_DEPLOYMENT_ENV", + "value": "sandbox" + }, + { + "name": "APICAST_MANAGEMENT_API", + "value": "${APICAST_MANAGEMENT_API}" + }, + { + "name": "BACKEND_ENDPOINT_OVERRIDE", + "value": "http://backend-listener:3000" + }, + { + "name": "OPENSSL_VERIFY", + "value": "${APICAST_OPENSSL_VERIFY}" + }, + { + "name": "APICAST_RESPONSE_CODES", + "value": "${APICAST_RESPONSE_CODES}" + }, + { + "name": "REDIS_URL", + "value": "redis://system-redis:6379/2" + } + ], + "image": "3scale-amp20/apicast-gateway:1.0-3", + "imagePullPolicy": "IfNotPresent", + "name": "apicast-staging", + "livenessProbe": { + "httpGet": { + "path": "/status/live", + "port": 8090 + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 5, + "periodSeconds": 10 + }, + "readinessProbe": { + "httpGet": { + "path": "/status/ready", + "port": 8090 + }, + "initialDelaySeconds": 15, + "timeoutSeconds": 5, + "periodSeconds": 30 + }, + "ports": [ + { + "containerPort": 8080, + "protocol": "TCP" + }, + { + "containerPort": 8090, + "protocol": "TCP" + } + ] + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "apicast-staging" + }, + "spec": { + "ports": [ + { + "name": "gateway", + "port": 8080, + "protocol": "TCP", + "targetPort": 8080 + }, + { + "name": "management", + "port": 8090, + "protocol": "TCP", + "targetPort": 8090 + } + ], + "selector": { + "deploymentconfig": "apicast-staging" + } + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "apicast-production" + }, + "spec": { + "replicas": 0, + "selector": { + "deploymentconfig": "apicast-production" + }, + "strategy": { + "rollingParams": { + "intervalSeconds": 1, + "maxSurge": "25%", + "maxUnavailable": "25%", + "timeoutSeconds": 1800, + "updatePeriodSeconds": 1 + }, + "type": "Rolling" + }, + "template": { + "metadata": { + "labels": { + "deploymentconfig": "apicast-production" + } + }, + "spec": { + "containers": [ + { + "env": [ + { + "name": "THREESCALE_PORTAL_ENDPOINT", + "value": "http://${APICAST_ACCESS_TOKEN}@system-provider:3000" + }, + { + "name": "APICAST_CONFIGURATION_LOADER", + "value": "boot" + }, + { + "name": "APICAST_CONFIGURATION_CACHE", + "value": "300" + }, + { + "name": "THREESCALE_DEPLOYMENT_ENV", + "value": "production" + }, + { + "name": "APICAST_MANAGEMENT_API", + "value": "${APICAST_MANAGEMENT_API}" + }, + { + "name": "BACKEND_ENDPOINT_OVERRIDE", + "value": "http://backend-listener:3000" + }, + { + "name": "OPENSSL_VERIFY", + "value": "${APICAST_OPENSSL_VERIFY}" + }, + { + "name": "APICAST_RESPONSE_CODES", + "value": "${APICAST_RESPONSE_CODES}" + }, + { + "name": "REDIS_URL", + "value": "redis://system-redis:6379/1" + } + ], + "image": "3scale-amp20/apicast-gateway:1.0-3", + "imagePullPolicy": "IfNotPresent", + "name": "apicast-production", + "livenessProbe": { + "httpGet": { + "path": "/status/live", + "port": 8090 + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 5, + "periodSeconds": 10 + }, + "readinessProbe": { + "httpGet": { + "path": "/status/ready", + "port": 8090 + }, + "initialDelaySeconds": 15, + "timeoutSeconds": 5, + "periodSeconds": 30 + }, + "ports": [ + { + "containerPort": 8080, + "protocol": "TCP" + }, + { + "containerPort": 8090, + "protocol": "TCP" + } + ] + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "apicast-production" + }, + "spec": { + "ports": [ + { + "name": "gateway", + "port": 8080, + "protocol": "TCP", + "targetPort": 8080 + }, + { + "name": "management", + "port": 8090, + "protocol": "TCP", + "targetPort": 8090 + } + ], + "selector": { + "deploymentconfig": "apicast-production" + } + } + }, + { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "name": "api-apicast-staging-route", + "labels": { + "app": "apicast-staging" + } + }, + "spec": { + "host": "api-${TENANT_NAME}-apicast-staging.${WILDCARD_DOMAIN}", + "to": { + "kind": "Service", + "name": "apicast-staging" + }, + "port": { + "targetPort": "gateway" + }, + "tls": { + "termination": "edge", + "insecureEdgeTerminationPolicy": "Allow" + } + } + }, + { + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "name": "api-apicast-production-route", + "labels": { + "app": "apicast-production" + } + }, + "spec": { + "host": "api-${TENANT_NAME}-apicast-production.${WILDCARD_DOMAIN}", + "to": { + "kind": "Service", + "name": "apicast-production" + }, + "port": { + "targetPort": "gateway" + }, + "tls": { + "termination": "edge", + "insecureEdgeTerminationPolicy": "Allow" + } + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "system-app" + }, + "spec": { + "replicas": 0, + "selector": { + "name": "system-app" + }, + "strategy": { + "rollingParams": { + "intervalSeconds": 1, + "maxSurge": "25%", + "maxUnavailable": "25%", + "timeoutSeconds": 600, + "updatePeriodSeconds": 1, + "pre": { + "failurePolicy": "Retry", + "execNewPod": { + "containerName": "system-provider", + "command": [ + "bash", + "-c", + "bundle exec rake boot openshift:deploy" + ], + "env": [ + { + "name": "RAILS_ENV", + "value": "production" + }, + { + "name": "DATABASE_URL", + "value": "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" + }, + { + "name": "FORCE_SSL", + "value": "true" + }, + { + "name": "THREESCALE_SUPERDOMAIN", + "value": "${WILDCARD_DOMAIN}" + }, + { + "name": "TENANT_NAME", + "value": "${TENANT_NAME}" + }, + { + "name": "APICAST_ACCESS_TOKEN", + "value": "${APICAST_ACCESS_TOKEN}" + }, + { + "name": "ADMIN_ACCESS_TOKEN", + "value": "${ADMIN_ACCESS_TOKEN}" + }, + { + "name": "PROVIDER_PLAN", + "value": "enterprise" + }, + { + "name": "USER_LOGIN", + "value": "${ADMIN_USERNAME}" + }, + { + "name": "USER_PASSWORD", + "value": "${ADMIN_PASSWORD}" + }, + { + "name": "RAILS_LOG_TO_STDOUT", + "value": "true" + }, + { + "name": "RAILS_LOG_LEVEL", + "value": "info" + }, + { + "name": "THINKING_SPHINX_ADDRESS", + "value": "system-sphinx" + }, + { + "name": "THINKING_SPHINX_PORT", + "value": "9306" + }, + { + "name": "THINKING_SPHINX_CONFIGURATION_FILE", + "value": "/tmp/sphinx.conf" + }, + { + "name": "EVENTS_SHARED_SECRET", + "value": "${SYSTEM_BACKEND_SHARED_SECRET}" + }, + { + "name": "THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE", + "value": "VERIFY_NONE" + }, + { + "name": "APICAST_BACKEND_ROOT_ENDPOINT", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + }, + { + "name": "CONFIG_INTERNAL_API_USER", + "value": "${SYSTEM_BACKEND_USERNAME}" + }, + { + "name": "CONFIG_INTERNAL_API_PASSWORD", + "value": "${SYSTEM_BACKEND_PASSWORD}" + }, + { + "name": "SECRET_KEY_BASE", + "value": "${SYSTEM_APP_SECRET_KEY_BASE}" + }, + { + "name": "AMP_RELEASE", + "value": "${AMP_RELEASE}" + }, + { + "name": "SMTP_ADDRESS", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "address" + } + } + }, + { + "name": "SMTP_USER_NAME", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "username" + } + } + }, + { + "name": "SMTP_PASSWORD", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "password" + } + } + }, + { + "name": "SMTP_DOMAIN", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "domain" + } + } + }, + { + "name": "SMTP_PORT", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "port" + } + } + }, + { + "name": "SMTP_AUTHENTICATION", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "authentication" + } + } + }, + { + "name": "SMTP_OPENSSL_VERIFY_MODE", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "openssl.verify.mode" + } + } + }, + { + "name": "BACKEND_ROUTE", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + } + ], + "volumes": [ + "system-storage" + ] + } + }, + "post": { + "failurePolicy": "Abort", + "execNewPod": { + "containerName": "system-provider", + "command": [ + "bash", + "-c", + "bundle exec rake boot openshift:post_deploy" + ] + } + } + }, + "type": "Rolling" + }, + "template": { + "metadata": { + "labels": { + "name": "system-app" + } + }, + "spec": { + "containers": [ + { + "args": null, + "env": [ + { + "name": "RAILS_ENV", + "value": "production" + }, + { + "name": "DATABASE_URL", + "value": "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" + }, + { + "name": "FORCE_SSL", + "value": "true" + }, + { + "name": "THREESCALE_SUPERDOMAIN", + "value": "${WILDCARD_DOMAIN}" + }, + { + "name": "TENANT_NAME", + "value": "${TENANT_NAME}" + }, + { + "name": "APICAST_ACCESS_TOKEN", + "value": "${APICAST_ACCESS_TOKEN}" + }, + { + "name": "ADMIN_ACCESS_TOKEN", + "value": "${ADMIN_ACCESS_TOKEN}" + }, + { + "name": "PROVIDER_PLAN", + "value": "enterprise" + }, + { + "name": "USER_LOGIN", + "value": "${ADMIN_USERNAME}" + }, + { + "name": "USER_PASSWORD", + "value": "${ADMIN_PASSWORD}" + }, + { + "name": "RAILS_LOG_TO_STDOUT", + "value": "true" + }, + { + "name": "RAILS_LOG_LEVEL", + "value": "info" + }, + { + "name": "THINKING_SPHINX_ADDRESS", + "value": "system-sphinx" + }, + { + "name": "THINKING_SPHINX_PORT", + "value": "9306" + }, + { + "name": "THINKING_SPHINX_CONFIGURATION_FILE", + "value": "/tmp/sphinx.conf" + }, + { + "name": "EVENTS_SHARED_SECRET", + "value": "${SYSTEM_BACKEND_SHARED_SECRET}" + }, + { + "name": "THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE", + "value": "VERIFY_NONE" + }, + { + "name": "APICAST_BACKEND_ROOT_ENDPOINT", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + }, + { + "name": "CONFIG_INTERNAL_API_USER", + "value": "${SYSTEM_BACKEND_USERNAME}" + }, + { + "name": "CONFIG_INTERNAL_API_PASSWORD", + "value": "${SYSTEM_BACKEND_PASSWORD}" + }, + { + "name": "SECRET_KEY_BASE", + "value": "${SYSTEM_APP_SECRET_KEY_BASE}" + }, + { + "name": "AMP_RELEASE", + "value": "${AMP_RELEASE}" + }, + { + "name": "SMTP_ADDRESS", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "address" + } + } + }, + { + "name": "SMTP_USER_NAME", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "username" + } + } + }, + { + "name": "SMTP_PASSWORD", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "password" + } + } + }, + { + "name": "SMTP_DOMAIN", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "domain" + } + } + }, + { + "name": "SMTP_PORT", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "port" + } + } + }, + { + "name": "SMTP_AUTHENTICATION", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "authentication" + } + } + }, + { + "name": "SMTP_OPENSSL_VERIFY_MODE", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "openssl.verify.mode" + } + } + }, + { + "name": "BACKEND_ROUTE", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + } + ], + "image": "3scale-amp20/system:1.0-2", + "imagePullPolicy": "IfNotPresent", + "command": [ + "env", + "TENANT_MODE=provider", + "PORT=3000", + "container-entrypoint", + "bundle", + "exec", + "unicorn", + "-c", + "config/unicorn.rb" + ], + "name": "system-provider", + "livenessProbe": { + "timeoutSeconds": 10, + "initialDelaySeconds": 20, + "tcpSocket": { + "port": "provider" + }, + "periodSeconds": 10 + }, + "readinessProbe": { + "httpGet": { + "path": "/check.txt", + "port": "provider", + "scheme": "HTTP", + "httpHeaders": [ + { + "name": "X-Forwarded-Proto", + "value": "https" + } + ] + }, + "initialDelaySeconds": 30, + "timeoutSeconds": 10, + "periodSeconds": 30 + }, + "ports": [ + { + "containerPort": 3000, + "protocol": "TCP", + "name": "provider" + } + ], + "volumeMounts": [ + { + "name": "system-storage", + "mountPath": "/opt/system/public/system" + } + ] + }, + { + "args": null, + "env": [ + { + "name": "RAILS_ENV", + "value": "production" + }, + { + "name": "DATABASE_URL", + "value": "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" + }, + { + "name": "FORCE_SSL", + "value": "true" + }, + { + "name": "THREESCALE_SUPERDOMAIN", + "value": "${WILDCARD_DOMAIN}" + }, + { + "name": "TENANT_NAME", + "value": "${TENANT_NAME}" + }, + { + "name": "APICAST_ACCESS_TOKEN", + "value": "${APICAST_ACCESS_TOKEN}" + }, + { + "name": "ADMIN_ACCESS_TOKEN", + "value": "${ADMIN_ACCESS_TOKEN}" + }, + { + "name": "PROVIDER_PLAN", + "value": "enterprise" + }, + { + "name": "USER_LOGIN", + "value": "${ADMIN_USERNAME}" + }, + { + "name": "USER_PASSWORD", + "value": "${ADMIN_PASSWORD}" + }, + { + "name": "RAILS_LOG_TO_STDOUT", + "value": "true" + }, + { + "name": "RAILS_LOG_LEVEL", + "value": "info" + }, + { + "name": "THINKING_SPHINX_ADDRESS", + "value": "system-sphinx" + }, + { + "name": "THINKING_SPHINX_PORT", + "value": "9306" + }, + { + "name": "THINKING_SPHINX_CONFIGURATION_FILE", + "value": "/tmp/sphinx.conf" + }, + { + "name": "EVENTS_SHARED_SECRET", + "value": "${SYSTEM_BACKEND_SHARED_SECRET}" + }, + { + "name": "THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE", + "value": "VERIFY_NONE" + }, + { + "name": "APICAST_BACKEND_ROOT_ENDPOINT", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + }, + { + "name": "CONFIG_INTERNAL_API_USER", + "value": "${SYSTEM_BACKEND_USERNAME}" + }, + { + "name": "CONFIG_INTERNAL_API_PASSWORD", + "value": "${SYSTEM_BACKEND_PASSWORD}" + }, + { + "name": "SECRET_KEY_BASE", + "value": "${SYSTEM_APP_SECRET_KEY_BASE}" + }, + { + "name": "AMP_RELEASE", + "value": "${AMP_RELEASE}" + }, + { + "name": "SMTP_ADDRESS", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "address" + } + } + }, + { + "name": "SMTP_USER_NAME", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "username" + } + } + }, + { + "name": "SMTP_PASSWORD", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "password" + } + } + }, + { + "name": "SMTP_DOMAIN", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "domain" + } + } + }, + { + "name": "SMTP_PORT", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "port" + } + } + }, + { + "name": "SMTP_AUTHENTICATION", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "authentication" + } + } + }, + { + "name": "SMTP_OPENSSL_VERIFY_MODE", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "openssl.verify.mode" + } + } + }, + { + "name": "BACKEND_ROUTE", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + } + ], + "image": "3scale-amp20/system:1.0-2", + "command": [ + "env", + "TENANT_MODE=developer", + "PORT=3001", + "container-entrypoint", + "bundle", + "exec", + "unicorn", + "-c", + "config/unicorn.rb" + ], + "imagePullPolicy": "IfNotPresent", + "name": "system-developer", + "livenessProbe": { + "timeoutSeconds": 10, + "initialDelaySeconds": 20, + "tcpSocket": { + "port": "developer" + }, + "periodSeconds": 10 + }, + "readinessProbe": { + "httpGet": { + "path": "/check.txt", + "port": "developer", + "scheme": "HTTP", + "httpHeaders": [ + { + "name": "X-Forwarded-Proto", + "value": "https" + } + ] + }, + "initialDelaySeconds": 30, + "timeoutSeconds": 10, + "periodSeconds": 30 + }, + "ports": [ + { + "containerPort": 3001, + "protocol": "TCP", + "name": "developer" + } + ], + "volumeMounts": [ + { + "name": "system-storage", + "mountPath": "/opt/system/public/system", + "readOnly": true + } + ] + } + ], + "volumes": [ + { + "name": "system-storage", + "persistentVolumeClaim": { + "claimName": "system-storage" + } + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "system-resque" + }, + "spec": { + "replicas": 0, + "selector": { + "name": "system-resque" + }, + "strategy": { + "rollingParams": { + "intervalSeconds": 1, + "maxSurge": "25%", + "maxUnavailable": "25%", + "timeoutSeconds": 600, + "updatePeriodSeconds": 1 + }, + "type": "Rolling" + }, + "template": { + "metadata": { + "labels": { + "name": "system-resque" + } + }, + "spec": { + "containers": [ + { + "args": [ + "rake", + "resque:work", + "QUEUE=*" + ], + "env": [ + { + "name": "RAILS_ENV", + "value": "production" + }, + { + "name": "DATABASE_URL", + "value": "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" + }, + { + "name": "FORCE_SSL", + "value": "true" + }, + { + "name": "THREESCALE_SUPERDOMAIN", + "value": "${WILDCARD_DOMAIN}" + }, + { + "name": "TENANT_NAME", + "value": "${TENANT_NAME}" + }, + { + "name": "APICAST_ACCESS_TOKEN", + "value": "${APICAST_ACCESS_TOKEN}" + }, + { + "name": "ADMIN_ACCESS_TOKEN", + "value": "${ADMIN_ACCESS_TOKEN}" + }, + { + "name": "PROVIDER_PLAN", + "value": "enterprise" + }, + { + "name": "USER_LOGIN", + "value": "${ADMIN_USERNAME}" + }, + { + "name": "USER_PASSWORD", + "value": "${ADMIN_PASSWORD}" + }, + { + "name": "RAILS_LOG_TO_STDOUT", + "value": "true" + }, + { + "name": "RAILS_LOG_LEVEL", + "value": "info" + }, + { + "name": "THINKING_SPHINX_ADDRESS", + "value": "system-sphinx" + }, + { + "name": "THINKING_SPHINX_PORT", + "value": "9306" + }, + { + "name": "THINKING_SPHINX_CONFIGURATION_FILE", + "value": "/tmp/sphinx.conf" + }, + { + "name": "EVENTS_SHARED_SECRET", + "value": "${SYSTEM_BACKEND_SHARED_SECRET}" + }, + { + "name": "THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE", + "value": "VERIFY_NONE" + }, + { + "name": "APICAST_BACKEND_ROOT_ENDPOINT", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + }, + { + "name": "CONFIG_INTERNAL_API_USER", + "value": "${SYSTEM_BACKEND_USERNAME}" + }, + { + "name": "CONFIG_INTERNAL_API_PASSWORD", + "value": "${SYSTEM_BACKEND_PASSWORD}" + }, + { + "name": "SECRET_KEY_BASE", + "value": "${SYSTEM_APP_SECRET_KEY_BASE}" + }, + { + "name": "AMP_RELEASE", + "value": "${AMP_RELEASE}" + }, + { + "name": "SMTP_ADDRESS", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "address" + } + } + }, + { + "name": "SMTP_USER_NAME", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "username" + } + } + }, + { + "name": "SMTP_PASSWORD", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "password" + } + } + }, + { + "name": "SMTP_DOMAIN", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "domain" + } + } + }, + { + "name": "SMTP_PORT", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "port" + } + } + }, + { + "name": "SMTP_AUTHENTICATION", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "authentication" + } + } + }, + { + "name": "SMTP_OPENSSL_VERIFY_MODE", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "openssl.verify.mode" + } + } + }, + { + "name": "BACKEND_ROUTE", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + } + ], + "image": "3scale-amp20/system:1.0-2", + "imagePullPolicy": "IfNotPresent", + "name": "system-resque", + "volumeMounts": [ + { + "name": "system-storage", + "mountPath": "/opt/system/public/system" + } + ] + }, + { + "args": [ + "rake", + "resque:scheduler", + "QUEUE=*" + ], + "env": [ + { + "name": "RAILS_ENV", + "value": "production" + }, + { + "name": "DATABASE_URL", + "value": "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" + }, + { + "name": "FORCE_SSL", + "value": "true" + }, + { + "name": "THREESCALE_SUPERDOMAIN", + "value": "${WILDCARD_DOMAIN}" + }, + { + "name": "TENANT_NAME", + "value": "${TENANT_NAME}" + }, + { + "name": "APICAST_ACCESS_TOKEN", + "value": "${APICAST_ACCESS_TOKEN}" + }, + { + "name": "ADMIN_ACCESS_TOKEN", + "value": "${ADMIN_ACCESS_TOKEN}" + }, + { + "name": "PROVIDER_PLAN", + "value": "enterprise" + }, + { + "name": "USER_LOGIN", + "value": "${ADMIN_USERNAME}" + }, + { + "name": "USER_PASSWORD", + "value": "${ADMIN_PASSWORD}" + }, + { + "name": "RAILS_LOG_TO_STDOUT", + "value": "true" + }, + { + "name": "RAILS_LOG_LEVEL", + "value": "info" + }, + { + "name": "THINKING_SPHINX_ADDRESS", + "value": "system-sphinx" + }, + { + "name": "THINKING_SPHINX_PORT", + "value": "9306" + }, + { + "name": "THINKING_SPHINX_CONFIGURATION_FILE", + "value": "/tmp/sphinx.conf" + }, + { + "name": "EVENTS_SHARED_SECRET", + "value": "${SYSTEM_BACKEND_SHARED_SECRET}" + }, + { + "name": "THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE", + "value": "VERIFY_NONE" + }, + { + "name": "APICAST_BACKEND_ROOT_ENDPOINT", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + }, + { + "name": "CONFIG_INTERNAL_API_USER", + "value": "${SYSTEM_BACKEND_USERNAME}" + }, + { + "name": "CONFIG_INTERNAL_API_PASSWORD", + "value": "${SYSTEM_BACKEND_PASSWORD}" + }, + { + "name": "SECRET_KEY_BASE", + "value": "${SYSTEM_APP_SECRET_KEY_BASE}" + }, + { + "name": "AMP_RELEASE", + "value": "${AMP_RELEASE}" + }, + { + "name": "SMTP_ADDRESS", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "address" + } + } + }, + { + "name": "SMTP_USER_NAME", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "username" + } + } + }, + { + "name": "SMTP_PASSWORD", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "password" + } + } + }, + { + "name": "SMTP_DOMAIN", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "domain" + } + } + }, + { + "name": "SMTP_PORT", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "port" + } + } + }, + { + "name": "SMTP_AUTHENTICATION", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "authentication" + } + } + }, + { + "name": "SMTP_OPENSSL_VERIFY_MODE", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "openssl.verify.mode" + } + } + }, + { + "name": "BACKEND_ROUTE", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + } + ], + "image": "3scale-amp20/system:1.0-2", + "imagePullPolicy": "IfNotPresent", + "name": "system-scheduler" + } + ], + "volumes": [ + { + "name": "system-storage", + "persistentVolumeClaim": { + "claimName": "system-storage" + } + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "apiVersion": "v1", + "kind": "DeploymentConfig", + "metadata": { + "name": "system-sidekiq" + }, + "spec": { + "replicas": 0, + "selector": { + "name": "system-sidekiq" + }, + "strategy": { + "rollingParams": { + "intervalSeconds": 1, + "maxSurge": "25%", + "maxUnavailable": "25%", + "timeoutSeconds": 600, + "updatePeriodSeconds": 1 + }, + "type": "Rolling" + }, + "template": { + "metadata": { + "labels": { + "name": "system-sidekiq" + } + }, + "spec": { + "containers": [ + { + "args": [ + "rake", + "sidekiq:worker" + ], + "env": [ + { + "name": "RAILS_ENV", + "value": "production" + }, + { + "name": "DATABASE_URL", + "value": "mysql2://root:${MYSQL_ROOT_PASSWORD}@system-mysql/${MYSQL_DATABASE}" + }, + { + "name": "FORCE_SSL", + "value": "true" + }, + { + "name": "THREESCALE_SUPERDOMAIN", + "value": "${WILDCARD_DOMAIN}" + }, + { + "name": "TENANT_NAME", + "value": "${TENANT_NAME}" + }, + { + "name": "APICAST_ACCESS_TOKEN", + "value": "${APICAST_ACCESS_TOKEN}" + }, + { + "name": "ADMIN_ACCESS_TOKEN", + "value": "${ADMIN_ACCESS_TOKEN}" + }, + { + "name": "PROVIDER_PLAN", + "value": "enterprise" + }, + { + "name": "USER_LOGIN", + "value": "${ADMIN_USERNAME}" + }, + { + "name": "USER_PASSWORD", + "value": "${ADMIN_PASSWORD}" + }, + { + "name": "RAILS_LOG_TO_STDOUT", + "value": "true" + }, + { + "name": "RAILS_LOG_LEVEL", + "value": "info" + }, + { + "name": "THINKING_SPHINX_ADDRESS", + "value": "system-sphinx" + }, + { + "name": "THINKING_SPHINX_PORT", + "value": "9306" + }, + { + "name": "THINKING_SPHINX_CONFIGURATION_FILE", + "value": "/tmp/sphinx.conf" + }, + { + "name": "EVENTS_SHARED_SECRET", + "value": "${SYSTEM_BACKEND_SHARED_SECRET}" + }, + { + "name": "THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE", + "value": "VERIFY_NONE" + }, + { + "name": "APICAST_BACKEND_ROOT_ENDPOINT", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + }, + { + "name": "CONFIG_INTERNAL_API_USER", + "value": "${SYSTEM_BACKEND_USERNAME}" + }, + { + "name": "CONFIG_INTERNAL_API_PASSWORD", + "value": "${SYSTEM_BACKEND_PASSWORD}" + }, + { + "name": "SECRET_KEY_BASE", + "value": "${SYSTEM_APP_SECRET_KEY_BASE}" + }, + { + "name": "AMP_RELEASE", + "value": "${AMP_RELEASE}" + }, + { + "name": "SMTP_ADDRESS", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "address" + } + } + }, + { + "name": "SMTP_USER_NAME", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "username" + } + } + }, + { + "name": "SMTP_PASSWORD", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "password" + } + } + }, + { + "name": "SMTP_DOMAIN", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "domain" + } + } + }, + { + "name": "SMTP_PORT", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "port" + } + } + }, + { + "name": "SMTP_AUTHENTICATION", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "authentication" + } + } + }, + { + "name": "SMTP_OPENSSL_VERIFY_MODE", + "valueFrom": { + "configMapKeyRef": { + "name": "smtp", + "key": "openssl.verify.mode" + } + } + }, + { + "name": "BACKEND_ROUTE", + "value": "https://backend-${TENANT_NAME}.${WILDCARD_DOMAIN}" + } + ], + "image": "3scale-amp20/system:1.0-2", + "imagePullPolicy": "IfNotPresent", + "name": "system-sidekiq", + "volumeMounts": [ + { + "name": "system-storage", + "mountPath": "/opt/system/public/system" + } + ] + } + ], + "volumes": [ + { + "name": "system-storage", + "persistentVolumeClaim": { + "claimName": "system-storage" + } + } + ] + } + }, + "triggers": [ + { + "type": "ConfigChange" + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "system-mysql" + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ConfigChange" + } + ], + "replicas": 0, + "selector": { + "name": "system-mysql" + }, + "template": { + "metadata": { + "labels": { + "name": "system-mysql" + } + }, + "spec": { + "containers": [ + { + "name": "system-mysql", + "image": "${MYSQL_IMAGE}", + "ports": [ + { + "containerPort": 3306, + "protocol": "TCP" + } + ], + "resources": { + "limits": { + "memory": "2Gi" + }, + "requests": { + "cpu": "1", + "memory": "1Gi" + } + }, + "readinessProbe": { + "timeoutSeconds": 5, + "initialDelaySeconds": 10, + "periodSeconds": 30, + "exec": { + "command": [ + "/bin/sh", + "-i", + "-c", + "MYSQL_PWD=\"$MYSQL_PASSWORD\" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1'" + ] + } + }, + "livenessProbe": { + "initialDelaySeconds": 30, + "periodSeconds": 10, + "tcpSocket": { + "port": 3306 + } + }, + "env": [ + { + "name": "MYSQL_USER", + "value": "${MYSQL_USER}" + }, + { + "name": "MYSQL_PASSWORD", + "value": "${MYSQL_PASSWORD}" + }, + { + "name": "MYSQL_DATABASE", + "value": "${MYSQL_DATABASE}" + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "value": "${MYSQL_ROOT_PASSWORD}" + }, + { + "name": "MYSQL_LOWER_CASE_TABLE_NAMES", + "value": "1" + } + ], + "volumeMounts": [ + { + "name": "mysql-storage", + "mountPath": "/var/lib/mysql/data" + } + ], + "imagePullPolicy": "IfNotPresent" + } + ], + "volumes": [ + { + "name": "mysql-storage", + "persistentVolumeClaim": { + "claimName": "mysql-storage" + } + } + ] + } + } + } + }, + { + "kind": "ConfigMap", + "apiVersion": "v1", + "metadata": { + "name": "redis-config" + }, + "data": { + "redis.conf": "protected-mode no\n\nport 6379\n\ntimeout 0\ntcp-keepalive 300\n\ndaemonize no\nsupervised no\n\nloglevel notice\n\ndatabases 16\n\nsave 900 1\nsave 300 10\nsave 60 10000\n\nstop-writes-on-bgsave-error yes\n\nrdbcompression yes\nrdbchecksum yes\n\ndbfilename dump.rdb\n\nslave-serve-stale-data yes\nslave-read-only yes\n\nrepl-diskless-sync no\nrepl-disable-tcp-nodelay no\n\nappendonly yes\nappendfilename \"appendonly.aof\"\nappendfsync everysec\nno-appendfsync-on-rewrite no\nauto-aof-rewrite-percentage 100\nauto-aof-rewrite-min-size 64mb\naof-load-truncated yes\n\nlua-time-limit 5000\n\nactiverehashing no\n\naof-rewrite-incremental-fsync yes\ndir /var/lib/redis/data\n" + } + }, + { + "kind": "ConfigMap", + "apiVersion": "v1", + "metadata": { + "name": "smtp" + }, + "data": { + "address": "", + "username": "", + "password": "", + "domain": "", + "port": "", + "authentication": "", + "openssl.verify.mode": "" + } + } + ], + "parameters": [ + { + "name": "AMP_RELEASE", + "description": "AMP release tag.", + "value": "2.0.0-CR2-redhat-1", + "required": true + }, + { + "name": "ADMIN_PASSWORD", + "required": true, + "generate": "expression", + "from": "[a-z0-9]{8}" + }, + { + "name": "ADMIN_USERNAME", + "value": "admin", + "required": true + }, + { + "name": "APICAST_ACCESS_TOKEN", + "required": true, + "generate": "expression", + "from": "[a-z0-9]{8}", + "description": "Read Only Access Token that is APIcast going to use to download its configuration." + }, + { + "name": "ADMIN_ACCESS_TOKEN", + "required": false, + "generate": "expression", + "from": "[a-z0-9]{16}", + "description": "Admin Access Token with all scopes and write permissions for API access." + }, + { + "name": "WILDCARD_DOMAIN", + "description": "Root domain for the wildcard routes. Eg. example.com will generate 3scale-admin.example.com.", + "required": true + }, + { + "name": "TENANT_NAME", + "description": "Tenant name under the root that Admin UI will be available with -admin suffix.", + "required": true, + "value": "3scale" + }, + { + "name": "MYSQL_USER", + "displayName": "MySQL User", + "description": "Username for MySQL user that will be used for accessing the database.", + "value": "mysql", + "required": true + }, + { + "name": "MYSQL_PASSWORD", + "displayName": "MySQL Password", + "description": "Password for the MySQL user.", + "generate": "expression", + "from": "[a-z0-9]{8}", + "required": true + }, + { + "name": "MYSQL_DATABASE", + "displayName": "MySQL Database Name", + "description": "Name of the MySQL database accessed.", + "value": "system", + "required": true + }, + { + "name": "MYSQL_ROOT_PASSWORD", + "displayName": "MySQL Root password.", + "description": "Password for Root user.", + "generate": "expression", + "from": "[a-z0-9]{8}", + "required": true + }, + { + "name": "SYSTEM_BACKEND_USERNAME", + "description": "Internal 3scale API username for internal 3scale api auth.", + "value": "3scale_api_user", + "required": true + }, + { + "name": "SYSTEM_BACKEND_PASSWORD", + "description": "Internal 3scale API password for internal 3scale api auth.", + "generate": "expression", + "from": "[a-z0-9]{8}", + "required": true + }, + { + "name": "REDIS_IMAGE", + "description": "Redis image to use", + "required": true, + "value": "rhscl/redis-32-rhel7:3.2-5.7" + }, + { + "name": "MYSQL_IMAGE", + "description": "Mysql image to use", + "required": true, + "value": "rhscl/mysql-56-rhel7:5.6-13.14" + }, + { + "name": "SYSTEM_BACKEND_SHARED_SECRET", + "description": "Shared secret to import events from backend to system.", + "generate": "expression", + "from": "[a-z0-9]{8}", + "required": true + }, + { + "name": "SYSTEM_APP_SECRET_KEY_BASE", + "description": "System application secret key base", + "generate": "expression", + "from": "[a-f0-9]{128}", + "required": true + }, + { + "name": "APICAST_MANAGEMENT_API", + "description": "Scope of the APIcast Management API. Can be disabled, status or debug. At least status required for health checks.", + "required": false, + "value": "status" + }, + { + "name": "APICAST_OPENSSL_VERIFY", + "description": "Turn on/off the OpenSSL peer verification when downloading the configuration. Can be set to true/false.", + "required": false, + "value": "false" + }, + { + "name": "APICAST_RESPONSE_CODES", + "description": "Enable logging response codes in APIcast.", + "value": "true", + "required": false + } + ] +} diff --git a/roles/3scale/files/get-default-templates.sh b/roles/3scale/files/get-default-templates.sh new file mode 100755 index 0000000..e25cc29 --- /dev/null +++ b/roles/3scale/files/get-default-templates.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# +# This script gets the original 3scale template, converts it to JSON and +# scale down the DeploymentConfig's replicas to 0. +# + +curl -s -o amp.yml https://raw.githubusercontent.com/3scale/3scale-amp-openshift-templates/2.0.0.GA/amp/amp.yml +yaml2json amp.yml |jq '(.objects[]|select(.kind== "DeploymentConfig").spec.replicas) |= 0' > amp.json diff --git a/roles/3scale/tasks/main.yml b/roles/3scale/tasks/main.yml new file mode 100644 index 0000000..0922db8 --- /dev/null +++ b/roles/3scale/tasks/main.yml @@ -0,0 +1,34 @@ +--- + + - name: Create an empty threescale_options variable if it does not exist + set_fact: + threescale_options: {} + when: threescale_options is not defined + tags: vars + + - name: Provision default values for the 3scale_options + set_fact: + threescale_options: "{{ threescale_default_options|combine(threescale_options) }}" + tags: vars + + - name: Get a list of existing projects + command: oc get projects -o name + register: oc_get_projects + + - name: Create a new project for 3scale + command: oc new-project "{{ threescale_options.project }}" + when: "project/" + threescale_options.project not in oc_get_projects.stdout_lines + + - name: Process the OpenShift Template and create the OpenShift objects for the hostpath-provisioner + shell: oc process -f "{{ threescale_options.template }}" -p "TENANT_NAME={{ threescale_options.tenant_name }}" -p "WILDCARD_DOMAIN={{ threescale_options.wildcard_domain }}" | oc create -f - -n "{{ threescale_options.project }}" + + - name: Get Admin Username + command: oc get dc system-app -n "{{ threescale_options.project }}" -o 'jsonpath={.spec.template.spec.containers[0].env[?(@.name=="USER_LOGIN")].value}' + register: username + + - name: Get Admin Password + command: oc get dc system-app -n "{{ threescale_options.project }}" -o 'jsonpath={.spec.template.spec.containers[0].env[?(@.name=="USER_PASSWORD")].value}' + register: password + + - name: 3scale is ready ! + debug: msg="Login on https://{{ threescale_options.tenant_name }}-admin.{{ threescale_options.wildcard_domain }} with username = '{{ username.stdout }}' and password = '{{ password.stdout }}'" diff --git a/roles/3scale/vars/main.yml b/roles/3scale/vars/main.yml new file mode 100644 index 0000000..41824dc --- /dev/null +++ b/roles/3scale/vars/main.yml @@ -0,0 +1,7 @@ +--- + + threescale_default_options: + template: https://raw.githubusercontent.com/nmasse-itix/OpenShift-Lab/master/roles/3scale/files/amp.json + project: 3scale + tenant_name: 3scale + wildcard_domain: "{{ openshift_master_default_subdomain }}"